superson Posted September 3, 2006 Share Posted September 3, 2006 Well I'm making this for a friend hwo doesn't play rs, but he seems to have gotten a virus. A good friend told me he should get "Hijack This" and post a log. He wrote out the log for me, he doesn't know which file the virus is. If i paste it here, maybe somebody could tell me which ones are viruses so he could get rid of them. Sorry if i sound stupid, I really am about tech stuff. Here it is: Logfile of HijackThis v1.99.1 Scan saved at 7:05:02 PM, on 9/3/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss[Caution: Executable File] C:\WINDOWS\system32\winlogon[Caution: Executable File] C:\WINDOWS\system32\services[Caution: Executable File] C:\WINDOWS\system32\lsass[Caution: Executable File] C:\WINDOWS\system32\Ati2evxx[Caution: Executable File] C:\WINDOWS\system32\svchost[Caution: Executable File] C:\WINDOWS\System32\svchost[Caution: Executable File] C:\WINDOWS\system32\spoolsv[Caution: Executable File] C:\PROGRA~1\EARTHL~1\PROTEC~1\ADSSER~1[Caution: Executable File] C:\Program Files\Common Files\Command Software\dvpapi[Caution: Executable File] C:\WINDOWS\eHome\ehRecvr[Caution: Executable File] C:\WINDOWS\eHome\ehSched[Caution: Executable File] C:\Program Files\Common Files\LightScribe\LSSrvc[Caution: Executable File] C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM[Caution: Executable File] C:\WINDOWS\system32\svchost[Caution: Executable File] C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService[Caution: Executable File] C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4[Caution: Executable File] C:\WINDOWS\system32\Ati2evxx[Caution: Executable File] C:\WINDOWS\Explorer[Caution: Executable File] C:\Program Files\X Password Manager\isamonitor[Caution: Executable File] C:\Program Files\X Password Manager\pmsngr[Caution: Executable File] C:\WINDOWS\ehome\ehtray[Caution: Executable File] C:\hp\drivers\hplsbwatcher\lsburnwatcher[Caution: Executable File] C:\Program Files\WildTangent\Apps\CDA\GameDrvr[Caution: Executable File] C:\Program Files\HP\HP Software Update\HPwuSchd2[Caution: Executable File] C:\Program Files\Common Files\AOL\1144544487\ee\AOLSoftware[Caution: Executable File] C:\Program Files\QuickTime\qttask[Caution: Executable File] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr[Caution: Executable File] C:\Program Files\Viewpoint\Viewpoint Toolbar V35\FotomatDeviceConnect[Caution: Executable File] C:\Program Files\EarthLink\Protection Control Center\elnk_pcc[Caution: Executable File] C:\WINDOWS\system32\ctfmon[Caution: Executable File] C:\Program Files\Messenger\msmsgs[Caution: Executable File] C:\Program Files\AIM\aim[Caution: Executable File] C:\Program Files\Plaxo\2.5.10.21\PlaxoHelper[Caution: Executable File] C:\Program Files\X Password Manager\pmmon[Caution: Executable File] C:\Program Files\X Password Manager\isamini[Caution: Executable File] C:\WINDOWS\system32\dllhost[Caution: Executable File] C:\WINDOWS\eHome\ehmsas[Caution: Executable File] C:\WINDOWS\System32\svchost[Caution: Executable File] C:\WINDOWS\system32\AuthFw[Caution: Executable File] C:\HP\KBD\KBD[Caution: Executable File] C:\WINDOWS\system32\wuauclt[Caution: Executable File] C:\WINDOWS\ALCXMNTR[Caution: Executable File] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx[Caution: Executable File] c:\windows\system\hpsysdrv[Caution: Executable File] C:\Program Files\Java\jre1.5.0\bin\jusched[Caution: Executable File] C:\Program Files\iTunes\iTunesHelper[Caution: Executable File] C:\Program Files\iPod\bin\iPodService[Caution: Executable File] C:\Program Files\Internet Explorer\IEXPLORE[Caution: Executable File] C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32[Caution: Executable File] C:\Program Files\Internet Explorer\iexplore[Caution: Executable File] C:\Program Files\EarthLink\Toolbar\SBUpdate[Caution: Executable File] C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\Temporary Directory 2 for hijackthis[1].zip\HijackThis[Caution: Executable File] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1 ... RqMMisOZI= R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll O2 - BHO: EarthLink BHO Guard - {00000000-0000-0000-0000-000000000002} - C:\Program Files\EarthLink\Toolbar\EScamBlk.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: EarthLink ScamBlocker V3 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink\Toolbar\EScamBlk.dll O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\X Password Manager\isaddon.dll O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink\Toolbar\ElnkPuB.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink\Toolbar\ProtctIE.dll O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBarBHO.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Starware - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - C:\Program Files\Starware\bin\Starware.dll O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink\Toolbar\uninsttb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Starware - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - C:\Program Files\Starware\bin\Starware.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Protection Bar - {860c2f6b-ca82-4282-9187-beccbb66f0af} - C:\Program Files\X Password Manager\iesplugin.dll O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink\Toolbar\Toolbar.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray[Caution: Executable File] O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp[Caution: Executable File]" /run O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher[Caution: Executable File] O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr[Caution: Executable File]" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: Executable File]" -osboot O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2[Caution: Executable File] O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1144544487\ee\AOLSoftware[Caution: Executable File] O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: Executable File]" -atboottime O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr[Caution: Executable File] O4 - HKLM\..\Run: [ViewpointPhotosDeviceConnect] C:\Program Files\Viewpoint\Viewpoint Toolbar V35\FotomatDeviceConnect[Caution: Executable File] O4 - HKLM\..\Run: [Earthlink Protection Control Center] C:\Program Files\EarthLink\Protection Control Center\elnk_pcc[Caution: Executable File] /minimize O4 - HKCU\..\Run: [ctfmon[Caution: Executable File]] C:\WINDOWS\system32\ctfmon[Caution: Executable File] O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs[Caution: Executable File]" /background O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim[Caution: Executable File] -cnetwait.odl O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch[Caution: Executable File]" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.5.10.21\PlaxoHelper[Caution: Executable File] -a O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL[Caution: Executable File]/3000 O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\EarthLink\Toolbar\SearchUI.dll/search.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim[Caution: Executable File] O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File] O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File] O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - C:\WINDOWS\system32\viruxz.dll O23 - Service: ADSService - CopyrightÃÆââ¬Å¡Ãâé Aluria Software, LLC - C:\PROGRA~1\EARTHL~1\PROTEC~1\ADSSER~1[Caution: Executable File] O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx[Caution: Executable File] O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi[Caution: Executable File] O23 - Service: EarthLink Firewall Process Path Service (ElnkFWPPService) - Aluria Software, LLC. - C:\PROGRA~1\EARTHL~1\PROTEC~1\EFWPPS~1[Caution: Executable File] O23 - Service: EarthLink Protection Control Center Service (ELNKService) - Aluria Software, LLC. - C:\Program Files\EarthLink\Protection Control Center\ELNKServ[Caution: Executable File] O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT[Caution: Executable File] O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService[Caution: Executable File] O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc[Caution: Executable File] O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService[Caution: Executable File]" "WMP54Gv4[Caution: Executable File] (file missing) Which ones of these are viruses? In Soviet Russia, glass eats OTers. Alansson Alansson, woo woo woo! Pink owns yes, just like you!GOOOOOOOOOO ALAN! WOO! Link to comment Share on other sites More sharing options...
LP Posted September 3, 2006 Share Posted September 3, 2006 Get "AVG Free" its a free virus scanner... Google it, download.. and use it. Link to comment Share on other sites More sharing options...
superson Posted September 4, 2006 Author Share Posted September 4, 2006 I was thinking maybe somone could just identify the virus..? In Soviet Russia, glass eats OTers. Alansson Alansson, woo woo woo! Pink owns yes, just like you!GOOOOOOOOOO ALAN! WOO! Link to comment Share on other sites More sharing options...
Dragon_Scyth Posted September 4, 2006 Share Posted September 4, 2006 From what i can see theres multiple viruses in there... "Boredom got me playing, Boredom stops me from playing. It's a vicious cycle." Link to comment Share on other sites More sharing options...
DukeKenyon Posted September 4, 2006 Share Posted September 4, 2006 I would be impossible to identify a virus from the list you are providing. Download AVG, install it and keep it updated. If you value your computer you need to have an anti-virus program installed on it plain and simple I reject your reality and substite it with my own Link to comment Share on other sites More sharing options...
Gordo525 Posted September 5, 2006 Share Posted September 5, 2006 Man, you have a stupid amount of virus'.Your keyboard must be very sticky.What you should do is stop going to naughty sites and download some healthy virus scanners.Ad-Aware is great, and use Windows Defender as well.Every now and then use a virus scanner that scans ALL of your hard drive.I have one but I'm not sure of whats its called.It lags my computer harsh, buts its like CIllit Bang, and gets rid of everything. I know exactly what you mean, its just ruining the whole game for everybody, this is the worst update since noobs. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now