Jump to content

I defiently have a Virus(s) - HJT log

Earpy

By Earpy
in Tech and Computers

 Share

Recommended Posts

Earpy

Earpy

Posted
Posted

Hello everyone,

 

 

 

 

 

 

 

I am having a few...Well ok, many problems with my pc's performance right now. I cannot access any of my folders. Nothing. When I try, it comes up with the "Windows Explorer has encounterd an error and needs to close" message. This happens everytime and it is really getting on my nerves <.< . I have done several virus scans with several different scanners and have removed all infections found. If somebody could take a look at this log and give me some feedback to what I should do then it will be really apperciated. Thank you, and I hope somebody out there can help me :-# .

 

 

 

 

 

 

 

____________________________________________________________

 

 

 

 

 

 

 

Logfile of HijackThis v1.99.1

 

 

 

Scan saved at 19:03:50, on 13/11/2006

 

 

 

Platform: Windows XP SP2 (WinNT 5.01.2600)

 

 

 

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

 

 

 

 

 

 

 

Running processes:

 

 

 

C:\WINDOWS\System32\smss[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\winlogon[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\services[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\lsass[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\Ati2evxx[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Symantec Shared\ccSvcHst[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\Ati2evxx[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\Explorer[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\acs[Caution: ExecutableFile]

 

 

 

C:\Program Files\xampp\apache\bin\apache[Caution: ExecutableFile]

 

 

 

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc[Caution: ExecutableFile]

 

 

 

C:\PROGRA~1\Grisoft\AVG7\avgamsvr[Caution: ExecutableFile]

 

 

 

C:\PROGRA~1\Grisoft\AVG7\avgupsvc[Caution: ExecutableFile]

 

 

 

C:\PROGRA~1\Grisoft\AVG7\avgemc[Caution: ExecutableFile]

 

 

 

C:\Program Files\xampp\mysql\bin\mysqld-nt[Caution: ExecutableFile]

 

 

 

C:\Program Files\xampp\apache\bin\apache[Caution: ExecutableFile]

 

 

 

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx[Caution: ExecutableFile]

 

 

 

C:\Program Files\Synaptics\SynTP\SynTPEnh[Caution: ExecutableFile]

 

 

 

C:\Program Files\Toshiba\Windows Utilities\Hotkey[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\TPSMain[Caution: ExecutableFile]

 

 

 

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView[Caution: ExecutableFile]

 

 

 

C:\Program Files\TOSHIBA\Touch and Launch\PadExe[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\DLA\DLACTRLW[Caution: ExecutableFile]

 

 

 

C:\Program Files\Java\jre1.5.0_08\bin\jusched[Caution: ExecutableFile]

 

 

 

C:\Program Files\Synaptics\SynTP\Toshiba[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: ExecutableFile]

 

 

 

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\TPSBattM[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\ctfmon[Caution: ExecutableFile]

 

 

 

C:\Program Files\xampp\mysql\bin\winmysqladmin[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\wuauclt[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\svchost[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc[Caution: ExecutableFile]

 

 

 

C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile]

 

 

 

C:\Program Files\Internet Explorer\iexplore[Caution: ExecutableFile]

 

 

 

C:\Documents and Settings\Daniel\Desktop\HijackThis[Caution: ExecutableFile]

 

 

 

 

 

 

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://z11.invisionfree.com/Corrupted_Forces

 

 

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

 

 

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

 

 

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

 

 

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

 

 

 

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=wKX1 ... l6YhBtKU8=

 

 

 

R3 - URLSearchHook: (no name) - - (no file)

 

 

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

 

 

 

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

 

 

 

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll

 

 

 

O3 - Toolbar: Tip It - {38D2A281-0444-433C-9ED6-A2851795F32A} - C:\Program Files\Text-Reader programs\My Toolbar\TRReaderBar_.dll

 

 

 

O3 - Toolbar: Elite Order Toolbar - {708f97c9-5c2e-4bc2-97c2-42835aa9a8a5} - C:\Program Files\Elite_Order\tbElit.dll

 

 

 

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx[Caution: ExecutableFile]"

 

 

 

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey[Caution: ExecutableFile]" /lang en

 

 

 

O4 - HKLM\..\Run: [TPSMain] TPSMain[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon[Caution: ExecutableFile]" -lang 1033

 

 

 

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_08\bin\jusched[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio[Caution: ExecutableFile]" /RANDOM

 

 

 

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]" -atboottime

 

 

 

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: ExecutableFile]"

 

 

 

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck[Caution: ExecutableFile]"

 

 

 

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc[Caution: ExecutableFile] /STARTUP

 

 

 

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd[Caution: ExecutableFile]

 

 

 

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr[Caution: ExecutableFile]" /background

 

 

 

O4 - HKCU\..\Run: [ctfmon[Caution: ExecutableFile]] C:\WINDOWS\system32\ctfmon[Caution: ExecutableFile]

 

 

 

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor[Caution: ExecutableFile]"

 

 

 

O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent[Caution: ExecutableFile]" --force_start_minimized

 

 

 

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier[Caution: ExecutableFile]

 

 

 

O4 - HKCU\..\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP[Caution: ExecutableFile] -Hide

 

 

 

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader[Caution: ExecutableFile]

 

 

 

O4 - Startup: WampServer.lnk = C:\wamp\wampserver[Caution: ExecutableFile]

 

 

 

O4 - Startup: WinMySQLadmin.lnk = C:\Program Files\xampp\mysql\bin\winmysqladmin[Caution: ExecutableFile]

 

 

 

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL[Caution: ExecutableFile]/3000

 

 

 

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll

 

 

 

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll

 

 

 

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

 

 

 

O9 - Extra button: Tip it - {9BE4715D-8249-4f24-9ED6-3F3543A5A221} - C:\Program Files\Text-Reader programs\My Toolbar\TRReaderBar_.dll

 

 

 

O9 - Extra 'Tools' menuitem: Tip It - {9BE4715D-8249-4f24-9ED6-3F3543A5A221} - C:\Program Files\Text-Reader programs\My Toolbar\TRReaderBar_.dll

 

 

 

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]

 

 

 

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]

 

 

 

O11 - Options group: [iNTERNATIONAL] International*

 

 

 

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

 

 

 

O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file:///D:/SuperCD/IntraLaunch.CAB

 

 

 

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

 

 

 

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

 

 

 

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

 

 

 

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL

 

 

 

O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll

 

 

 

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

 

 

 

O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs[Caution: ExecutableFile]

 

 

 

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc[Caution: ExecutableFile]

 

 

 

O23 - Service: Apache2 - Unknown owner - C:\Program Files\xampp\apache\bin\apache[Caution: ExecutableFile]" -k runservice (file missing)

 

 

 

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx[Caution: ExecutableFile]

 

 

 

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc[Caution: ExecutableFile]

 

 

 

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr[Caution: ExecutableFile]

 

 

 

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc[Caution: ExecutableFile]

 

 

 

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc[Caution: ExecutableFile]

 

 

 

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst[Caution: ExecutableFile]" /h ccCommon (file missing)

 

 

 

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst[Caution: ExecutableFile]" /h ccCommon (file missing)

 

 

 

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst[Caution: ExecutableFile]" /h ccCommon (file missing)

 

 

 

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT[Caution: ExecutableFile]

 

 

 

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc[Caution: ExecutableFile]

 

 

 

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1[Caution: ExecutableFile]

 

 

 

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing[Caution: ExecutableFile]

 

 

 

O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr[Caution: ExecutableFile]" -sSQLEXPRESS (file missing)

 

 

 

O23 - Service: mysql - Unknown owner - C:\Program Files\xampp\mysql\bin\mysqld-nt[Caution: ExecutableFile]" "--defaults-file=C:\Program Files\xampp\mysql\bin\my.cnf" mysql (file missing)

 

 

 

O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService[Caution: ExecutableFile]

 

 

 

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc[Caution: ExecutableFile]

 

 

 

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32[Caution: ExecutableFile]

 

 

 

O23 - Service: wampapache - Unknown owner - c:\wamp\apache2\bin\Apache[Caution: ExecutableFile]" -k runservice (file missing)

 

 

 

O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt[Caution: ExecutableFile]

Link to comment
Share on other sites
Mementh

Mementh

Posted
Posted

check these to see if they are bad

 

 

 

C:\Program Files\Synaptics\SynTP\Toshiba[Caution: ExecutableFile] Check with an antivirus scanner

 

 

 

C:\Program Files\Common Files\Symantec Shared\ccSvcHst[Caution: ExecutableFile] Check with an antivirus scanner

 

 

 

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32[Caution: ExecutableFile] Check with an antivirus scanner

 

 

 

C:\WINDOWS\System32\DLA\DLACTRLW[Caution: ExecutableFile] Check with an antivirus scanner

 

 

 

R3 - URLSearchHook: (no name) - - (no file)

 

 

 

O3 - Toolbar: Elite Order Toolbar - {708f97c9-5c2e-4bc2-97c2-42835aa9a8a5} - C:\Program Files\Elite_Order\tbElit.dll

 

 

 

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck[Caution: ExecutableFile]"

 

 

 

 

 

 

 

O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent[Caution: ExecutableFile]" --force_start_minimized

 

 

 

O4 - Startup: WampServer.lnk = C:\wamp\wampserver[Caution: ExecutableFile]

 

 

 

O9 - Extra button: Tip it - {9BE4715D-8249-4f24-9ED6-3F3543A5A221} - C:\Program Files\Text-Reader programs\My Toolbar\TRReaderBar_.dll

 

 

 

O9 - Extra 'Tools' menuitem: Tip It - {9BE4715D-8249-4f24-9ED6-3F3543A5A221} - C:\Program Files\Text-Reader programs\My Toolbar\TRReaderBar_.dll

 

 

 

O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file:///D:/SuperCD/IntraLaunch.CAB

 

 

 

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst[Caution: ExecutableFile]" /h ccCommon (file missing)

 

 

 

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst[Caution: ExecutableFile]" /h ccCommon (file missing)

 

 

 

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst[Caution: ExecutableFile]" /h ccCommon (file missing)

 

 

 

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc[Caution: ExecutableFile]

 

 

 

O23 - Service: mysql - Unknown owner - C:\Program Files\xampp\mysql\bin\mysqld-nt[Caution: ExecutableFile]" "--defaults-file=C:\Program Files\xampp\mysql\bin\my.cnf" mysql (file missing)

 

 

 

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32[Caution: ExecutableFile]

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll

 

 

 

(spoke with stardock this is part of winblinds)

 

 

 

 

 

 

 

 

 

 

 

you seem to have something or alot of misconfigured junk :(

 

 

 

 

 

 

 

check those out and scan.. :)

mementh.jpeg

The following statement is true. The previous statement is false. 60% of all statistics are made up 90% of the time

andrew i love you & want you to have my babys!!! <3:

Finally, I get to save the Earth with deadly lasers instead of deadly slide shows!

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept