[Solved] do i have a worm or virus here is log

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

dubbie299

Thread Starter
Joined
Apr 10, 2004
Messages
71
Logfile of HijackThis v1.97.7
Scan saved at 9:06:26 AM, on 4/10/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\PROGRAMS\System32\smss.exe
C:\PROGRAMS\system32\winlogon.exe
C:\PROGRAMS\system32\services.exe
C:\PROGRAMS\system32\lsass.exe
C:\PROGRAMS\system32\svchost.exe
C:\PROGRAMS\System32\svchost.exe
C:\PROGRAMS\system32\spoolsv.exe
C:\PROGRAMS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\wmconnecta\wmtray.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\PROGRAMS\System32\PackethSvc.exe
C:\PROGRAMS\System32\svchost.exe
C:\PROGRAMS\PCHEALTH\HELPCTR\Binaries\helpctr.exe
C:\PROGRAMS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\PROGRAMS\PCHealth\HelpCtr\Binaries\HelpHost.exe
C:\Program Files\wmconnecta\wwm.exe
C:\PROGRAMS\PCHEALTH\HELPCTR\Binaries\HelpCtr.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents And Settings\Administrator.RICHARD-BT7OPP4\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_16_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\PROGRAMS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_16_0.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Wal-Mart Connect Tray Icon.lnk = C:\Program Files\wmconnecta\wmtray.exe
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {4FCE7460-D289-4037-A570-4E4DED74ADC9} (WebTrackOCXX4.WebTrackOCX4) - http://www.mediatechnics.net/np5cd/files/WebTrackOCX4.CAB
O16 - DPF: {8D023D6D-5494-459E-A163-BD0A5DFADDE1} (YMSC Class) - http://download.yahoo.com/dl/toolbar/modules/ymsc.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38063.8693055556
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B50E5210-D408-4EAE-8BDB-9E587031F665}: NameServer = 205.188.146.146
 

dubbie299

Thread Starter
Joined
Apr 10, 2004
Messages
71
Home | Forums | Rules | Chat | Donate!

"There's no such thing as a stupid question,
but they're the easiest to answer!"



HelpOnThe.Net > TSG Forums > Internet & Networking > Security
do i have a worm or virus here is log
Welcome, dubbie299.
You last visited: Today at 08:24 AM
Private Messages: 0 Unread, Total 0.

User CP FAQ Members List Calendar New Posts Search Quick Links Log Out

Search Forums


Advanced Search

Quick Links
New Posts
Mark Forums Read
Open Buddy List
User Control Panel
Edit Signature
Edit Avatar
Edit Profile
Edit Options
Miscellaneous
Private Messages
Subscribed Threads
My Profile
Who's Online


If you've found this site helpful, please make a donation!
View First Unread Thread Tools Search this Thread Display Modes

#1 Today, 09:31 AM
dubbie299
Junior Member Join Date: Apr 2004
Posts: 1

do i have a worm or virus here is log

--------------------------------------------------------------------------------

Logfile of HijackThis v1.97.7
Scan saved at 9:06:26 AM, on 4/10/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\PROGRAMS\System32\smss.exe
C:\PROGRAMS\system32\winlogon.exe
C:\PROGRAMS\system32\services.exe
C:\PROGRAMS\system32\lsass.exe
C:\PROGRAMS\system32\svchost.exe
C:\PROGRAMS\System32\svchost.exe
C:\PROGRAMS\system32\spoolsv.exe
C:\PROGRAMS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\wmconnecta\wmtray.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\PROGRAMS\System32\PackethSvc.exe
C:\PROGRAMS\System32\svchost.exe
C:\PROGRAMS\PCHEALTH\HELPCTR\Binaries\helpctr.exe
C:\PROGRAMS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\PROGRAMS\PCHealth\HelpCtr\Binaries\HelpHost.exe
C:\Program Files\wmconnecta\wwm.exe
C:\PROGRAMS\PCHEALTH\HELPCTR\Binaries\HelpCtr.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents And Settings\Administrator.RICHARD-BT7OPP4\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/cus...://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/cus...://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_16_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\PROGRAMS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_16_0.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Wal-Mart Connect Tray Icon.lnk = C:\Program Files\wmconnecta\wmtray.exe
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {4FCE7460-D289-4037-A570-4E4DED74ADC9} (WebTrackOCXX4.WebTrackOCX4) - http://www.mediatechnics.net/np5cd/...ebTrackOCX4.CAB
O16 - DPF: {8D023D6D-5494-459E-A163-BD0A5DFADDE1} (YMSC Class) - http://download.yahoo.com/dl/toolbar/modules/ymsc.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.c...8063.8693055556
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yah.../ymmapi_416.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pu...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B50E5210-D408-4EAE-8BDB-9E587031F665}: NameServer = 205.188.146.146




dubbie299
View Public Profile
Send a private message to dubbie299
Find all posts by dubbie299
Add dubbie299 to Your Buddy List



Donate to turn off
this ad bar!

« Previous Thread | Next Thread »

Quick Reply
Message:

Options
Quote message in reply?
 
Joined
Jul 26, 2002
Messages
46,349
Hi dubbie299

Welcome to TSG! :)

I don't see anything in your log. What makes you think you have a virus/worm?
 

dubbie299

Thread Starter
Joined
Apr 10, 2004
Messages
71
ty wife said it was acting weird thought she may have downloaded a problem so .........
 
Joined
Jul 26, 2002
Messages
46,349
One thing you definitely need to do is go to Windows update and install all "Critical Updates and Service Packs". This will plug numerous security holes in IE and XP.


Here are some routine maintenance practices that you should do on a regular basis to keep your machine running efficienly:

Disk Cleanup:

http://www.theeldergeek.com/disk_cleanup_utility.htm

Defrag your HD:

http://artsweb.bham.ac.uk/artsit/Info/Guides/GoodPractice/defrag-win2kxp.htm

Run chkdsk:

To use Chkdsk, click Start and My Computer. Right-click the hard drive you want to check, and click Properties. Select the Tools tab and click Check Now. Check both boxes. Click Start. You'll get a message that the computer must be rebooted to run a complete check. Click Yes and reboot. Chkdsk will take awhile, so run it when you don't need to use the computer for something else.

Remove unnecessary startups

This should be done through the System Configuration Utility. Go to Start > Run and type in msconfig.
Click OK or hit the Enter key.

Click on the "Startup" tab and remove the check by the items that you have determined are unnecessary. Click "Apply" then "Close"

You will be prompted to restart. Go ahead and restart.

Upon restart you will be confronted with a dialogue box warning about running in selective startup. Just ignore that message and put a check in the box by "Don't show me this message or launch the System Configuration Utility when Windows starts" and click "OK". You will not be bothered by the message again.

Keep in mind that some entries will be re-enabled in the startups each time you use that particular program. Therefore, you will have to find the option in that programs preferences that says something like "Load with Windows" or "Run when Windows Starts" and disable that option.

Go here for info on msconfig:

http://www.pacs-portal.co.uk/startup_index.htm

You can look up the startups here to help determine what is needed and what is not:

http://www.sysinfo.org/startuplist.php


You might also consider checking out Black Viper's guide to disabling some of the unnecessary services in XP here:

http://www.blackviper.com/WinXP/servicecfg.htm
 
Joined
Jul 26, 2002
Messages
46,349
My pleasure! :)

I'm closing this thread. If you need it reopened please PM me or one of the other mods.

Anyone else with a similar problem please start a "New Thread".
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top