Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93104 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

TROJAN POSSIBLE ? BackUP & Data Saved !


  • This topic is locked This topic is locked
No replies to this topic

#1 luckiilogr

luckiilogr

    New Member

  • New Member
  • Pip
  • 1 posts

Posted 21 January 2008 - 10:52 PM

`

Greetings & HNYear !!! --- The SCAN-LOG is below... My XP has been shutting down. Have helper that thot it was my smaller HDrive/20g Desk (Death) Star that was the prob. Not so. Gone now & have moved my 98se OS/Data over to XP on 160 Seagate HD. Still SHUTS DOWN by self. No error 32/hal.dll msg now, but...Restart does NOT go on only after many attempts so goto: Off Switch.

Would Freeze just clicking on Docs. Folder or YM. HENCE, this msg to YOU. Had an episode w/many viruses long ago w/in 6mos. All were 'Healed'...there was a TROJAN as a seperate one sometime also...Healed as well. No indication of VIRUS on AVG Free. --- have now UPgraded long over-due add-ons ( external HD/320 Lacie & Battery BackUP ) My PC Guy tells me that Power these days is very erratic & this helps to Level-Out the Flow-Of-Power to PC. --- Sooo ALL INFO is finally BackedUP on the External & on Disc !!! phew! --- and...files are OK on system. --- THANK YOU - Here Is The SCAN LOG >>>

Logfile of HijackThis v1.99.1
Scan saved at 8:21:08 PM, on 1/21/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
F:\WINDOWS\Explorer.EXE
F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
F:\WINDOWS\System32\nvsvc32.exe
F:\WINDOWS\System32\svchost.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
F:\PROGRA~1\MYWEBS~1\bar\9.bin\mwsoemon.exe
F:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe
F:\Program Files\DesktopLightning\DesktopLightning.exe
F:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\ASAP\ASAPSvc.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\Skype\Phone\Skype.exe
F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
F:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
F:\Program Files\Skype\Plugin Manager\SkypePM.exe
F:\WINDOWS\system32\NOTEPAD.EXE
F:\PROGRA~1\MOZILL~1\FIREFOX.EXE
F:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.netscape.../winsearch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape...nsearch200.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.netscape.../winsearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://asap2.convoq....uleopenmeet.swf
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - F:\Program Files\MyWebSearch\SrchAstt\9.bin\MWSSRCAS.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
N4 - Mozilla: user_pref("browser.startup.homepage", "http://www.mozilla.o...amonkey/start/"); (F:\Documents and Settings\Mark Jorgensen\Application Data\Mozilla\Profiles\default\6qs56r5t.slt\prefs.js)
N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://F%3A%5CProgram%20Files%5Cmozilla.org%5CSeaMonkey%5Csearchplugins%5Cgoogle.src"); (F:\Documents and Settings\Mark Jorgensen\Application Data\Mozilla\Profiles\default\6qs56r5t.slt\prefs.js)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - F:\Program Files\MyWebSearch\SrchAstt\9.bin\MWSSRCAS.DLL
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - F:\Program Files\MyWebSearch\bar\9.bin\MWSBAR.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - F:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: ASAP Browser Helper Object - {9A2A2BF3-A049-407A-B548-4668E673DCF7} - F:\Program Files\ASAP\ASAPBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] F:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 F:\PROGRA~1\MYWEBS~1\bar\9.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] F:\PROGRA~1\MYWEBS~1\bar\9.bin\mwsoemon.exe
O4 - HKLM\..\Run: [eFax 4.2] "F:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [DesktopLightning] F:\Program Files\DesktopLightning\DesktopLightning.exe
O4 - HKLM\..\Run: [LVCOMS] F:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] F:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] F:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ASAPSvc.exe] "F:\Program Files\ASAP\ASAPSvc.exe"
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] F:\PROGRA~1\MYWEBS~1\bar\9.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Skype] "F:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LDM] F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Startup: eCentral.lnk = F:\Program Files\Eshasoft\Joel Christopher eCentral\eCentral.exe
O4 - Startup: Microsoft Office.lnk = C:\MSOFFICE\MSOFFICE.EXE
O4 - Global Startup: Monitor.lnk = F:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
O8 - Extra context menu item: &Search - http://edits.mywebse...arch.jhtml?p=ZU
O8 - Extra context menu item: &Yahoo! Search - file:///F:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///F:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///F:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///F:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - F:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - F:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: qhdtvv - qhdtvv.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe

    Advertisements

Register to Remove

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users