1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

[Solved] do i have a worm or virus here is log

Discussion in 'Virus & Other Malware Removal' started by dubbie299, Apr 10, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. dubbie299

    dubbie299 Thread Starter

    Joined:
    Apr 10, 2004
    Messages:
    71
    Logfile of HijackThis v1.97.7
    Scan saved at 9:06:26 AM, on 4/10/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\PROGRAMS\System32\smss.exe
    C:\PROGRAMS\system32\winlogon.exe
    C:\PROGRAMS\system32\services.exe
    C:\PROGRAMS\system32\lsass.exe
    C:\PROGRAMS\system32\svchost.exe
    C:\PROGRAMS\System32\svchost.exe
    C:\PROGRAMS\system32\spoolsv.exe
    C:\PROGRAMS\Explorer.EXE
    C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Yahoo!\Messenger\ypager.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\wmconnecta\wmtray.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    C:\PROGRAMS\System32\PackethSvc.exe
    C:\PROGRAMS\System32\svchost.exe
    C:\PROGRAMS\PCHEALTH\HELPCTR\Binaries\helpctr.exe
    C:\PROGRAMS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
    C:\PROGRAMS\PCHealth\HelpCtr\Binaries\HelpHost.exe
    C:\Program Files\wmconnecta\wwm.exe
    C:\PROGRAMS\PCHEALTH\HELPCTR\Binaries\HelpCtr.exe
    C:\PROGRA~1\WINZIP\winzip32.exe
    C:\Documents And Settings\Administrator.RICHARD-BT7OPP4\Local Settings\Temp\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_16_0.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\PROGRAMS\System32\msdxm.ocx
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_16_0.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O4 - Global Startup: Wal-Mart Connect Tray Icon.lnk = C:\Program Files\wmconnecta\wmtray.exe
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {4FCE7460-D289-4037-A570-4E4DED74ADC9} (WebTrackOCXX4.WebTrackOCX4) - http://www.mediatechnics.net/np5cd/files/WebTrackOCX4.CAB
    O16 - DPF: {8D023D6D-5494-459E-A163-BD0A5DFADDE1} (YMSC Class) - http://download.yahoo.com/dl/toolbar/modules/ymsc.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38063.8693055556
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B50E5210-D408-4EAE-8BDB-9E587031F665}: NameServer = 205.188.146.146
     
  2. dubbie299

    dubbie299 Thread Starter

    Joined:
    Apr 10, 2004
    Messages:
    71
    Home | Forums | Rules | Chat | Donate!

    "There's no such thing as a stupid question,
    but they're the easiest to answer!"



    HelpOnThe.Net > TSG Forums > Internet & Networking > Security
    do i have a worm or virus here is log
    Welcome, dubbie299.
    You last visited: Today at 08:24 AM
    Private Messages: 0 Unread, Total 0.

    User CP FAQ Members List Calendar New Posts Search Quick Links Log Out

    Search Forums


    Advanced Search

    Quick Links
    New Posts
    Mark Forums Read
    Open Buddy List
    User Control Panel
    Edit Signature
    Edit Avatar
    Edit Profile
    Edit Options
    Miscellaneous
    Private Messages
    Subscribed Threads
    My Profile
    Who's Online


    If you've found this site helpful, please make a donation!
    View First Unread Thread Tools Search this Thread Display Modes

    #1 Today, 09:31 AM
    dubbie299
    Junior Member Join Date: Apr 2004
    Posts: 1

    do i have a worm or virus here is log

    --------------------------------------------------------------------------------

    Logfile of HijackThis v1.97.7
    Scan saved at 9:06:26 AM, on 4/10/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\PROGRAMS\System32\smss.exe
    C:\PROGRAMS\system32\winlogon.exe
    C:\PROGRAMS\system32\services.exe
    C:\PROGRAMS\system32\lsass.exe
    C:\PROGRAMS\system32\svchost.exe
    C:\PROGRAMS\System32\svchost.exe
    C:\PROGRAMS\system32\spoolsv.exe
    C:\PROGRAMS\Explorer.EXE
    C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Yahoo!\Messenger\ypager.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\wmconnecta\wmtray.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    C:\PROGRAMS\System32\PackethSvc.exe
    C:\PROGRAMS\System32\svchost.exe
    C:\PROGRAMS\PCHEALTH\HELPCTR\Binaries\helpctr.exe
    C:\PROGRAMS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
    C:\PROGRAMS\PCHealth\HelpCtr\Binaries\HelpHost.exe
    C:\Program Files\wmconnecta\wwm.exe
    C:\PROGRAMS\PCHEALTH\HELPCTR\Binaries\HelpCtr.exe
    C:\PROGRA~1\WINZIP\winzip32.exe
    C:\Documents And Settings\Administrator.RICHARD-BT7OPP4\Local Settings\Temp\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...rch/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/cus...://my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...rch/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/cus...://my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_16_0.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\PROGRAMS\System32\msdxm.ocx
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_16_0.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O4 - Global Startup: Wal-Mart Connect Tray Icon.lnk = C:\Program Files\wmconnecta\wmtray.exe
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {4FCE7460-D289-4037-A570-4E4DED74ADC9} (WebTrackOCXX4.WebTrackOCX4) - http://www.mediatechnics.net/np5cd/...ebTrackOCX4.CAB
    O16 - DPF: {8D023D6D-5494-459E-A163-BD0A5DFADDE1} (YMSC Class) - http://download.yahoo.com/dl/toolbar/modules/ymsc.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.c...8063.8693055556
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yah.../ymmapi_416.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pu...ash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B50E5210-D408-4EAE-8BDB-9E587031F665}: NameServer = 205.188.146.146




    dubbie299
    View Public Profile
    Send a private message to dubbie299
    Find all posts by dubbie299
    Add dubbie299 to Your Buddy List



    Donate to turn off
    this ad bar!

    « Previous Thread | Next Thread »

    Quick Reply
    Message:

    Options
    Quote message in reply?
     
  3. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Hi dubbie299

    Welcome to TSG! :)

    I don't see anything in your log. What makes you think you have a virus/worm?
     
  4. dubbie299

    dubbie299 Thread Starter

    Joined:
    Apr 10, 2004
    Messages:
    71
    ty wife said it was acting weird thought she may have downloaded a problem so .........
     
  5. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    One thing you definitely need to do is go to Windows update and install all "Critical Updates and Service Packs". This will plug numerous security holes in IE and XP.


    Here are some routine maintenance practices that you should do on a regular basis to keep your machine running efficienly:

    Disk Cleanup:

    http://www.theeldergeek.com/disk_cleanup_utility.htm

    Defrag your HD:

    http://artsweb.bham.ac.uk/artsit/Info/Guides/GoodPractice/defrag-win2kxp.htm

    Run chkdsk:

    To use Chkdsk, click Start and My Computer. Right-click the hard drive you want to check, and click Properties. Select the Tools tab and click Check Now. Check both boxes. Click Start. You'll get a message that the computer must be rebooted to run a complete check. Click Yes and reboot. Chkdsk will take awhile, so run it when you don't need to use the computer for something else.

    Remove unnecessary startups

    This should be done through the System Configuration Utility. Go to Start > Run and type in msconfig.
    Click OK or hit the Enter key.

    Click on the "Startup" tab and remove the check by the items that you have determined are unnecessary. Click "Apply" then "Close"

    You will be prompted to restart. Go ahead and restart.

    Upon restart you will be confronted with a dialogue box warning about running in selective startup. Just ignore that message and put a check in the box by "Don't show me this message or launch the System Configuration Utility when Windows starts" and click "OK". You will not be bothered by the message again.

    Keep in mind that some entries will be re-enabled in the startups each time you use that particular program. Therefore, you will have to find the option in that programs preferences that says something like "Load with Windows" or "Run when Windows Starts" and disable that option.

    Go here for info on msconfig:

    http://www.pacs-portal.co.uk/startup_index.htm

    You can look up the startups here to help determine what is needed and what is not:

    http://www.sysinfo.org/startuplist.php


    You might also consider checking out Black Viper's guide to disabling some of the unnecessary services in XP here:

    http://www.blackviper.com/WinXP/servicecfg.htm
     
  6. dubbie299

    dubbie299 Thread Starter

    Joined:
    Apr 10, 2004
    Messages:
    71
    belarc is excellant thank you .....great info
     
  7. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    My pleasure! :)

    I'm closing this thread. If you need it reopened please PM me or one of the other mods.

    Anyone else with a similar problem please start a "New Thread".
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/219005

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice