Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

HIJACKTHIS LOG

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

HIJACKTHIS LOG

Unread postby Vincent_o » September 3rd, 2010, 9:01 am

the problem is, when i run turn on my pc the firt time explorer.exe does not run leving the screen only whit the wallpaper then when i rebot the system all is fine i submit my staruplist helpppp

StartupList report, 03/09/2010, 8:15:39
StartupList version: 1.52.2
Started from : C:\Archivos de programa\Trend Micro\HiJackThis\HiJackThis.EXE
Detected: Windows XP SP3 (WinNT 5.01.2600)
Detected: Internet Explorer v8.00 (8.00.6001.18702)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\The Skins Factory\Hyperdesk\Common\HdThemeEnabler.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\archivos de programa\idt\intelxpv_v100\wdm\STacSV.exe
C:\Archivos de programa\Advanced System Optimizer 3\ASO3DefragSrv.exe
C:\Archivos de programa\Java\jre6\bin\jqs.exe
C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Archivos de programa\Eset\nod32krn.exe
C:\Archivos de programa\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe
C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe
C:\Archivos de programa\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\IDT\WDM\sttray.exe
C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe
C:\Archivos de programa\Eset\nod32kui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\ARCHIV~1\ENUTV-2\TVTray.exe
C:\Archivos de programa\QuickTime\QTTask.exe
C:\Archivos de programa\USB Disk Security\USBGuard.exe
C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\issch.exe
C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe
C:\Archivos de programa\Advanced System Optimizer 3\SystemProtector.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Yahoo!\Widgets\YahooWidgets.exe
C:\Archivos de programa\Yahoo!\Widgets\YahooWidgets.exe
C:\Archivos de programa\Yahoo!\Widgets\YahooWidgets.exe
C:\Archivos de programa\Mobile Partner\Mobile Partner.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\ATLAS V14\ATLIECOM.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Windows Media Player\wmplayer.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Archivos de programa\Trend Micro\HiJackThis\HiJackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Alvaro\Menú Inicio\Programas\Inicio]
Yahoo! Widgets.lnk = C:\Archivos de programa\Yahoo!\Widgets\YahooWidgets.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz = nwiz.exe /install
avast! = C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
GrooveMonitor = "C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe"
nod32kui = "C:\Archivos de programa\Eset\nod32kui.exe" /WAITSERVICE
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
TVTray = C:\ARCHIV~1\ENUTV-2\TVTray.exe
QuickTime Task = "C:\Archivos de programa\QuickTime\QTTask.exe" -atboottime
USB Antivirus = C:\Archivos de programa\USB Disk Security\USBGuard.exe
ISUSPM Startup = "C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\isuspm.exe" -startup
ISUSScheduler = "C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\issch.exe" -start
Adobe ARM = "C:\Archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe"
Malwarebytes' Anti-Malware = "C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IMJPMIG8.1 = "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
MSPY2002 = C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
PHIME2002ASync = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
SunJavaUpdateSched = "C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe"
SystemProtector = "C:\Archivos de programa\Advanced System Optimizer 3\SystemProtector.exe" /autorun

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe
Google Update = "C:\Documents and Settings\Alvaro\Configuración local\Datos de programa\Google\Update\GoogleUpdate.exe" /c

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
=

[SystweakDisabled]
Norton Ghost 15.0 = "C:\Archivos de programa\Norton Ghost\Agent\VProTray.exe"
UnlockerAssistant = "C:\Archivos de programa\Unlocker\UnlockerAssistant.exe"

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

AcroIEHelperStub - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll - {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
ATLAS Toolbar - C:\Archivos de programa\ATLAS V14\ATLIECP.DLL - {3C6301ED-0F78-4AF2-8150-D9C052361A8E}
(no name) - C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll - {72853161-30C5-4D22-B7F9-0BBC1D38A37E}
(no name) - C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll - {DBC80044-A445-435b-BC74-9C25C1C588A9}
JQSIEStartDetectorImpl - C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll - {E7E6F031-17CE-4C07-BC86-EABFE594F69C}

--------------------------------------------------

Enumerating Task Scheduler jobs:

AppleSoftwareUpdate.job
GoogleUpdateTaskUserS-1-5-21-1004336348-1220945662-725345543-1003Core.job
GoogleUpdateTaskUserS-1-5-21-1004336348-1220945662-725345543-1003UA.job
User_Feed_Synchronization-{1314FABC-99A9-4CE9-B043-F62573EEBE5A}.job
Windows Codec Update Service.job

--------------------------------------------------

Enumerating Download Program Files:

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.dll
CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204

[Installation Support]
InProcServer32 = C:\Archivos de programa\Yahoo!\Common\Yinsthelper.dll
CODEBASE = C:\Archivos de programa\Yahoo!\Common\Yinsthelper.dll

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------
End of report, 8.689 bytes
Report generated in 0,031 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
Vincent_o
Active Member
 
Posts: 1
Joined: September 3rd, 2010, 8:28 am
Advertisement
Register to Remove

Re: HIJACKTHIS LOG

Unread postby NonSuch » September 3rd, 2010, 7:27 pm

You have posted a StartupList Report instead of a HijackThis log.

Please familiarize yourself with the forum rules: >Forum Posting Rules - Please Read<

In order for us to help you it is necessary that you provide us with a HijackThis log. Please follow the guideline at the link below to start a new topic and post your HijackThis log by pasting it into your post. Do not utilize attachments.

This topic is now closed. Please start a new topic by following the HijackThis Guideline posted here: >Guideline for posting your HijackThis log<
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27300
Joined: February 23rd, 2005, 7:08 am
Location: California


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 53 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware