Help - Search - Members - Calendar
Full Version: Help me plz
Gladiator Security Forum > Malware Help Forum > HELP! Think you are Infected?
XxSEEDxX
Dec 8 2005, 11:56 PM
help.....slow down on computer....unusual pop up on desktop.
please help me......
thanks.....



here is a log that i got form hijackthis


Logfile of HijackThis v1.99.1
Scan saved at 6:50:58 PM, on 12/8/05
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMPAQ\EASYAC~1\BTTNSERV.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe
C:\Program Files\Microsoft Office\Osa.exe
C:\Program Files\Iomega\Tools\IMGICON.exe
C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE
C:\Program Files\CompuServe 7.0\wcs2000.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Hijack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirec...searchbar&i=ENB
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirec...&s=search&i=enu
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://jump.altavista.com/avie5/homebutton
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirec...&s=search&i=enu
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.presario.net/scripts/redirec...searchbar&i=enu
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.presario.net/scripts/redirec...&query=%s&i=enu
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: (no name) - {5FB03C44-89D7-3427-BDB1-25390FDC0ACA} - MSTCPDLL.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KeywordFinder] ABCXYZ.exe
O4 - HKLM\..\Run: [driver64] dePloy.exe
O4 - HKLM\..\Run: [SetupExeDll] utsgmon.exe
O4 - HKLM\..\Run: [SpyElim] media64.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [defect08] ftbar.exe
O4 - HKCU\..\Run: [NopeZ] powerdll.exe
O4 - HKCU\..\Run: [WinInitDll] SysEntry.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\OSA.EXE
O4 - Global Startup: Zip Disk Icons.lnk = C:\Program Files\Iomega\Tools\IMGICON.exe
O4 - Global Startup: Refresh.lnk = C:\Program Files\Iomega\Tools\refresh.exe
O4 - Global Startup: Reminder-cpq40502.lnk = C:\COMPAQ\Introreg\Na\iq\Remind32.exe
O4 - Global Startup: CompuServe 7.0 Tray Icon.lnk = C:\Program Files\CompuServe 7.0\cstray.exe
O8 - Extra context menu item: AltaVista Home - http://jump.altavista.com/avie5/home
O8 - Extra context menu item: AV Search This Term - http://jump.altavista.com/avie5/search
O8 - Extra context menu item: AV Translate Selection - http://jump.altavista.com/avie5/babelfish
O8 - Extra context menu item: AV Translate this Web Page - http://jump.altavista.com/avie5/babelfish
O9 - Extra button: (no name) - {06FE5D00-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)
O9 - Extra 'Tools' menuitem: &AltaVista Home - {06FE5D00-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/linksearch (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/linksearch (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/hostsearch (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/hostsearch (file missing)
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/babelfish (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/babelfish (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\shdocvw.dll
O12 - Plugin for .wmv: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{62588CD5-7A3F-4913-879C-1A58BCAB31D1}: NameServer = 205.188.146.145
O17 - HKLM\System\CCS\Services\Tcpip\..\{954DCCA7-D899-4FF6-A41E-DBC9684A7F92}: NameServer = 85.255.113.147,85.255.112.91
O17 - HKLM\System\CS1\Services\Tcpip\..\{62588CD5-7A3F-4913-879C-1A58BCAB31D1}: NameServer = 205.188.146.145
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
LoPhatPhuud
Dec 9 2005, 12:32 AM
We have repeatedly advised you to install and Anti Virus and to update your Windows with SP1, SP2 and any Critical Updates. So far you have chosen to ignore those suggestions.

Since you apparently are indifferent to our advice, we are going to refuse service to you.

This log will be closed. Please do not post any more HJT logs here at Gladiator.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.