Hijackthis log! Lookin for help.

i_D_r · October 25, 2006

Ok, I got 5 virus's picked up by AVG, so I need to do some type of registry work. I pretty much just need winamp and aim and such, things like that.

Logfile of HijackThis v1.99.1

Scan saved at 7:42:23 PM, on 10/24/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss[Caution: ExecutableFile]

C:\WINDOWS\system32\winlogon[Caution: ExecutableFile]

C:\WINDOWS\system32\services[Caution: ExecutableFile]

C:\WINDOWS\system32\lsass[Caution: ExecutableFile]

C:\WINDOWS\system32\svchost[Caution: ExecutableFile]

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile]

C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload[Caution: ExecutableFile]

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr[Caution: ExecutableFile]

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc[Caution: ExecutableFile]

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

C:\WINDOWS\Explorer[Caution: ExecutableFile]

C:\WINDOWS\System32\ezSP_Px[Caution: ExecutableFile]

C:\Program Files\Java\jre1.5.0_08\bin\jusched[Caution: ExecutableFile]

C:\Program Files\SysMetrix\SysMetrix[Caution: ExecutableFile]

C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]

C:\WINDOWS\system32\ctfmon[Caution: ExecutableFile]

C:\WINDOWS\NCLAUNCH[Caution: ExecutableFile]

C:\Program Files\Spyware Doctor\swdoctor[Caution: ExecutableFile]

C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier[Caution: ExecutableFile]

C:\Program Files\AIM95\aim[Caution: ExecutableFile]

C:\PROGRA~1\MOZILL~1\FIREFOX[Caution: ExecutableFile]

C:\Documents and Settings\Owner\Desktop\runescape[Caution: ExecutableFile]

C:\Program Files\Internet Explorer\iexplore[Caution: ExecutableFile]

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\FM8F3T8X\HijackThis[1][Caution: Executable File]

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O3 - Toolbar: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px[Caution: ExecutableFile]

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched[Caution: ExecutableFile]"

O4 - HKLM\..\Run: [sysMetrix] C:\Program Files\SysMetrix\SysMetrix[Caution: ExecutableFile]

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]" -atboottime

O4 - HKCU\..\Run: [ctfmon[Caution: ExecutableFile]] C:\WINDOWS\system32\ctfmon[Caution: ExecutableFile]

O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH[Caution: ExecutableFile]

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim[Caution: ExecutableFile] -cnetwait.odl

O4 - HKCU\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor[Caution: ExecutableFile]" /Q

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier[Caution: ExecutableFile]

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker[Caution: ExecutableFile] (file missing)

O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker[Caution: ExecutableFile] (file missing)

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim[Caution: ExecutableFile]

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker[Caution: ExecutableFile] (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker[Caution: ExecutableFile] (file missing)

O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet[Caution: ExecutableFile] (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet[Caution: ExecutableFile] (file missing)

O9 - Extra button: Royal Vegas Poker - {FA4904B4-1FAF-4afd-886C-C19D2297BA62} - C:\Program Files\royalvegasMPP\MPPoker[Caution: ExecutableFile] (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]

O15 - Trusted IP range: 206.161.125.149

O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/eng/poker_2_0_0_37.cab

O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/24/i ... downls.cab

O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/DLhelper ... helper.cab

O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr[Caution: ExecutableFile]

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc[Caution: ExecutableFile]

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32[Caution: ExecutableFile]

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv[Caution: ExecutableFile]

O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr[Caution: ExecutableFile]" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)

O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd[Caution: ExecutableFile]" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)

O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework[Caution: ExecutableFile]

O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv[Caution: ExecutableFile]

O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd[Caution: ExecutableFile]" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)

O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework[Caution: ExecutableFile]

O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr[Caution: ExecutableFile]" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)

O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd[Caution: ExecutableFile]" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)

O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework[Caution: ExecutableFile]

coltm4carbine · October 26, 2006

Move HJT to your desktop

If you play partypoker or empire poker or royal vages then ignore the entries.

Fix these:

R3 - Default URLSearchHook is missing

O3 - Toolbar: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - (no file)

O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.e3e (CAUTION - executable file) (file missing)

O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.e3e (CAUTION - executable file) (file missing)

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.e3e (CAUTION - executable file) (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.e3e (CAUTION - executable file) (file missing)

O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.e3e (CAUTION - executable file) (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.e3e (CAUTION - executable file) (file missing)

O9 - Extra button: Royal Vegas Poker - {FA4904B4-1FAF-4afd-886C-C19D2297BA62} - C:\Program Files\royalvegasMPP\MPPoker.e3e (CAUTION - executable file) (file missing)

O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/eng/poker_2_0_0_37.cab

O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com.....helper.cab

O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -

Did you/the admin add this IP to your trusted zone? 206.161.125.149

Delete the following folders / files

C:\Program Files\royalvegasMPP

C:\Program Files\EmpirePoker

C:\Program Files\PartyPoker.net

Reboot.

Sign In

Hijackthis log! Lookin for help.

Recommended Posts

i_D_r

Link to comment

Share on other sites

coltm4carbine

Link to comment

Share on other sites

Create an account or sign in to comment

Create an account

Sign in

Browse

Activity

Important Information