Silly viruses... HJT log

[WutangFlu]

erhm yeah.. :( got one, or more...

 

i dont have a anti-virus, so what are some good free ones?

 

 

 

 

 

Logfile of HijackThis v1.99.1

 

Scan saved at 7:04:26 AM, on 6/17/2006

 

Platform: Windows XP SP2 (WinNT 5.01.2600)

 

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

 

 

Running processes:

 

C:\WINDOWS\System32\smss[Caution: Executable File]

 

C:\WINDOWS\system32\winlogon[Caution: Executable File]

 

C:\WINDOWS\system32\services[Caution: Executable File]

 

C:\WINDOWS\system32\lsass[Caution: Executable File]

 

C:\WINDOWS\system32\svchost[Caution: Executable File]

 

C:\WINDOWS\System32\svchost[Caution: Executable File]

 

C:\WINDOWS\system32\LEXBCES[Caution: Executable File]

 

C:\WINDOWS\system32\LEXPPS[Caution: Executable File]

 

C:\WINDOWS\system32\spoolsv[Caution: Executable File]

 

C:\WINDOWS\System32\svchost[Caution: Executable File]

 

C:\WINDOWS\system32\svchost[Caution: Executable File]

 

C:\WINDOWS\system32\wscntfy[Caution: Executable File]

 

C:\WINDOWS\Explorer[Caution: Executable File]

 

C:\Program Files\Trillian Pro\trillian[Caution: Executable File]

 

C:\Program Files\Opera\html40_entities[Caution: Executable File]

 

C:\Documents and Settings\Pink Floyd\My Documents\Misc\Sys-tools\HijackThis[Caution: Executable File]

 

 

 

F2 - REG:system.ini: UserInit=userinit[Caution: Executable File],lyccpkq[Caution: Executable File]

 

O2 - BHO: CFG32S - {7564B020-44E8-4c9b-A887-C6EC41AC67DA} - C:\WINDOWS\cfg32r.dll

 

O2 - BHO: Yvakt Class - {AE0ECC2F-0C33-494C-8B22-B57A7763027F} - C:\WINDOWS\system32\x3cqp0.dll (file missing)

 

O2 - BHO: Scaggy Insert - {C68AE9C0-0909-4DDC-B661-C1AFB9F59898} - C:\WINDOWS\cfg32o.dll

 

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

 

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig[Caution: Executable File] /auto

 

O4 - Startup: Trillian.lnk = C:\Program Files\Trillian Pro\trillian[Caution: Executable File]

 

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

 

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

 

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html

 

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

 

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

 

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

 

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

 

O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)

 

O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)

 

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab

 

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab

 

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab

 

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab

 

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

 

O20 - Winlogon Notify: Extensions - C:\WINDOWS\system32\nNrrhook.dll (file missing)

 

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT[Caution: Executable File]

 

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES[Caution: Executable File]

[WutangFlu]

New HJT log after a few more scans..

 

 

 

 

 

Logfile of HijackThis v1.99.1

 

Scan saved at 8:55:11 AM, on 6/17/2006

 

Platform: Windows XP SP2 (WinNT 5.01.2600)

 

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

 

 

Running processes:

 

C:\WINDOWS\System32\smss[Caution: Executable File]

 

C:\WINDOWS\system32\winlogon[Caution: Executable File]

 

C:\WINDOWS\system32\services[Caution: Executable File]

 

C:\WINDOWS\system32\lsass[Caution: Executable File]

 

C:\WINDOWS\system32\svchost[Caution: Executable File]

 

C:\WINDOWS\System32\svchost[Caution: Executable File]

 

C:\WINDOWS\system32\LEXBCES[Caution: Executable File]

 

C:\WINDOWS\system32\LEXPPS[Caution: Executable File]

 

C:\WINDOWS\system32\spoolsv[Caution: Executable File]

 

C:\PROGRA~1\Grisoft\AVG7\avgamsvr[Caution: Executable File]

 

C:\WINDOWS\Explorer[Caution: Executable File]

 

C:\PROGRA~1\Grisoft\AVG7\avgupsvc[Caution: Executable File]

 

C:\PROGRA~1\Grisoft\AVG7\avgemc[Caution: Executable File]

 

C:\WINDOWS\System32\svchost[Caution: Executable File]

 

C:\WINDOWS\system32\svchost[Caution: Executable File]

 

C:\Program Files\Trillian Pro\trillian[Caution: Executable File]

 

C:\Program Files\Opera\english[Caution: Executable File]

 

C:\WINDOWS\system32\wscntfy[Caution: Executable File]

 

C:\Program Files\ipwins\ipwins[Caution: Executable File]

 

C:\Program Files\Internet Explorer\IEXPLORE[Caution: Executable File]

 

C:\Documents and Settings\Pink Floyd\My Documents\Misc\Sys-tools\HijackThis[Caution: Executable File]

 

 

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.deviantart.com/

 

F2 - REG:system.ini: UserInit=userinit[Caution: Executable File],lyccpkq[Caution: Executable File]

 

O2 - BHO: CFG32S - {7564B020-44E8-4c9b-A887-C6EC41AC67DA} - C:\WINDOWS\cfg32r.dll (file missing)

 

O2 - BHO: Yvakt Class - {AE0ECC2F-0C33-494C-8B22-B57A7763027F} - C:\WINDOWS\system32\x3cqp0.dll (file missing)

 

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

 

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig[Caution: Executable File] /auto

 

O4 - HKLM\..\Run: [ipWins] C:\Program Files\ipwins\ipwins[Caution: Executable File]

 

O4 - Startup: Trillian.lnk = C:\Program Files\Trillian Pro\trillian[Caution: Executable File]

 

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

 

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

 

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html

 

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

 

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

 

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

 

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

 

O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)

 

O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)

 

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab

 

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab

 

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab

 

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab

 

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

 

O20 - Winlogon Notify: Extensions - C:\WINDOWS\system32\nNrrhook.dll (file missing)

 

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr[Caution: Executable File]

 

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc[Caution: Executable File]

 

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc[Caution: Executable File]

 

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT[Caution: Executable File]

 

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES[Caution: Executable File]

[deloriagod]

I use avast! Antivirus... It's free, I just need to re-register mine.

[Albosky]

Avast is a piece of crap, you couldnt imagine the amount of things and either cant find, cant clean , cant remove, etc

 

 

 

if you arent willing to pay for a decent Antivirus , at least download AVG, it sort of does its job

[WutangFlu]

i did the avg trial :S

 

 

 

150 objects aargh... got rid of all but 18

 

im gunna go into safemode again sometime today and do another scan with spybot, adaware, and AVG and see if i cant get rid of whats left

 

 

 

*no i was suprisingly NOT downloading pr0n!

[nvw08]

Avast is a piece of crap, you couldnt imagine the amount of things and either cant find, cant clean , cant remove, etc

 

 

 

if you arent willing to pay for a decent Antivirus , at least download AVG, it sort of does its job

 

 

 

+1, I had a friend that told me it was excelent, about the time I realized how dangerous the internet was. I had it for about a year then I switched to my current software, Zone Labs. When i did the scan initially on Zone Labs, it found numerous viruses :x

[st_laflahae]

Clicky here. - Its AVG Free. It does the job, and its free. Its not as good as McAfee or some others, but its still good.

 

 

 

If you're going to pay for an antivirus, get McAfee Security Centre. Nothing else is even worth thinking about. Norton Sucks, so does Sophos, and Avast.

[slayerspud]

get norton it is around $30. Most service providers are now offering norton and things for free.

[tunaboy692004]

in my past experiences, AVG free picks up more items then norton does. I alwasy scan with norton first, and remove the items found, then scan with avg. And it alwasy seems AVG finds quite a bit more dangerous items then norton does. But either way, avg free is a great program for the price you pay.

[st_laflahae]

get norton it is around $30. Most service providers are now offering norton and things for free.

 

 

 

No. Just dont.

 

 

 

If you dont have money, use AVG Free.

 

If you have money, use McAfee Home Edition.

 

If you have lots of money, use McAfee Enterprise Edition, because its absolutely Ownage. (I actually got it because my dad's work has a special license for it.)