 |
09-25-2006, 01:38 PM
|
#1 | ||
|
Favored Bitch #1
Join Date: Dec 2001
Location: homeless in NJ
|
hijack this logfile help
can anyone make sense of this and make some recomendations.
Logfile of HijackThis v1.99.1 Scan saved at 2:31:05 PM, on 9/25/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\msjava.exe C:\WINDOWS\Explorer.exe C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com R3 - Default URLSearchHook is missing F2 - REG:system.ini: Shell=Explorer.exe msjava.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,msjava.exe O2 - BHO: Zelda - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\System32\pfumc37.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [ViewMgr] "C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Alogserv] "C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe" O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1139782678\ee\AOLSoftware.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" O4 - HKLM\..\Run: [defender] C:\\dfndrff_e.exe O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_18.exe O4 - HKLM\..\Run: [sys02059432375] C:\WINDOWS\sys02059432375.exe O4 - HKLM\..\Run: [ovqwnmwA] C:\WINDOWS\ovqwnmwA.exe O4 - HKLM\..\Run: [jjt4f72b] "RUNDLL32.EXE" w0c33709.dll,n 0044f727000000030c33709 O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\nwinnpex.exe GEN001 O4 - HKLM\..\Run: [loaddr] C:\qlobvy.exe O4 - HKLM\..\Run: [stonedrv] c:\windows\system32\stonedrv.exe O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe" O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe" O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\wpkmmd.exe O4 - HKLM\..\Run: [Upnp] c:\qdgkp.exe O4 - HKLM\..\Run: [vepwvc] C:\WINDOWS\System32\wnlgve.exe reg_run O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [MSN Messanger] msnmsgsm.exe O4 - HKLM\..\RunServices: [Ms Java for Windows NT] msjava.exe O4 - HKLM\..\RunServices: [stonedrv] c:\windows\system32\stonedrv.exe O4 - HKLM\..\RunServices: [MSN Messanger] msnmsgsm.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\RunServices: [Ms Java for Windows NT] msjava.exe O4 - Global Startup: D-Link AirPlus.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing) O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing) O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing) O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk O9 - Extra 'Tools' menuitem: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.co...s/MsnPUpld.cab O20 - Winlogon Notify: Zelda - C:\WINDOWS\System32\pfumc37.dll O23 - Service: AVSync Manager (AvSynMgr) - Networks Associates Technologies, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing) O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe O23 - Service: Mouse Cursor Monitor (mousecrm) - Unknown owner - C:\WINDOWS\System32\mousecrm.exe O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing) O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe |
||
|
|
|
09-25-2006, 01:40 PM
|
#2 |
|
Bounty Hunter
Join Date: Oct 2000
Location: Pittsburgh, PA
|
Just to note, I'm at work for the next 3 hours, but I'd be happy to look it over when I get home. I'm not an expert on this sort of thing, but maybe I can be of some help. I'll try to look at it before 7pm ET tonight.
Edit to add: You may want to try posting that log in the Malware Removal forum at forums.spywareinfo.com. The folks over there are very helpful, although it could take them 3 or 4 days to respond. If you're going to post the log over there, I recommend unzipping HijackThis into its own directory and then re-running the scan. The helpers over there will not look at your log until you do that.
__________________
No, I am not Batman, and I will not repair your food processor. Last edited by Pumpy Tudors : 09-25-2006 at 01:42 PM. |
|
|
|
|
09-25-2006, 01:42 PM
|
#3 |
|
Favored Bitch #1
Join Date: Dec 2001
Location: homeless in NJ
|
thanks pumpy. I drove through greensburg yesterday.
|
|
|
|
|
09-25-2006, 01:43 PM
|
#4 | |
|
Bounty Hunter
Join Date: Oct 2000
Location: Pittsburgh, PA
|
Quote:
__________________
No, I am not Batman, and I will not repair your food processor. |
|
|
|
|
|
09-25-2006, 03:48 PM
|
#5 | |
|
Death Herald
Join Date: Nov 2000
Location: Le stelle la notte sono grandi e luminose nel cuore profondo del Texas
|
Quote:
The things I highlighted in bold are definitely tied to viruses/malware. If you Google just the file name (ie. qdgkp.exe) you can get more info on what they are and how to remove them.
__________________
Thinkin' of a master plan 'Cuz ain't nuthin' but sweat inside my hand So I dig into my pocket, all my money is spent So I dig deeper but still comin' up with lint Last edited by cartman : 09-25-2006 at 03:48 PM. |
|
|
|
|
|
09-25-2006, 11:20 PM
|
#6 |
|
Pro Starter
Join Date: Aug 2005
Location: Bethlehem, Pa
|
dude, just reformat the computer and reinstall windows at this point.
|
|
|
|
|
09-26-2006, 02:28 PM
|
#7 |
|
Bounty Hunter
Join Date: Oct 2000
Location: Pittsburgh, PA
|
Sorry, I completely forgot about this. I'll try to remember to look at this tonight.
__________________
No, I am not Batman, and I will not repair your food processor. |
|
|
|
|
09-26-2006, 09:24 PM
|
#8 |
|
Bounty Hunter
Join Date: Oct 2000
Location: Pittsburgh, PA
|
I'm looking this over right now.
__________________
No, I am not Batman, and I will not repair your food processor. |
|
|
|
|
09-26-2006, 09:37 PM
|
#9 |
|
Bounty Hunter
Join Date: Oct 2000
Location: Pittsburgh, PA
|
Agh. I'm afraid this is going to take me longer than I have tonight. Sorry. I do highly recommend posting a fresh log at forums.spywareinfo.com, though, because they could give you much more thorough help than I could anyway. cartman is right on with his assessment, though. You do need to get those items removed (the ones he bolded).
__________________
No, I am not Batman, and I will not repair your food processor. |
|
|
|
|
09-26-2006, 09:38 PM
|
#10 |
|
Favored Bitch #1
Join Date: Dec 2001
Location: homeless in NJ
|
thanks pumpy. don't go to alot of trouble, i am getting it worked out.
|
|
|
|
 |
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | |
|
|
