Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

my hijack log. Possibly a virus/malware?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

my hijack log. Possibly a virus/malware?

Unread postby manymunkies » July 10th, 2009, 4:33 pm

Hey im new to all this and am in need of some help
also, i occasionally hear a clicking sound(like clicking a folder) even when I am not doing anything

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:28:29 PM, on 7/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\HJTInstall.exe
C:\Documents and Settings\Administrator\Desktop\HJTInstall.exe
C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Documents and Settings\Administrator\My Documents\Unzipped\HiJackThis\HijackThis.exe

R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ZILLAbar BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\ZB2.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: (no name) - {9E3849D6-41EF-4B2F-86B7-632EF90758E4} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O3 - Toolbar: Live Search Club Toolbar - {719D74AB-1AF9-43A1-8C62-D8750628D93E} - C:\Program Files\Live Search Club Toolbar\Toolbar.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\ZB2.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Advanced WindowsCare] "C:\Program Files\IObit\Advanced WindowsCare V2\Awc.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: μIºI³Y - {CF8A9BA9-5AF2-4D1C-95F3-FA89BFF33714} - C:\DOOBUNET\doobu.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: ibeatyou Video PlugIn - http://www.ibeatyou.com/plugins/ibeatyo ... plugin.CAB
O16 - DPF: vzTCPConfig - http://www.verizon.net/checkmypc/fios/i ... Config.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {247D3068-ABDA-4A56-A48A-112183AC08B5} (GK_YH_Launcher Control) - http://kr.wbgames.yahoo.com/GK_YH_Launcher.cab
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://file.nx.com/activex/public_new/nxpm.cab
O16 - DPF: {29B1A628-BF97-4B52-A22B-301C8190F05C} (XLecture Control) - http://www.cyberoro.com/lecture/lectureview.cab
O16 - DPF: {2A2B6809-46C9-4126-BAFC-B352585BD56E} (Kiwidisk File Share Control 5) - http://www.kiwidisk.com/mmsv/KiwidiskControl.CAB
O16 - DPF: {36F46B1E-11B7-4221-B4F7-F1FC9687E7F6} (MBox Control) - http://kr.music.yahoo.com/m_box/component/mbox.cab
O16 - DPF: {48ECCD73-123C-4C25-A64C-76E8E8A30CAF} - https://mpi.dacom.net/XPayMPI/Xecure_Li ... MPIOCX.cab
O16 - DPF: {4A55BA7E-0379-4DB5-BDEF-70454A548AB2} (AgentReal Control) - http://kr.baduk.yahoo.com/cab/YahooBaduk.cab
O16 - DPF: {4E52C32F-C143-4963-A758-2DB07703CB49} (YahooCS Class) - http://kr.memo.yahoo.com/CAB/YahooWCS.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/17cd1195563 ... xIE601.cab
O16 - DPF: {5B535297-89E6-486E-8DA8-0C663B1981EC} (giboView Control) - http://www.cyberoro.com/kbaweb/gibo/giboview.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedow ... n11USA.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 9863013265
O16 - DPF: {68253470-5D4F-4CDF-8D9C-353C14A2F013} (SVPorsche Control) - http://img.yahoo.co.kr/multi/2005/tool/ ... orsche.cab
O16 - DPF: {932AFC62-9855-4889-81FA-426D20CEF06F} (DrPlusX Control) - http://www.dr-plus.net/pc/DrPlusAct.cab
O16 - DPF: {97745861-F1A6-45B2-8AD1-0C17334550E6} (YahooCabinet Control) - http://img.yahoo.co.kr/ycabinet/cab/YahooCabinet.cab
O16 - DPF: {A555B624-1393-46BD-ADFF-4455DD650FC5} - http://www.bonsori.com/webplayer/TPlayer.cab
O16 - DPF: {A5F3B5CF-A05F-479E-B684-13AA512A7B93} (YGLauncher Control) - http://kr.pubbase.yahoo.com/gamesetup/YGLauncher.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/a ... _en_dl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v ... b34246.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - http://gamedownload.ijjimax.com/gamedow ... in9USA.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://www.yougamers.com/systeminfo/FMSI.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} - http://gamedownload.ijjimax.com/gamedow ... n10USA.cab
O16 - DPF: {E4711892-E909-4621-B014-77F8383C881A} (DoobuNetX Control) - http://pt1.doobu.net/PTINSTALL/DoobuNetProj1.ocx
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} (KvpIspCtlD Control) - https://www.vpay.co.kr/kvpfiles/KVPISPCTLD.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AhnLab Task Scheduler - Unknown owner - C:\Program Files\Ahnlab\Smart Update Utility\AhnSDsv.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Google Update Service (gupdate1c98ee5753343de) (gupdate1c98ee5753343de) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: wampapache - Unknown owner - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe (file missing)
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe (file missing)

--
End of file - 14311 bytes
manymunkies
Active Member
 
Posts: 1
Joined: July 10th, 2009, 4:30 pm
Advertisement
Register to Remove

Re: my hijack log. Possibly a virus/malware?

Unread postby MWR 3 day Mod » July 14th, 2009, 12:05 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: my hijack log. Possibly a virus/malware?

Unread postby Shaba » July 17th, 2009, 12:01 am

Due to lack of response this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 37 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware