Go Back   Computer Forums > General Computing > Hardware
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 04-18-2009, 11:38 AM   #1
BSOD
 
Archangel112's Avatar
 
Join Date: Oct 2006
Posts: 201
Angry Viruses, possible hacker?

Dont know whats been downloaded onto this computer, but theres gotta be viruses on here. In msconfig I saw something suspicious called japypun.exe, disabled that. Also when trying to open certain programs I get an error saying something like, "There is no disk in the drive. Please insert a disk into drive \device\harddisk5\dr8." Never seen this before. Also when I try to do things that involve registry editing, I get an error message saying "Registry editing has been disabled by your administrator" I am the administrator and there are no other users, also I cant get into Safe Mode. Heres a hijackthis log:


Logfile of HijackThis v1.99.1
Scan saved at 16:31:19, on 18/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Documents and Settings\doobie\Local Settings\Application Data\Google\Update\GoogleUpdateBeta.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.systemrequirementslab.com...reqlab_srl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: c:\progra~1\ThunMail\testabd.dll
O20 - Winlogon Notify: nnnkIyWm - nnnkIyWm.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (GoogleUpdateBeta) - Google Corporation - C:\Documents and Settings\doobie\Local Settings\Application Data\Google\Update\GoogleUpdateBeta.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Thanks everyone
__________________

Archangel112 is offline   Reply With Quote
Old 04-18-2009, 11:56 AM   #2
Omnipotent One
 
Atomic Rooster's Avatar
 
Join Date: Apr 2006
Location: USA
Posts: 11,161
Send a message via AIM to Atomic Rooster Send a message via Yahoo to Atomic Rooster
Default Re: Viruses, possible hacker?

You might want to have a look at these entries:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.systemrequirementslab.com...reqlab_srl.cab

O20 - AppInit_DLLs: c:\progra~1\ThunMail\testabd.dll

O20 - Winlogon Notify: nnnkIyWm - nnnkIyWm.dll (file missing)

A really good program to use to clear up any viruses or malware is Malwarebytes' Anti-Malware. It's free to use and does a great job at catching the nasties.

Another good program to clean up your registry and other parts of your system would be CCleaner.
__________________

Atomic Rooster is offline   Reply With Quote
Old 04-18-2009, 12:27 PM   #3
BSOD
 
Archangel112's Avatar
 
Join Date: Oct 2006
Posts: 201
Default Re: Viruses, possible hacker?

Cheers mate, I'll give them a go.
Archangel112 is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 04:56 PM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0