1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Help a virus possible??

Discussion in 'Windows XP' started by tipsy, Apr 28, 2004.

Thread Status:
Not open for further replies.
  1. tipsy

    tipsy Thread Starter

    Joined:
    Apr 28, 2004
    Messages:
    1
    The beginning of the week I got a virus which is now going to the shop so I am on a backup puter.. and tonight I got another darn thing.. unfort. I didn't get the name but it said it was a trojan and listed it in the temp internet file folder. I emptied that folder and deleted all my cookies then ran an avg scan came up with no virus then scanned with adaware, spybot s&d and bazooka. I'm still very weiry :( Can you look at my hijack this file and see if there's anything out of the ordinary?? I am on windows xp

    Sorry if I'm posting this in the wrong place Thank you in advance


    Logfile of HijackThis v1.97.7
    Scan saved at 8:11:29 PM, on 4/28/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\LEXBCES.EXE
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\system32\LEXPPS.EXE
    D:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    D:\Program Files\Symantec\pcAnywhere\awhost32.exe
    D:\PROGRA~1\DIRECWAY\bin\dpcproxy.exe
    D:\WINDOWS\Explorer.EXE
    D:\PROGRA~1\NORTON~1\navapw32.exe
    D:\WINDOWS\System32\atiptaxx.exe
    D:\Program Files\Real\RealPlayer\RealPlay.exe
    D:\WINDOWS\System32\LXSUPMON.EXE
    D:\PROGRA~1\AIM95\aim.exe
    C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
    D:\Program Files\DIRECWAY\BIN\dpcstart.exe
    D:\Program Files\Messenger\msmsgs.exe
    D:\PROGRA~1\Yahoo!\MESSEN~1\YPAGER.EXE
    D:\PROGRA~1\Grisoft\AVG6\AVGCC32.EXE
    D:\WINDOWS\system32\ZoneLabs\vsmon.exe
    D:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    D:\Documents and Settings\Jay\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/partner/more/msie/button/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/more/msie/button/search.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.earthlink.net/partner/more/msie/button/search.html
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:83
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
    O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
    O4 - HKLM\..\Run: [NAV Agent] D:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [RealTray] D:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [PrinTray] D:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
    O4 - HKLM\..\Run: [LXSUPMON] D:\WINDOWS\System32\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [AVG_CC] D:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [Zone Labs Client] D:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    O4 - HKCU\..\Run: [ATI Launchpad] "D:\Program Files\ATI Multimedia\main\launchpd.exe"
    O4 - HKCU\..\Run: [AIM] D:\PROGRA~1\AIM95\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Global Startup: Dpcstart.lnk = D:\Program Files\DIRECWAY\BIN\dpcstart.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3C17193D-3E75-4D03-9125-20A8C433B110}: NameServer = 208.216.228.253,208.216.228.221
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8160E424-4B02-41B7-9FFF-D94D14A48791}: Domain = direcway.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8160E424-4B02-41B7-9FFF-D94D14A48791}: NameServer = 198.77.116.8
    O17 - HKLM\System\CS1\Services\Tcpip\..\{3C17193D-3E75-4D03-9125-20A8C433B110}: NameServer = 208.216.228.253,208.216.228.221
    O17 - HKLM\System\CS2\Services\Tcpip\..\{3C17193D-3E75-4D03-9125-20A8C433B110}: NameServer = 208.216.228.253,208.216.228.221
     
  2. snappy_31

    snappy_31

    Joined:
    Dec 3, 2003
    Messages:
    385
    If it was Backdoor trojan virus with a file name something like Update0000! and you removed it that should do it as this file just keeps a port open in your computer and tells the worm guys out there that it is ready to send a worm through .. you can download a program called SWATIT just get the trial and run it and it will ease your mind.
    Peter
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/224768

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice