|
| |||||||
| Home | Forums | Rules | All Albums | Blogs | Subscriptions | Register | Mark Forums Read |
| Software & OSs Operating Systems, Anti-Virus, Utilities and Programs. |
 |
| | LinkBack | Thread Tools |
October 13th, 2006
| #1 |
| 4GHz or Bust  Join Date: Feb 2006 Location: where do you friggin live??
Posts: 1,761
|  Found a virus, think I killed it, but here's a hijackthis log just to be sure Scan saved at 8:40:33 AM, on 10/13/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\UltraMon\UltraMon.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\WINDOWS\CTHELPER.EXE C:\WINDOWS\system32\CTXFIHLP.EXE C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe C:\Program Files\UltraMon\UltraMonTaskbar.exe C:\Program Files\LW-WORKS\Clipboard Recorder\clipboard_recorder.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Trillian\trillian.exe C:\Program Files\Skype\Phone\Skype.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\WINDOWS\system32\oodag.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\taskmgr.exe C:\DOCUME~1\Drew\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe" O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Clipboard Recorder] "C:\Program Files\LW-WORKS\Clipboard Recorder\clipboard_recorder.exe" -startup O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Free WebSite Tools.lnk = ? O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe I don't see much that I don't recognize, but maybe you guys can double check for me. thanks!  P5K-E wifi/ E8400 @ 4.0 / Scythe Ninja Copper / 2GB Hyper-X DDR2-800 / 7800GT / Antec 1200 / Corsair HX-520 P5W DH Deluxe wifi/ E7200 @ 4.0 / 2GB Ballistix DDR2-800 / 7600GT (passive) / P180B / Seasonic SS-550HT / Zalman Reserator V2 Optiplex 755 / E2180 / 4GB DDR2 / 160GB HD / ATI HD 2400 Dual-ISP Network aim: drewandnotu | Skype: drew-and-not-u  |
|
|
October 13th, 2006
| #2 |
| I don't know how to put this, but, I'm kind of a big deal.  | The only suspect entry I see is this: O4 - Global Startup: Free WebSite Tools.lnk = ? If you can account for it, groovy. If not, I'd nuke it. Otherwise, everything else looks to be in order.  |
|
|
October 13th, 2006
| #3 |
| T-Rex  | O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k Failed overclock anyone? :P O4 - Global Startup: Free WebSite Tools.lnk = ? O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} No use On the other hand, there's quite a load of useless software running on your system. You know, stuff like java updater and that sound max icon in the taskbar you never use. :P  |
|
|
|
October 13th, 2006
| #4 |
 Join Date: Jan 2006 Location: British Columbia, Canada
Posts: 2,557
| The dumprep 0 -k means he has a failed overclock? I have that too.  I Like Watercooling. D-Tek Fuzion, MCP655, MCR220 |
|
|
|
October 13th, 2006
| #5 |
| T-Rex | No, that means Windows XP is checking for errors, last time he quitted it didn't close properly so it's making a minidump and error report. If you always see it in HKEY_Current_User/Software/Microsoft/Windows/Run or in the task manager every time you boot then there's either a hardware or software problem. I just said "failed overclock" because it's the only time I see a dumprep in my run key. :P |
|
|
|
|
| Tags |
| found, killed, virus |
| Thread Tools | |
|
|
Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Will XP be killed off? | screwballl | Software & OSs | 27 | April 5th, 2008 13:07 |
| Virus found in F@H work file. | Banditman | The HL F@H Team | 22 | June 19th, 2007 19:24 |
| Shooting rampage, 32 Killed, over 60 injured | Lead Head | HL Lounge | 20 | April 17th, 2007 10:39 |
| What I think killed my Athlon 64 | Lead Head | Processors | 10 | June 27th, 2006 15:09 |
| I just killed my computer | fps justin | Troubleshooting | 44 | June 20th, 2006 06:27 |
