1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

read my log file

Discussion in 'Windows - Virus and spyware problems' started by numnuts87, May 23, 2007.

  1. numnuts87

    numnuts87 Regular member

    Joined:
    Mar 27, 2006
    Messages:
    179
    Likes Received:
    0
    Trophy Points:
    26
    Can someone examine my log file ?

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 12:29:11 AM, on 5/24/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Belkin\Belkin Wireless AG Desktop Network Card\Wireless Utility\WLService.exe
    C:\Program Files\Belkin\Belkin Wireless AG Desktop Network Card\Wireless Utility\WLanCfgAG.exe
    C:\WINDOWS\system32\gearsec.exe
    C:\WINDOWS\system32\netmsg.exe
    C:\WINDOWS\system32\odbc.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\winvercp.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    C:\WINDOWS\winlogon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mim.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Ipwindows\ipwins.exe
    C:\Documents and Settings\Eric\Local Settings\Temporary Internet Files\Content.IE5\QCJ0F25Q\HiJackThis_v2.0.0.0[2].exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
    O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [MimBoot] C:\Program Files\Musicmatch\Musicmatch Jukebox\mimboot.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [winlogon] C:\WINDOWS\winlogon.exe
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu4.exe 61A847B5BBF72816228849360B8D1BE1C59331416DC57C032CBD1BE3D2906418338B2B092EAD1B90C8EF456B4CEF4731119553B686D27652779F26033AAC
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
    O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: *.musicmatch.com
    O15 - Trusted Zone: *.musicmatch.com (HKLM)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O18 - Filter hijack: text/html - (no CLSID) - (no file)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Belkin Wireless Desktop Card Service (BLKWLDESKTOP) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless AG Desktop Network Card\Wireless Utility\WLService.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\system32\gearsec.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe (file missing)
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe (file missing)
    O23 - Service: Net message Service - Unknown owner - C:\WINDOWS\system32\netmsg.exe
    O23 - Service: ODBC service - Unknown owner - C:\WINDOWS\system32\odbc.exe
    O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Windows sharing object - Unknown owner - C:\WINDOWS\system32\winvercp.exe

    --
    End of file - 8023 bytes


    I've been getting pop ups and unwanted things any ideas why ?
     
  2. Waymon3X6

    Waymon3X6 Regular member

    Joined:
    Mar 9, 2006
    Messages:
    2,193
    Likes Received:
    0
    Trophy Points:
    46
    Hello, I looked at your log and found these things:

    C:\WINDOWS\system32\netmsg

    C:\WINDOWS\system32\odbc.exe

    C:\WINDOWS\winlogon.exe

    C:\Program Files\Ipwindows\ipwins.exe

    O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)

    O4 - HKLM\..\Run: [winlogon] C:\WINDOWS\winlogon.exe

    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu4.exe 61A847B5BBF72816228849360B8D1BE1C59331416DC57C032CBD1BE3D2906418338B2B092EAD1B90 C8EF456B4CEF4731119553B686D27652779F26033AAC

    O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe

    O18 - Filter hijack: text/html - (no CLSID) - (no file)

    ------------------------------------

    Do you have Spybot Search&Destroy (http://www.safer-networking.org/en/mirrors/index.html ), AVG Anti Spyware (http://www.ewido.net/en/download/) And Ad-Aware SE Personal (http://majorgeeks.com/download.php?det=506) Also, you will need to have CCleaner installed http://majorgeeks.com/download.php?det=4191 )
    If you don’t have any of these, please download them, update them and run them individually in safe mode. Then, boot back into regular mode, and post a new HJT log once again. Thanks!


     
  3. Fredil

    Fredil Regular member

    Joined:
    Jul 19, 2006
    Messages:
    390
    Likes Received:
    0
    Trophy Points:
    26
    Hi there, you have several problems including IpWindows and Trojan.Win32.Agent. We can get those fixed, however, no worries.

    Before we start, though, I need you to do something first. I see that you are currently using Trend Micro's HijackThis v.2 Beta. This is still in the beta stage, and while it doesn't have any security holes or anything like that, it is still unreliable to use (as it is a beta). Please uninstall this beta (go to Start Menu > Run. Type appwiz.cpl OR open the Control Panel and select "Add or Remove Programs") and download the current version of HijackThis, HijackThis v.1.99.1

    Afterwards, download Ad-Aware SE Personal and Spybot Search and Destroy. Update them both - this is very important!!!! Do not run them yet; we will in a second.

    Now, copy these instructions into a Notepad document or print them out as you will not have Internet access for this part of the fix.


    Reboot your computer into safe mode -

    1. Restart your computer.
    2. When you hear your computer beep, continually tap your F8 key.
    3. If it gives you a message about boot drivers, press ESC and keep tapping F8.
    4. It should give you a list of what mode to boot into. Select "Safe Mode" and press Enter. It will take time, like a normal booting.

    Now, run Ad-Aware SE Personal. Do a full system scan, and check "Search for low-risk threats". Wait for the scan to finish. After that, run Spybot S&D. DO NOT RUN THEM AT THE SAME TIME - THIS IS VITAL! Now, restart your computer back into Safe Mode and keep doing this process until neither Spybot or Ad-Aware show anything. It will take a while, but be patient.

    When Spybot and Ad-Aware both show nothing reboot back into Normal Mode.

    In your reply:
    * A logfile of HijackThis v.1.99.1
     
    Last edited: May 24, 2007

Share This Page