Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT LOG - fuzzybunny3


  • Please log in to reply
2 replies to this topic

#1 fuzzybunny3

fuzzybunny3

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:06 PM

Posted 31 March 2005 - 11:47 AM

//Mod edit: This post was split off from topic
"Crazy mouse virus?, Why does my mouse pointer go nuts?" in
AntiVirus, Firewall and Privacy Products and Protection Methods.
http://www.bleepingcomputer.com/forums/ind...opic=13605&hl=#



I think i can help u guys and u can help me too! I have the same problem i did your log thing here is what mine came up with:


Logfile of HijackThis v1.99.1
Scan saved at 11:32:38 AM, on 3/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32LEXBCES.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32LEXPPS.EXE
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32
vsvc32.exe
C:Program FilesiRiveriRiver ManagerUpdaterUpdater.exe
C:Program FilesAIMaim.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesInternet Exploreriexplore.exe
C:WINDOWSsystem32wpabaln.exe
C:Program FilesHijackThisHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar2.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:PROGRA~1FlashFXPIEFlash.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:Program FilesAIM ToolbarAIMBar.dll
O3 - Toolbar: (no name) - {44BE0690-5429-47f0-85BB-3FFD8020233E} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar2.dll
O4 - HKLM..Run: [MSConfig] C:WINDOWSPCHealthHelpCtrBinariesMSConfig.exe /auto
O4 - HKLM..Run: [iRiver Updater] C:Program FilesiRiveriRiver ManagerUpdaterUpdater.exe
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKCU..Run: [AIM] C:Program FilesAIMaim.exe -cnetwait.odl
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O8 - Extra context menu item: &AIM Search - res://C:Program FilesAIM ToolbarAIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Dictionary - http://www.ezreference.com/_/ie-com-sp.htm
O8 - Extra context menu item: &Encyclopedia - http://www.ezreference.com/_/ie-com-e-sp.htm
O8 - Extra context menu item: &Google Search - res://c:program filesgoogleGoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm86740US
O8 - Extra context menu item: Backward Links - res://c:program filesgoogleGoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:program filesgoogleGoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:program filesgoogleGoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:program filesgoogleGoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavaj2re1.4.2_05in
pjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavaj2re1.4.2_05in
pjpi142_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:Program FilesAIMaim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:program filespartypokerIEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:program filespartypokerIEExtension.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:Program FilesIrfanViewEbayEbay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:PROGRA~1AWSWEATHE~1Weather.exe (HKCU)
O10 - Broken Internet access because of LSP provider 'xfire_lsp_9717.dll' missing
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/default/R...bGameLoader.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:Program FilesiPodiniPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:WINDOWSsystem32LEXBCES.EXE
O23 - Service: NAV Alert - Symantec Corporation - C:PROGRA~1Navntalertsvc.exe
O23 - Service: NAV Auto-Protect - Symantec Corporation - C:PROGRA~1Navnt
avapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32
vsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%WinPcap
pcapd.exe" -d -f "%ProgramFiles%WinPcap
pcapd.ini (file missing)







Also it said my hardware has changed and i have to reactivate. This might of just been caused when i was moving my mouse around and going crazy and opening randow windows it might of reinstalled some hardware or some thing. I'm not sure but I think I got it by playing star craft lol but i don't know really. This virus seems new to me.

Edited by KoanYorel, 31 March 2005 - 01:04 PM.


BC AdBot (Login to Remove)

 


#2 fuzzybunny3

fuzzybunny3
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:06 PM

Posted 31 March 2005 - 01:58 PM

Help me get ride of this virus plese

#3 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:06 PM

Posted 01 April 2005 - 01:20 AM

Hi fuzzybunny3. This log file looks like it was damaged when it was moved over to this forum. Can you please post a new log file for me?

Thanks.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users