ComputerForum.com ComputerForum.com  

Go Back   Computer Forum > Computer Software > Computer Security

 
 
LinkBack Thread Tools Search this Thread Display Modes
Prev Previous Post   Next Post Next
Old 09-16-2006, 04:11 PM   #1 (permalink)
Gold Member
 
Join Date: Aug 2006
Location: ottawa, canada
Posts: 465
Default HELP HJT log

This is my HJT log, any help would be great = D

Logfile of HijackThis v1.99.1
Scan saved at 10:05:52 AM, on 9/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Updater.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG121 Configuration Utility\wlancfg8.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Matthew April\My Documents\My Received Files\anti-spy\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ca.red.clientapps.yahoo.com/c.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: HomepageBHO - {1ca480cd-c0e5-4548-874e-b85b17905b3a} - C:\WINDOWS\system32\hpB3EE.tmp (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: BigMeanGorilla.MadAsHell - {FBD2EBD0-E6DF-456E-B300-A4D10A90C683} - C:\WINDOWS\system32\{FBD2EBD0-E6DF-456E-B300-A4D10A90C683}.dll (file missing)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0. dll (file missing)
O3 - Toolbar: Search - {215303D2-42B9-A7EC-7414-5630B3DD8F1A} - C:\WINDOWS\Cagxrcfg.dll (file missing)
O3 - Toolbar: (no name) - {00000000-0000-0000-0000-000000000001} - (no file)
O4 - HKLM\..\Run: [Zfkj] C:\WINDOWS\xfqub.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [lfsqbiqafb] C:\WINDOWS\System32\wqupxsmg.exe
O4 - HKLM\..\Run: [kjefel] C:\WINDOWS\kjefel.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [inhttpw] C:\WINDOWS\System32\inhttpw.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [bO²ùð[×y-¯Œ] C:\WINDOWS\xfqub.exe
O4 - HKLM\..\Run: [bO²ùðZ×y-¯Œ] C:\WINDOWS\xfqub.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [wshatm] "C:\WINDOWS\system32\wshatm.exe"
O4 - HKCU\..\Run: [wmpencen] "C:\WINDOWS\system32\wmpencen.exe"
O4 - HKCU\..\Run: [wlnotify] "C:\WINDOWS\system32\wlnotify.exe"
O4 - HKCU\..\Run: [vxblock] "C:\WINDOWS\system32\vxblock.exe"
O4 - HKCU\..\Run: [version] C:\WINDOWS\System32\version.exe
O4 - HKCU\..\Run: [SpyTrooper]
O4 - HKCU\..\Run: [shfolder] "C:\WINDOWS\system32\shfolder.exe"
O4 - HKCU\..\Run: [shell32] "C:\WINDOWS\system32\shell32.exe"
O4 - HKCU\..\Run: [shdocvw] "C:\WINDOWS\system32\shdocvw.exe"
O4 - HKCU\..\Run: [s3gnb] "C:\WINDOWS\system32\s3gnb.exe"
O4 - HKCU\..\Run: [raschap] "C:\Documents and Settings\Matthew April\raschap.exe"
O4 - HKCU\..\Run: [netcfgx] "C:\WINDOWS\system32\netcfgx.exe"
O4 - HKCU\..\Run: [netapi] "C:\WINDOWS\system32\netapi.exe"
O4 - HKCU\..\Run: [msxbde40] "C:\WINDOWS\system32\msxbde40.exe"
O4 - HKCU\..\Run: [kbduzb] "C:\WINDOWS\system32\kbduzb.exe"
O4 - HKCU\..\Run: [kbdus] "C:\WINDOWS\system32\kbdus.exe"
O4 - HKCU\..\Run: [kbdinbe1] "C:\WINDOWS\system32\kbdinbe1.exe"
O4 - HKCU\..\Run: [kbdhe] "C:\WINDOWS\system32\kbdhe.exe"
O4 - HKCU\..\Run: [jgmd400] "C:\WINDOWS\system32\jgmd400.exe"
O4 - HKCU\..\Run: [ir41_qcx] "C:\WINDOWS\system32\ir41_qcx.exe"
O4 - HKCU\..\Run: [infosoft] "C:\WINDOWS\system32\infosoft.exe"
O4 - HKCU\..\Run: [inetclnt] "C:\WINDOWS\system32\inetclnt.exe"
O4 - HKCU\..\Run: [hsfcisp2] "C:\WINDOWS\system32\hsfcisp2.exe"
O4 - HKCU\..\Run: [fkfw] C:\PROGRA~1\COMMON~1\fkfw\fkfwm.exe
O4 - HKCU\..\Run: [eventcls] "C:\WINDOWS\system32\eventcls.exe"
O4 - HKCU\..\Run: [dmband] "C:\WINDOWS\system32\dmband.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cscui] "C:\Documents and Settings\Matthew April\cscui.exe"
O4 - HKCU\..\Run: [iprtcnst] "C:\WINDOWS\system32\iprtcnst.exe"
O4 - HKCU\..\Run: [atiicdxx] "C:\WINDOWS\system32\atiicdxx.exe"
O4 - HKCU\..\Run: [rmoc3260] "C:\WINDOWS\system32\rmoc3260.exe"
O4 - HKCU\..\Run: [getuname] "C:\WINDOWS\system32\getuname.exe"
O4 - HKCU\..\Run: [vdmdbg] "C:\WINDOWS\system32\vdmdbg.exe"
O4 - HKCU\..\Run: [resutils] "C:\WINDOWS\system32\resutils.exe"
O4 - HKCU\..\Run: [lftif11n] "C:\WINDOWS\system32\lftif11n.exe"
O4 - HKCU\..\Run: [uniplat] "C:\WINDOWS\system32\uniplat.exe"
O4 - HKCU\..\Run: [msr2cenu] "C:\WINDOWS\system32\msr2cenu.exe"
O4 - HKCU\..\Run: [mmcbase] "C:\WINDOWS\system32\mmcbase.exe"
O4 - HKCU\..\Run: [msorc32r] "C:\WINDOWS\system32\msorc32r.exe"
O4 - HKCU\..\Run: [wmiprop] "C:\WINDOWS\system32\wmiprop.exe"
O4 - HKCU\..\Run: [dmscript] "C:\WINDOWS\system32\dmscript.exe"
O4 - HKCU\..\Run: [wmerror] "C:\WINDOWS\system32\wmerror.exe"
O4 - HKCU\..\Run: [qasf] "C:\WINDOWS\system32\qasf.exe"
O4 - HKCU\..\Run: [6to4svc] "C:\WINDOWS\system32\6to4svc.exe"
O4 - HKCU\..\Run: [dpwsock] "C:\WINDOWS\system32\dpwsock.exe"
O4 - HKCU\..\Run: [kbdir] "C:\WINDOWS\system32\kbdir.exe"
O4 - HKCU\..\Run: [mmutilse] "C:\WINDOWS\system32\mmutilse.exe"
O4 - HKCU\..\Run: [pjlmon] "C:\WINDOWS\system32\pjlmon.exe"
O4 - HKCU\..\Run: [crypt32] "C:\WINDOWS\system32\crypt32.exe"
O4 - HKCU\..\Run: [dispex] "C:\WINDOWS\system32\dispex.exe"
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = C:\Program Files\NETGEAR\WG121 Configuration Utility\wlancfg8.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Rogers Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www3.ca.com/securityadvisor/p...n/pestscan.cab
O16 - DPF: {563EC66E-5A1B-51D2-1DB0-5080C83DA4EB} - ms-its:mhtml:file://C:ie.mht!http://69.50.164.12/exp/mht/sext02.c...aInstaller.exe
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/instal...sinstaller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: SMDEn - C:\WINDOWS\system32\pychdprf.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
HELP_ME is offline   Reply With Quote


 

Bookmarks

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
HJT log 34erd Computer Security 5 08-10-2006 02:04 PM
HJT log 34erd Computer Security 11 06-16-2006 06:12 AM
HJT Log what is it? zeneena Computer Security 10 12-08-2005 12:11 AM
HJT log file phantom Computer Security 9 12-05-2005 04:33 AM
Post #1 HJT Log (too long for one post) 354 Computer Security 8 08-16-2005 12:02 AM


All times are GMT +1. The time now is 09:24 AM.


Powered by: vBulletin Version 3.8.4
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.0 ©2009, Crawlability, Inc.