Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log Please Help


  • This topic is locked This topic is locked
2 replies to this topic

#1 hatetank

hatetank

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 14 April 2008 - 01:26 PM

I am trying to fix a laptop (Toshiba) for a friend of my sister. I have never seen a com. so infected, but I'm sure there are. Anyway I have scanned multiple times with spy-bot s&d, cleaned with ccleaner, installed spywareblaster, uninstalled Mcafee, installed AVG, installed Comodo firewall pro, tried smitfraudfix, disabled system restore, also ran all scans in and out of safemode. Now the internet does not work, can't change desktop background, and the com. runs very slow with annoying ballon tips for spyware and virus scanning.

Here is the Hijackthis log

Thanks in advance,

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:20:20 PM, on 4/14/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal



Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32spoolsv.exe

C:WINDOWSExplorer.EXE

C:PROGRA~1GrisoftAVG7avgamsvr.exe

C:WINDOWSolovktep.exe

C:PROGRA~1GrisoftAVG7avgupsvc.exe

C:Program FilesTOSHIBATOSHIBA Direct Disc Writerddwmon.exe

C:PROGRA~1GrisoftAVG7avgemc.exe

C:WINDOWSRTHDCPL.EXE

C:WINDOWSsystem32igfxtray.exe

C:WINDOWSsystem32hkcmd.exe

C:WINDOWSsystem32igfxpers.exe

C:Program FilesCOMODOFirewallcmdagent.exe

C:WINDOWSehomeehtray.exe

C:Program FilesSynapticsSynTPSynTPEnh.exe

C:WINDOWSsystem32TPSMain.exe

C:WINDOWSsystem32DVDRAMSV.exe

C:Program FilesTOSHIBATOSHIBA ControlsTFncKy.exe

C:WINDOWSeHomeehRecvr.exe

C:Program FilesToshibaTvsTvsTray.exe

C:toshibaivpismpinger.exe

C:PROGRA~1GrisoftAVG7avgcc.exe

C:Program FilesSynapticsSynTPSynToshiba.exe

C:WINDOWSeHomeehSched.exe

C:Program FilesCOMODOFirewallcfp.exe

C:Program FilesTOSHIBATOSCDSPDtoscdspd.exe

c:TOSHIBAIVPswupdateswupdtmr.exe

C:Program FilesTOSHIBATOSHIBA AppletTAPPSRV.exe

C:WINDOWSsystem32TPSBattM.exe

C:WINDOWSsystem32TODDSrv.exe

C:WINDOWSeHomeehmsas.exe

C:WINDOWSsystem32dllhost.exe

C:WINDOWSsystem32igfxsrvc.exe

C:Program FilesTrend MicroHijackThisHijackThis.exe



R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

F2 - REG:system.ini: UserInit=C:WINDOWSsystem32userinit.exe,C:WINDOWSsystem32wmsdkns.exe,

O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll

O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)

O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)

O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)

O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)

O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)

O2 - BHO: (no name) - {5D917F82-BB68-400F-AFE3-F70D0DD9507D} - (no file)

O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)

O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)

O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)

O2 - BHO: BatBHO - {63F7460B-C831-4142-A4AA-5EC303EC4343} - C:Program FilesBatBat.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.5.0_06binssv.dll

O2 - BHO: StFlex IE Helper - {8334A30C-49E5-489a-B63D-5B927C1EF46E} - C:Program FilesQdrDriveQdrDrive15.dll

O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)

O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)

O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)

O2 - BHO: (no name) - {A8EEB996-62AA-4E48-995D-EADDCAC47476} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier2.0.1121.2472swg.dll

O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)

O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)

O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar3.dll

O4 - HKLM..Run: [DDWMon] C:Program FilesTOSHIBATOSHIBA Direct Disc Writerddwmon.exe

O4 - HKLM..Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM..Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM..Run: [igfxtray] C:WINDOWSsystem32igfxtray.exe

O4 - HKLM..Run: [igfxhkcmd] C:WINDOWSsystem32hkcmd.exe

O4 - HKLM..Run: [igfxpers] C:WINDOWSsystem32igfxpers.exe

O4 - HKLM..Run: [ehTray] C:WINDOWSehomeehtray.exe

O4 - HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe

O4 - HKLM..Run: [TPSMain] TPSMain.exe

O4 - HKLM..Run: [TFncKy] TFncKy.exe

O4 - HKLM..Run: [Tvs] C:Program FilesToshibaTvsTvsTray.exe

O4 - HKLM..Run: [Pinger] c:toshibaivpismpinger.exe /run

O4 - HKLM..Run: [AVG7_CC] C:PROGRA~1GrisoftAVG7avgcc.exe /STARTUP

O4 - HKLM..Run: [COMODO Firewall Pro] "C:Program FilesCOMODOFirewallcfp.exe" -h

O4 - HKCU..Run: [TOSCDSPD] C:Program FilesTOSHIBATOSCDSPDtoscdspd.exe

O4 - HKLM..PoliciesExplorerRun: [w1ZfsttakW] C:WINDOWSolovktep.exe

O4 - HKUSS-1-5-19..Run: [AVG7_Run] C:PROGRA~1GrisoftAVG7avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUSS-1-5-20..Run: [AVG7_Run] C:PROGRA~1GrisoftAVG7avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUSS-1-5-18..Run: [AVG7_Run] C:PROGRA~1GrisoftAVG7avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS.DEFAULT..Run: [AVG7_Run] C:PROGRA~1GrisoftAVG7avgw.exe /RUNONCE (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06binssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06binssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSsystem32Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart

O20 - AppInit_DLLs: C:PROGRA~1GoogleGOOGLE~1GOEC62~1.DLL C:WINDOWSsystem32guard32.dll

O20 - Winlogon Notify: fccDVpNG - fccDVpNG.dll (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVG7avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVG7avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVG7avgemc.exe

O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:Program FilesCOMODOFirewallcmdagent.exe

O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:WINDOWSsystem32DVDRAMSV.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:Program FilesiPodbiniPodService.exe

O23 - Service: Swupdtmr - Unknown owner - c:TOSHIBAIVPswupdateswupdtmr.exe

O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:Program FilesTOSHIBATOSHIBA AppletTAPPSRV.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:WINDOWSsystem32TODDSrv.exe



--

End of file - 8139 bytes
----------
----------
More scans attached

Attached File  extra.txt   18.24KB   39 downloads
Attached File  main.txt   25.08KB   38 downloads

Merged posts. ~ OB

Edited by Orange Blossom, 14 April 2008 - 03:05 PM.


BC AdBot (Login to Remove)

 


#2 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 25 April 2008 - 01:34 AM

Hello hatetank :thumbsup: ,

I apologise for the delay. If you still need help, please post back a new HijackThis log after reading my instructions below.
----------------------------------------------
Your HijackThis log, is messed up. This is caused by having Word Wrap checked.
So before posting a new Hijackthis Log:

1. Click Start > All Programs > Accessories > Notepad
2. On the menu bar in Notepad select Format and click on WordWrap so it appears un-checked.
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.

#3 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 30 April 2008 - 06:18 AM

Due to the lack of feedback, this Topic is now closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users