Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My HijackThis Log


  • This topic is locked This topic is locked

#1
penbiles

penbiles

    New Member

  • Member
  • Pip
  • 2 posts
Hello and thanks!

IE has been buggy for a long time now, constant popups and webpages loading improperly. One strange example is that you cannot select the font size anymore, everything shows up as extra large. Firefox works fine.

Have followed the guidelines before posting a HijackThis log. Ran Ad-aware, SpySubtract, TDS-3, Microsoft AntiSpyWare, Panda Scan, Housecall Scan, and am using avast! as my virus checker.

Bman initially showed up as a running process, and I was able to remove the exe file, but it still shows up under the program list in msconfig. TDS-3 reported two Qoologic files that does not show up in Explorer nor could be removed. Trojans still continue showing up every so often, and new malware and adware seem to be installed the longer the pc stays up and running.

Logfile of HijackThis v1.99.1
Scan saved at 10:37:52 AM, on 4/21/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\llkmkp.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\TQENENC.EXE
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\??ool32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton Utilities\SYSDOC32.EXE
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jucheck.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Microsoft Office97\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office97\Office\OSA.EXE
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\Program Files\Speed Disk\nopdb.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and

Settings\Len\Desktop\Installs\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window

Title = Microsoft Internet Explorer provided by Comcast
R0 - HKCU\Software\Microsoft\Internet

Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F}

- C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {BEB81B26-82E1-F949-980C-D6C86BFB2AC7}

- C:\WINDOWS\System32\xpek.dll
O4 - HKLM\..\Run: [lmu] C:\WINDOWS\LMU.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\llkmkp.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft

AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TQENENC] C:\WINDOWS\TQENENC.EXE
O4 - HKLM\..\Run: [zgjgv] C:\WINDOWS\zgjgv.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program

Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program

Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program

Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PGCIDLL] C:\WINDOWS\PGCIDLL.EXE
O4 - HKLM\..\Run: [mpyfaz] C:\WINDOWS\mpyfaz.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Program

Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [ezresp] c:\windows\system32\ezresp.exe
O4 - HKLM\..\Run: [BMan] C:\Documents and Settings\All

Users\Application Data\msw\BMan1.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe

-cnetwait.odl
O4 - HKCU\..\Run: [Wqvmomr] C:\WINDOWS\System32\??ool32.exe
O4 - HKCU\..\Run: [Eiew] C:\Documents and

Settings\Len\Application Data\atat.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program

Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [iasnap] C:\WINDOWS\System32\iasnap.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program

Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: HotSync Manager.lnk = C:\Program

Files\Palm\HOTSYNC.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program

Files\Microsoft Office97\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program

Files\Microsoft Office97\Office\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program

Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program

Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program

Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Norton System Doctor.lnk = C:\Program

Files\Norton Utilities\SYSDOC32.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program

Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: &Google Search -

res://c:\program

files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links -

res://c:\program

files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -

res://c:\program

files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages -

res://c:\program

files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English -

res://c:\program

files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: ComcastHSI -

{669B269B-0D4E-41FB-A3D8-FD67CA94F646} -

http://www.comcast.net/ (file missing)
O9 - Extra button: Support -

{8828075D-D097-4055-AA02-2DBFA9D85E8A} -

http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help -

{97809617-3937-4F84-B335-9BB05EF1A8D4} -

http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM -

{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program

Files\AIM\aim.exe
O9 - Extra button: ICQ Lite -

{B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program

Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite -

{B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program

Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\MSMSGS.EXE
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall

Control) -

http://a840.g.akamai.../housecall.tren

dmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}

(ActiveScan Installer Class) -

http://www.pandasoft.../as5/asinst.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) -

Unknown owner - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program

Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner -

C:\Program Files\Avast4\ashMaiSv.exe" /service (file

missing)
O23 - Service: avast! Web Scanner - Unknown owner -

C:\Program Files\Avast4\ashWebSv.exe" /service (file

missing)
O23 - Service: Norton Unerase Protection (NProtectService) -

Symantec Corporation - C:\Program Files\Norton

Utilities\NPROTECT.EXE
O23 - Service: Speed Disk service - Symantec Corporation -

C:\Program Files\Speed Disk\nopdb.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown

owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service

(file missing)
  • 0

Advertisements


#2
penbiles

penbiles

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
I noticed that this computer wasn't running SP2, so I went ahead and upgraded. Microsoft automatic update did not ask to upgrade to SP1 first and went directly to SP2.

I also forgot to mention that I ran CWShredder.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP