Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Hijack This logfile

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Hijack This logfile

Unread postby cam26 » December 8th, 2008, 8:10 am

I downloaded a copy of winrar and got a virus with it. It is apparently kind of common. I recieve a pop up every few minutes that says "intervalhehehe!!!" repeated a few times.

Someone please help me, I would greatly appreciate it.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:55:01 PM, on 08/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Dell AIO 810\dlcgmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Cam\Local Settings\Temporary Internet Files\Content.IE5\9OE639C0\WinRAR[1].exe
C:\Program Files\Common Files\Symantec Shared\NPC\npcLUStb.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://partnerpage.google.com/smallbiz. ... bd=4080602
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.ca/hws/sb/dell-row/en ... nel=ca-smb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ca/hws/sb/dell-row/en ... nel=ca-smb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.ca/hws/sb/dell-row/en ... nel=ca-smb
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://partnerpage.google.com/smallbiz. ... bd=4080602
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: www.yahoo.com
O1 - Hosts: www.google.com
O1 - Hosts: www.google.co.uk
O1 - Hosts: www.myspace.com
O1 - Hosts: www.youtube.com
O1 - Hosts: www.facebook.com
O1 - Hosts: www.antispy.com
O1 - Hosts: www.yahoo.com
O1 - Hosts: www.yahoo.co.uk
O1 - Hosts: www.antispyware.com
O1 - Hosts: antispyware.com
O1 - Hosts: antispy.com
O1 - Hosts: www.msn.com
O1 - Hosts: www.asdfasdfd.com
O1 - Hosts: www.gg.com
O1 - Hosts: www.ghfhj.com
O1 - Hosts: www.cvnbcvnb.com
O1 - Hosts: www.1.com
O1 - Hosts: www.3.com
O1 - Hosts: www.asdf4asdfd.com
O1 - Hosts: www.asdfawsdfd.com
O1 - Hosts: www.asdfatsdfd.com
O1 - Hosts: www.asdfasdfd.com
O1 - Hosts: www.asdfadsdfd.com
O1 - Hosts: www.asdfasdfd.com
O1 - Hosts: www.asdfafsdfd.com
O1 - Hosts: www.asdfasdfd.com
O1 - Hosts: www.asdfagsdfd.com
O1 - Hosts: www.asdfasgdfd.com
O1 - Hosts: www.asdfasdhfd.com
O1 - Hosts: www.asdfasdfjd.com
O1 - Hosts: www.asdfasdfkd.com
O1 - Hosts: www.asdfasdfld.com
O1 - Hosts: www.asdfasdf,d.com
O1 - Hosts: www.asxdfasdfd.com
O1 - Hosts: www.asdzfasdfd.com
O1 - Hosts: www.asdcfasdfd.com
O1 - Hosts: www.asdfvasdfd.com
O1 - Hosts: www.asdfabsdfd.com
O1 - Hosts: www.asdfasndfd.com
O1 - Hosts: www.asdfasdmfd.com
O1 - Hosts: www.asdfasdfd.com
O1 - Hosts: www.11asdfasdfd.com
O1 - Hosts: www.as222dfasdfd.com
O1 - Hosts: www.asdfa33sdfd.com
O1 - Hosts: www.asdfasd44fd.com
O1 - Hosts: www.asdfasdfd5.com
O1 - Hosts: www.as66dfasdfd.com
O1 - Hosts: www.asdf77asdfd.com
O1 - Hosts: www.asdf8asdfd.com
O1 - Hosts: www.asdf9asdfd.com
O1 - Hosts: www.asdf0asdfd.com
O1 - Hosts: www.asdf-asdfd.com
O1 - Hosts: www.aqqsdfasdfd.com
O1 - Hosts: www.aswwdfasdfd.com
O1 - Hosts: www.asdhhfasdfdyy.com
O1 - Hosts: www.live.com
O1 - Hosts: www.asdwwwfasdfd.com
O1 - Hosts: www.asdfeasdfd.com
O1 - Hosts: www.asdfrrasdfd.com
O1 - Hosts: www.asdfttasdfd.com
O1 - Hosts: www.asdfyyasdfd.com
O1 - Hosts: www.asdfuuuasdfd.com
O1 - Hosts: www.asdfaiisdfd.com
O1 - Hosts: www.asdfaoosdfd.com
O1 - Hosts: www.asdfappsdfd.com
O1 - Hosts: www.asdfasssdfd.com
O1 - Hosts: www.aswwdfasdfd.com
O1 - Hosts: www.asdeefasdfd.com
O1 - Hosts: www.asdfffasdfd.com
O1 - Hosts: www.asdfavvvsdfd.com
O1 - Hosts: www.asnnndfasdfd.com
O1 - Hosts: www.asdmmmfasdfd.com
O1 - Hosts: www.asdfaffsdfd.com
O1 - Hosts: www.asdhhfasdfd.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [OEM13Mon.exe] C:\WINDOWS\OEM13Mon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [DLCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlcgmon.exe] "C:\Program Files\Dell AIO 810\dlcgmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [explore] C:\WINDOWS\system32\explore.exe
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\Cam\LOCALS~1\Temp\IXP000.TMP\"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/re ... NPUpld.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: dlcg_device - - C:\WINDOWS\system32\dlcgcoms.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

End of file - 15575 bytes
Active Member
Posts: 1
Joined: December 8th, 2008, 8:04 am
Register to Remove

Re: Hijack This logfile

Unread postby silver » December 19th, 2008, 10:24 pm

Hi cam26,

I'm sorry it's taken so long for you to get a response, if you still need help please do as follows:

Please open this page in your browser:
http://www.bleepingcomputer.com/submit- ... channel=32

Fill in the link to topic field with a link to this topic
Copy/paste the following into the Browse to the file you want to submit field:
Then press Send File, this will upload the file for analysis


Download RSIT by random/random to your Desktop (right-click the link, select Save Target As..., select your Desktop and press Save)

  • Double click RSIT.exe to start the program, and click Continue at the disclaimer screen.
  • When the scan is complete, two text files will open - log.txt <- this one will be maximized and info.txt <-this one will be minimized
  • Make sure Format->Word Wrap is unchecked
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of log.txt and info.txt in your reply


Once complete, please post both RSIT logs, you won't need to produce a new HijackThis log as RSIT produces one for you.
User avatar
Regular Member
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: Hijack This logfile

Unread postby silver » December 22nd, 2008, 8:42 pm

Do you still need help with your machine?

If the instructions are unclear or something isn't working, please let me know before proceeding.
User avatar
Regular Member
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: Hijack This logfile

Unread postby silver » December 26th, 2008, 11:39 pm

Due to a Lack of Response this topic is now closed.

If you still require help, please open a new thread in the Malware Removal forum.

If you have been helped and wish to donate to help with the costs of this volunteer site,
please read Donations For Malware Removal
User avatar
Regular Member
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7
Register to Remove

  • Similar Topics
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!

Who is online

Users browsing this forum: No registered users and 48 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware