PDA

View Full Version : Command Service



Dansully
2006-06-24, 00:50
For the love of all that is good and holy, I have found threads about this, with a HJT log, but the culprits listed there weren't in my Log. I've been workin on this for HOURS AND HOURS AND HOURS. Someone please tell me what I'm Missing. :( :banghead:


Logfile of HijackThis v1.99.1
Scan saved at 5:42:18 PM, on 6/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\apvnhn.exe
C:\Documents and Settings\Ryan\chatlnk.exe
C:\DOCUME~1\Ryan\LOCALS~1\Temp\~CL1.tmp\g2a_customerchat2w.exe
C:\WINDOWS\system32\qymsh.exe
C:\WINDOWS\system32\qymsh.exe
C:\WINDOWS\system32\qymsh.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Ryan\Desktop\HijackThis.exe

R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\qymsh.exe
F2 - REG:system.ini: UserInit=userinit.exe,bttvrsc.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\W

Dansully
2006-06-24, 00:56
:( I can't figure this one out. I've been through a ton of your threads that have info on this but the same info isnt listed in my HJT log. Im at a complete loss and have been at it for HOURS AND HOURS AND HOURS :banghead: :banghead: :banghead:
Someone please help! See attachment as the whole log couldnt be copied!

Logfile of HijackThis v1.99.1
Scan saved at 5:42:18 PM, on 6/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\apvnhn.exe
C:\Documents and Settings\Ryan\chatlnk.exe
C:\DOCUME~1\Ryan\LOCALS~1\Temp\~CL1.tmp\g2a_customerchat2w.exe
C:\WINDOWS\system32\qymsh.exe
C:\WINDOWS\system32\qymsh.exe
C:\WINDOWS\system32\qymsh.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Ryan\Desktop\HijackThis.exe

R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\qymsh.exe
F2 - REG:system.ini: UserInit=userinit.exe,bttvrsc.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [WordPerfect Office 1215] C:\Program Files\WordPerfect Office 12\Programs\Registration.exe /title="WordPerfect Office 12" /date=070206 serial=WA12WRX-0000002-HMD lang=EN
O4 - HKLM\..\Run: [{6E-E9-91-1A-ZN}] C:\windows\system32\prdsregq.exe GID003
O4 - HKLM\..\Run: [ftexc] C:\WINDOWS\system32\mptft.exe
O4 - HKLM\..\Run: [Hhl7RfpJ] "C:\WINDOWS\system32\ssn6tuu.exe"
O4 - HKLM\..\Run: [ygafgl] C:\WINDOWS\system32\apvnhn.exe reg_run
O4 - HKLM\..\Run: [wa1797e7.dll] RUNDLL32.EXE wa1797e7.dll,I2 0012eca70a1797e7
O4 - HKLM\..\Run: [pmcsibaA] C:\WINDOWS\pmcsibaA.exe
O4 - HKLM\..\Run: [w0016c13.dll] RUNDLL32.EXE w0016c13.dll,I2 0012eca700016c13
O4 - HKLM\..\Run: [w089b665.dll] RUNDLL32.EXE w089b665.dll,I2 0012eca70089b665
O4 - HKLM\..\Run: [w0390143.dll] RUNDLL32.EXE w0390143.dll,I2 0012eca700390143
O4 - HKLM\..\Run: [win320886-6035268] C:\WINDOWS\win320886-6035268.exe
O4 - HKLM\..\Run: [w0014570.dll] RUNDLL32.EXE w0014570.dll,I2 0012eca700014570
O4 - HKLM\..\Run: [ms066886-60352] C:\WINDOWS\ms066886-60352.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [vdhhi] C:\WINDOWS\system32\apvnhn.exe reg_run
O4 - HKCU\..\Run: [Dfp] C:\DOCUME~1\LOCALS~1\APPLIC~1\STEM~1\VCHOST~1.EXE
O4 - HKCU\..\Run: [Aida] "C:\DOCUME~1\Ryan\APPLIC~1\YMANTE~1\wuauboot.exe" -vt ndrv
O4 - HKCU\..\Run: [Efua] C:\DOCUME~1\LOCALS~1\APPLIC~1\STEM~1\VCHOST~1.EXE
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: swhon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/haphazard/raptisoftgameloader.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137282040625
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/heavyweapon/sis/popcaploader_v6.cab
O20 - AppInit_DLLs: msconfig.dll C:\WINDOWS\system32\msconfig.dll
O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\gpjsl3171.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Microsoft Performance WMI Adapter AddOn (WMIPervAddOn) - Unknown owner - C:\WINDOWS\wmiapsv.exe

LonnyRJones
2006-06-26, 14:28
Welcome to the forum

Pick all that up using filesharring programs ?

Start Hijackthis and place a check next to these items If there.
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\qymsh.exe
F2 - REG:system.ini: UserInit=userinit.exe,bttvrsc.exe
O4 - HKLM\..\Run: [{6E-E9-91-1A-ZN}] C:\windows\system32\prdsregq.exe GID003
O4 - HKLM\..\Run: [ftexc] C:\WINDOWS\system32\mptft.exe
O4 - HKLM\..\Run: [Hhl7RfpJ] "C:\WINDOWS\system32\ssn6tuu.exe"
O4 - HKLM\..\Run: [ygafgl] C:\WINDOWS\system32\apvnhn.exe reg_run
O4 - HKLM\..\Run: [wa1797e7.dll] RUNDLL32.EXE wa1797e7.dll,I2 0012eca70a1797e7
O4 - HKLM\..\Run: [pmcsibaA] C:\WINDOWS\pmcsibaA.exe
O4 - HKLM\..\Run: [w0016c13.dll] RUNDLL32.EXE w0016c13.dll,I2 0012eca700016c13
O4 - HKLM\..\Run: [w089b665.dll] RUNDLL32.EXE w089b665.dll,I2 0012eca70089b665
O4 - HKLM\..\Run: [w0390143.dll] RUNDLL32.EXE w0390143.dll,I2 0012eca700390143
O4 - HKLM\..\Run: [win320886-6035268] C:\WINDOWS\win320886-6035268.exe
O4 - HKLM\..\Run: [w0014570.dll] RUNDLL32.EXE w0014570.dll,I2 0012eca700014570
O4 - HKLM\..\Run: [ms066886-60352] C:\WINDOWS\ms066886-60352.exe
O4 - HKCU\..\Run: [vdhhi] C:\WINDOWS\system32\apvnhn.exe reg_run
O4 - HKCU\..\Run: [Dfp] C:\DOCUME~1\LOCALS~1\APPLIC~1\STEM~1\VCHOST~1.EXE
O4 - HKCU\..\Run: [Aida] "C:\DOCUME~1\Ryan\APPLIC~1\YMANTE~1\wuauboot.exe" -vt ndrv
O4 - HKCU\..\Run: [Efua] C:\DOCUME~1\LOCALS~1\APPLIC~1\STEM~1\VCHOST~1.EXE
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemediagroup.net/cabs/mediaview.cab

====================================
Hit fix checked
scan again place a check next to
O20 - AppInit_DLLs: msconfig.dll C:\WINDOWS\system32\msconfig.dll
Hit fix checked (dont worry about the hijackthis error) and close Hijackthis.

Download and run Look2Me-Destroyer: http://www.atribune.org/content/view/28/
A log will open after the pc is restarted, post it and another hijackthis log

tashi
2006-07-03, 23:53
How is it going Dansully.

tashi
2006-07-05, 03:00
This topic is closed.

If you need it re-opened please send me a pm and provide a link to the thread.
Applies only to the original topic starter.