Jump to content

Virus thingy problem?


superson

Recommended Posts

Well I'm making this for a friend hwo doesn't play rs, but he seems to have gotten a virus. A good friend told me he should get "Hijack This" and post a log. He wrote out the log for me, he doesn't know which file the virus is. If i paste it here, maybe somebody could tell me which ones are viruses so he could get rid of them. Sorry if i sound stupid, I really am about tech stuff.

 

Here it is:

 

 

 

Logfile of HijackThis v1.99.1

 

Scan saved at 7:05:02 PM, on 9/3/2006

 

Platform: Windows XP SP2 (WinNT 5.01.2600)

 

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

 

C:\WINDOWS\System32\smss[Caution: Executable File]

 

C:\WINDOWS\system32\winlogon[Caution: Executable File]

 

C:\WINDOWS\system32\services[Caution: Executable File]

 

C:\WINDOWS\system32\lsass[Caution: Executable File]

 

C:\WINDOWS\system32\Ati2evxx[Caution: Executable File]

 

C:\WINDOWS\system32\svchost[Caution: Executable File]

 

C:\WINDOWS\System32\svchost[Caution: Executable File]

 

C:\WINDOWS\system32\spoolsv[Caution: Executable File]

 

C:\PROGRA~1\EARTHL~1\PROTEC~1\ADSSER~1[Caution: Executable File]

 

C:\Program Files\Common Files\Command Software\dvpapi[Caution: Executable File]

 

C:\WINDOWS\eHome\ehRecvr[Caution: Executable File]

 

C:\WINDOWS\eHome\ehSched[Caution: Executable File]

 

C:\Program Files\Common Files\LightScribe\LSSrvc[Caution: Executable File]

 

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM[Caution: Executable File]

 

C:\WINDOWS\system32\svchost[Caution: Executable File]

 

C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService[Caution: Executable File]

 

C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4[Caution: Executable File]

 

C:\WINDOWS\system32\Ati2evxx[Caution: Executable File]

 

C:\WINDOWS\Explorer[Caution: Executable File]

 

C:\Program Files\X Password Manager\isamonitor[Caution: Executable File]

 

C:\Program Files\X Password Manager\pmsngr[Caution: Executable File]

 

C:\WINDOWS\ehome\ehtray[Caution: Executable File]

 

C:\hp\drivers\hplsbwatcher\lsburnwatcher[Caution: Executable File]

 

C:\Program Files\WildTangent\Apps\CDA\GameDrvr[Caution: Executable File]

 

C:\Program Files\HP\HP Software Update\HPwuSchd2[Caution: Executable File]

 

C:\Program Files\Common Files\AOL\1144544487\ee\AOLSoftware[Caution: Executable File]

 

C:\Program Files\QuickTime\qttask[Caution: Executable File]

 

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr[Caution: Executable File]

 

C:\Program Files\Viewpoint\Viewpoint Toolbar V35\FotomatDeviceConnect[Caution: Executable File]

 

C:\Program Files\EarthLink\Protection Control Center\elnk_pcc[Caution: Executable File]

 

C:\WINDOWS\system32\ctfmon[Caution: Executable File]

 

C:\Program Files\Messenger\msmsgs[Caution: Executable File]

 

C:\Program Files\AIM\aim[Caution: Executable File]

 

C:\Program Files\Plaxo\2.5.10.21\PlaxoHelper[Caution: Executable File]

 

C:\Program Files\X Password Manager\pmmon[Caution: Executable File]

 

C:\Program Files\X Password Manager\isamini[Caution: Executable File]

 

C:\WINDOWS\system32\dllhost[Caution: Executable File]

 

C:\WINDOWS\eHome\ehmsas[Caution: Executable File]

 

C:\WINDOWS\System32\svchost[Caution: Executable File]

 

C:\WINDOWS\system32\AuthFw[Caution: Executable File]

 

C:\HP\KBD\KBD[Caution: Executable File]

 

C:\WINDOWS\system32\wuauclt[Caution: Executable File]

 

C:\WINDOWS\ALCXMNTR[Caution: Executable File]

 

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx[Caution: Executable File]

 

c:\windows\system\hpsysdrv[Caution: Executable File]

 

C:\Program Files\Java\jre1.5.0\bin\jusched[Caution: Executable File]

 

C:\Program Files\iTunes\iTunesHelper[Caution: Executable File]

 

C:\Program Files\iPod\bin\iPodService[Caution: Executable File]

 

C:\Program Files\Internet Explorer\IEXPLORE[Caution: Executable File]

 

C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32[Caution: Executable File]

 

C:\Program Files\Internet Explorer\iexplore[Caution: Executable File]

 

C:\Program Files\EarthLink\Toolbar\SBUpdate[Caution: Executable File]

 

C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\Temporary Directory 2 for hijackthis[1].zip\HijackThis[Caution: Executable File]

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com/

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1 ... RqMMisOZI=

 

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll

 

O2 - BHO: EarthLink BHO Guard - {00000000-0000-0000-0000-000000000002} - C:\Program Files\EarthLink\Toolbar\EScamBlk.dll

 

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

 

O2 - BHO: EarthLink ScamBlocker V3 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink\Toolbar\EScamBlk.dll

 

O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\X Password Manager\isaddon.dll

 

O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink\Toolbar\ElnkPuB.dll

 

O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll

 

O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink\Toolbar\ProtctIE.dll

 

O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBarBHO.dll

 

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

 

O2 - BHO: Starware - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - C:\Program Files\Starware\bin\Starware.dll

 

O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink\Toolbar\uninsttb.dll

 

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

 

O3 - Toolbar: Starware - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - C:\Program Files\Starware\bin\Starware.dll

 

O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll

 

O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll

 

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

 

O3 - Toolbar: Protection Bar - {860c2f6b-ca82-4282-9187-beccbb66f0af} - C:\Program Files\X Password Manager\iesplugin.dll

 

O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink\Toolbar\Toolbar.dll

 

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray[Caution: Executable File]

 

O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp[Caution: Executable File]" /run

 

O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher[Caution: Executable File]

 

O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr[Caution: Executable File]" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"

 

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: Executable File]" -osboot

 

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2[Caution: Executable File]

 

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1144544487\ee\AOLSoftware[Caution: Executable File]

 

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: Executable File]" -atboottime

 

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr[Caution: Executable File]

 

O4 - HKLM\..\Run: [ViewpointPhotosDeviceConnect] C:\Program Files\Viewpoint\Viewpoint Toolbar V35\FotomatDeviceConnect[Caution: Executable File]

 

O4 - HKLM\..\Run: [Earthlink Protection Control Center] C:\Program Files\EarthLink\Protection Control Center\elnk_pcc[Caution: Executable File] /minimize

 

O4 - HKCU\..\Run: [ctfmon[Caution: Executable File]] C:\WINDOWS\system32\ctfmon[Caution: Executable File]

 

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs[Caution: Executable File]" /background

 

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim[Caution: Executable File] -cnetwait.odl

 

O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch[Caution: Executable File]" /d locale=en-US ee://aol/imApp

 

O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.5.10.21\PlaxoHelper[Caution: Executable File] -a

 

O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html

 

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

 

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

 

O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML

 

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

 

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

 

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL[Caution: Executable File]/3000

 

O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\EarthLink\Toolbar\SearchUI.dll/search.html

 

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

 

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

 

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

 

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

 

O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll

 

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL

 

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim[Caution: Executable File]

 

O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

 

O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

 

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File]

 

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File]

 

O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - C:\WINDOWS\system32\viruxz.dll

 

O23 - Service: ADSService - CopyrightÃÆââ¬Å¡Ãâé Aluria Software, LLC - C:\PROGRA~1\EARTHL~1\PROTEC~1\ADSSER~1[Caution: Executable File]

 

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx[Caution: Executable File]

 

O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi[Caution: Executable File]

 

O23 - Service: EarthLink Firewall Process Path Service (ElnkFWPPService) - Aluria Software, LLC. - C:\PROGRA~1\EARTHL~1\PROTEC~1\EFWPPS~1[Caution: Executable File]

 

O23 - Service: EarthLink Protection Control Center Service (ELNKService) - Aluria Software, LLC. - C:\Program Files\EarthLink\Protection Control Center\ELNKServ[Caution: Executable File]

 

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT[Caution: Executable File]

 

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService[Caution: Executable File]

 

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc[Caution: Executable File]

 

O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService[Caution: Executable File]" "WMP54Gv4[Caution: Executable File] (file missing)

 

 

 

 

 

 

 

 

 

 

 

Which ones of these are viruses?

In Soviet Russia, glass eats OTers.

 

Alansson Alansson, woo woo woo!

Pink owns yes, just like you!

GOOOOOOOOOO ALAN! WOO!

Link to comment
Share on other sites

I would be impossible to identify a virus from the list you are providing. Download AVG, install it and keep it updated. If you value your computer you need to have an anti-virus program installed on it plain and simple

I reject your reality and substite it with my own

Link to comment
Share on other sites

Man, you have a stupid amount of virus'.Your keyboard must be very sticky.What you should do is stop going to naughty sites and download some healthy virus scanners.Ad-Aware is great, and use Windows Defender as well.Every now and then use a virus scanner that scans ALL of your hard drive.I have one but I'm not sure of whats its called.It lags my computer harsh, buts its like CIllit Bang, and gets rid of everything.

dragonmvoidk,gordo%20da%20sly.gif

I know exactly what you mean, its just ruining the whole game for everybody, this is the worst update since noobs.
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.