Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HELP NEEDED!


  • Please log in to reply
4 replies to this topic

#1 paulaboo

paulaboo

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 08 February 2005 - 04:16 PM

I posted on a virus form, was asked to post here.
Here is my log....what is wrong...gonna wait a lil bit b4 i reformat - to see if this cna be fixed.

Logfile of HijackThis v1.99.0
Scan saved at 4:10:50 PM, on 08/02/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\System32\p6.exe
C:\windows\System32\wuauclt.exe
C:\Documents and Settings\paula\My Documents\Programs\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~3\tools\iesdsg.dll (file missing)
O4 - HKLM\..\Run: [MSNPluginSrvcs] p6.exe
O4 - HKLM\..\RunServices: [MSNPluginSrvcs] p6.exe
O4 - HKCU\..\Run: [MSNPluginSrvcs] p6.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O15 - Trusted Zone: http://www.uproar.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by1fd.bay1.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5A629DE-4363-493E-89A9-76648AF746AB}: NameServer = 206.47.244.42 206.47.244.101
O21 - SSODL: Web Event Logger - {79FEACFF-FFCE-815E-A900-316290B5B738} - C:\WINDOWS\System32\Jgegca32.dll (file missing)

BC AdBot (Login to Remove)

 


#2 paulaboo

paulaboo
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 08 February 2005 - 05:05 PM

I think Im gonna reformat the whole computer - maybe im best off - just such a pain in the a$$!

#3 paulaboo

paulaboo
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 08 February 2005 - 07:32 PM

I still need help, I didn't reformat. But it comes up now, stayin md.exe (msdos) is wrong..something like that. when i load it windows, it goes to a profile...i have to click that..to get on.

#4 paulaboo

paulaboo
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 08 February 2005 - 07:35 PM

Logfile of HijackThis v1.99.0
Scan saved at 7:34:15 PM, on 08/02/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\System32\p6.exe
C:\windows\System32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\paula\My Documents\Programs\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~3\tools\iesdsg.dll (file missing)
O4 - HKLM\..\Run: [MSNPluginSrvcs] p6.exe
O4 - HKLM\..\RunServices: [MSNPluginSrvcs] p6.exe
O4 - HKCU\..\Run: [MSNPluginSrvcs] p6.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O15 - Trusted Zone: http://www.uproar.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by1fd.bay1.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5A629DE-4363-493E-89A9-76648AF746AB}: NameServer = 206.47.244.42 206.47.244.101
O21 - SSODL: Web Event Logger - {79FEACFF-FFCE-815E-A900-316290B5B738} - C:\WINDOWS\System32\Jgegca32.dll (file missing)

#5 penmore

penmore

    Malware Sniffer


  • Members
  • 757 posts
  • OFFLINE
  •  
  • Location:West Coast of Scotland
  • Local time:09:53 AM

Posted 09 February 2005 - 03:35 AM

Hi paulaboo,

New requests for help are dealt with by the volunteer helpers by searching for the oldest logs with zero replies. Unfortunately by continually posting to your original request you have increased your reply count to 3 taking you out of the list of members needing help. Please be patient when you post a request for help and do not post again until you have received a reply from one of the HijackThis Team.

If you have not re-formatted your hard drive and still require help then please post a new log here using the Add Reply button and I will help you clean up your log.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users