| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 99792 | 2009-05-15 04:20:00 | HJT log - thank you in advance :) Computer in sad sad shape | mwcubsnut (14829) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 774025 | 2009-05-15 04:20:00 | Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:17:22 PM, on 5/15/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 SP2 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe C:\Program Files\Trojan Remover\Trjscan.exe C:\WINDOWS\system32\sistray.EXE C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = red.clientapps.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = red.clientapps.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = red.clientapps.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = red.clientapps.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = s2.bestmanage.org R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1 O3 - Toolbar: & Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Common\ycomp5_1_6_0.dll (file missing) O4 - HKLM\..\Run: [YBrowser] C:\Program Files\ Yahoo! \browser\ybrwicon.exe O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe" O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE O4 - HKCU\..\Run: [ Yahoo! Pager] 1 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\ Yahoo! \Common/ycdict.htm O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\ Yahoo! \Common/ycsrch.htm O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\ Yahoo! \Common\ylogin.dll (file missing) O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\ Yahoo! \Common\ylogin.dll (file missing) O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\ Yahoo! \Messenger\yhexbmes.dll (file missing) O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\ Yahoo! \Messenger\yhexbmes.dll (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\ Yahoo! \common\yinsthelper.dll O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - photos.yahoo.com O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: YPCService - Unknown owner - C:\WINDOWS\system32\YPCSER~1.EXE (file missing) O24 - Desktop Component 0: (no name) - C:\Program Files\Windows NT\progyrtaj.html -- End of file - 4675 bytes |
mwcubsnut (14829) | ||
| 774026 | 2009-05-15 04:31:00 | Looks ok. Run HJT again and tick the following: O3 - Toolbar: & Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Common\ycomp5_1_6_0.dll (file missing) O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\ Yahoo! \Common\ylogin.dll (file missing) O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\ Yahoo! \Common\ylogin.dll (file missing) O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\ Yahoo! \Messenger\yhexbmes.dll (file missing) O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\ Yahoo! \Messenger\yhexbmes.dll (file missing) O23 - Service: YPCService - Unknown owner - C:\WINDOWS\system32\YPCSER~1.EXE (file missing) How much RAM do you have in the PC, and have you done a virus scan with some decent software recently? If you don't want to install any AV software, I'd recommend doing an online scan (www.eset.com) with NOD32, or installing the NOD32 trial (download.eset.com). |
wratterus (105) | ||
| 774027 | 2009-05-15 04:34:00 | You can tick these then tick fix checked Close browsers O4 - HKLM\..\Run: [YBrowser] C:\Program Files\ Yahoo! \browser\ybrwicon.exe O3 - Toolbar: & Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Common\ycomp5_1_6_0.dll (file missing) O4 - HKCU\..\Run: [ Yahoo! Pager] 1 Tick this if you dont use the language bar O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe If Yahoo messenger isnt installed you may as well tick these O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\ Yahoo! \Common/ycsrch.htm O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\ Yahoo! \Common\ylogin.dll (file missing) O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\ Yahoo! \Common\ylogin.dll (file missing) O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\ Yahoo! \Messenger\yhexbmes.dll (file missing) O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\ Yahoo! \Messenger\yhexbmes.dll (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\ Yahoo! \common\yinsthelper.dll O23 - Service: YPCService - Unknown owner - C:\WINDOWS\system32\YPCSER~1.EXE (file missing) O24 - Desktop Component 0: (no name) - C:\Program Files\Windows NT\progyrtaj.html Then get malwarebytes below update it then scan |
Speedy Gonzales (78) | ||
| 774028 | 2009-05-15 04:56:00 | Thanks to both of you. Here is the updated log. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:55:38 PM, on 5/15/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 SP2 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe C:\Program Files\Trojan Remover\Trjscan.exe C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe C:\WINDOWS\system32\sistray.EXE C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\SoftwareDistribution\Download\2ad1413c5 dc0d16e6d56d3e6ca94ed48\update\update.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = red.clientapps.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = red.clientapps.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = red.clientapps.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = red.clientapps.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = s2.bestmanage.org R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1 O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe" O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\ Yahoo! \Common/ycdict.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - photos.yahoo.com O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE -- End of file - 3568 bytes |
mwcubsnut (14829) | ||
| 774029 | 2009-05-15 05:01:00 | Looks good... How much RAM do you have in the PC, and have you done a virus scan with some decent software recently? If you don't want to install any AV software, I'd recommend doing an online scan (www.eset.com) with NOD32, or installing the NOD32 trial (download.eset.com). Also get malwarebytes and scan with that like Speedy said before. :thumbs: |
wratterus (105) | ||
| 774030 | 2009-05-15 05:04:00 | I am not sure about the RAM - how would I get that information for you? Sorry . . . . The computer had Macafee on it or parts of it, it appeared . But I got rid of that and I was thinking of getting AVG or Avast free . Thanks again . |
mwcubsnut (14829) | ||
| 774031 | 2009-05-15 05:06:00 | Right click on My Computer and click properties. Down the bottom of that page it will give you the info about CPU and RAM. Post that here. McAfee is horrible, looks like you got rid of it all though. Don't get AVG, Avast Home is the best free one to get, I would still recommend doing an online scan with NOD32 before installing it though. |
wratterus (105) | ||
| 774032 | 2009-05-15 05:10:00 | Tick these as well then tick fix checked Close browsers C:\WINDOWS\SoftwareDistribution\Download\2ad1413c5 dc0d16e6d56d3e6ca94ed48\update\update.exe O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe" O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\ Yahoo! \Common/ycdict.htm |
Speedy Gonzales (78) | ||
| 774033 | 2009-05-15 05:10:00 | 480 MB of Ram | mwcubsnut (14829) | ||
| 774034 | 2009-05-15 05:15:00 | Spedy - I did not see this to check... C:\WINDOWS\SoftwareDistribution\Download\2ad1413c5 dc0d16e6d56d3e6ca94ed48\update\update.exe |
mwcubsnut (14829) | ||
| 1 2 | |||||