Afraid to reboot

Computer forums for help with removing malicious software (malware) and improving computer security

Welcome Guest to What the Tech! ( Log In | Register ) We specialize in the removal of malicious software (malware), but here you'll find free help and support for all your tech questions. We invite you to ask questions, share experiences, and learn. Explore our message boards, or register now to post messages of your own. Please Start Here. Register today (registration removes advertising)

What the Tech > Spyware / Malware / Virus Removal > HijackThis™ Logs and Infections Removal

Afraid to reboot, checking of hijack log

Options

mommy_pandos View Member Profile	Aug 23 2006, 10:34 PM Post #1
New Member Group: New Member Posts: 2 Joined: 23-August 06 From: California Member No.: 60,548 Operating System: win xp	I was just wondering if someone could take a look at my log and make sure I'm not infected. I downloaded some game stuff and I think it might have been contaminated. Thanks, Moms ________________- StartupList report, 8/23/2006, 9:19:48 PM StartupList version: 1.52.2 Started from : C:\Documents and Settings\Administrator\Desktop\HijackThis.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180) * Using default options ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SYSTEM32\WISPTIS.EXE C:\Program Files\HPQ\IAM\bin\asghost.exe C:\WINDOWS\System32\tabbtnu.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Java\jre1.5.0\bin\jusched.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE C:\Program Files\HPQ\Q Menu\QICON.EXE C:\Program Files\HPQ\Q Menu\CpqMcSrV.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Alias\Alias SketchBook Pro 1.1\AliasSketchSnap.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\HPQ\SHARED\HPQWMI.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\Program Files\Chami\HTML-Kit\Bin\HTMLKit.exe C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe C:\PROGRA~1\SHORTK~1\shklite.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Administrator\Desktop\HijackThis.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Documents and Settings\Administrator\Start Menu\Programs\Startup] Registration-Studio 8.lnk = C:\Program Files\Pinnacle\Studio 8\Register\RegTool.exe Shell folders Common Startup: [C:\Documents and Settings\All Users\Start Menu\Programs\Startup] Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe Alias SketchBook Snapshot.lnk = C:\Program Files\Alias\Alias SketchBook Pro 1.1\AliasSketchSnap.exe Bluetooth.lnk = ? Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe ShortKeys Lite.lnk = ? -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run TabletWizard = C:\WINDOWS\help\SplshWrp.exe TabletTip = "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume IMJPMIG8.1 = "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 IMEKRMIG6.1 = C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE MSPY2002 = C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC PHIME2002ASync = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC PHIME2002A = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName IgfxTray = C:\WINDOWS\system32\igfxtray.exe HotKeysCmds = C:\WINDOWS\system32\hkcmd.exe Persistence = C:\WINDOWS\system32\igfxpers.exe AGRSMMSG = AGRSMMSG.exe SoundMAXPnP = C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe SoundMAX = C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0\bin\jusched.exe PTHOSTTR = C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start Q Menu = C:\Program Files\HPQ\Q Menu\QICON.EXE -QICON hpqMcSrv = "C:\Program Files\HPQ\Q Menu\CpqMcSrV.exe" /Start UpdateManager = "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r dla = C:\WINDOWS\system32\dla\tfswctrl.exe SynTPLpr = C:\Program Files\Synaptics\SynTP\SynTPLpr.exe SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe hpWirelessAssistant = C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" eabconfg.cpl = C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start CognizanceTS = rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe Symantec NetDriver Monitor = C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe Zinio DLM = C:\Program Files\Zinio\ZDLM.exe /hide MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=INI section not found SCRNSAVE.EXE=INI section not found drivers=INI section not found Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=Registry value not found drivers=Registry value not found Policies Shell key: HKCU\..\Policies: Shell=Registry key not found HKLM\..\Policies: Shell=Registry value not found -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - C:\Program Files\Yahoo!\Common\yiesrvc.dll - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (no name) - C:\WINDOWS\system32\dla\tfswshx.dll - {5CA3D70E-1895-11CF-8E15-001234567890} (no name) - C:\Program Files\Yahoo!\Common\YIeTagBm.dll - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} (no name) - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872} (no name) - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} -------------------------------------------------- Enumerating Task Scheduler jobs: Norton AntiVirus - Scan my computer - Administrator.job Symantec NetDetect.job XoftSpy.job -------------------------------------------------- Enumerating Download Program Files: [Windows Genuine Advantage Validation Tool] InProcServer32 = C:\WINDOWS\system32\legitcheckcontrol.dll CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204 [CPlayFirstTriJinxControl Object] InProcServer32 = C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.55.dll CODEBASE = http://download.games.yahoo.com/games/web_...nx.1.0.0.55.cab [YInstStarter Class] InProcServer32 = C:\Program Files\Yahoo!\Common\yinsthelper.dll CODEBASE = C:\Program Files\Yahoo!\Common\yinsthelper.dll [Snapfish Activia] InProcServer32 = C:\WINDOWS\Downloaded Program Files\SnapfishActivia1000.ocx CODEBASE = http://photo.walgreens.com/WalgreensActivia.cab [ExentInf Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\exentctl_0_0_0_2.ocx CODEBASE = http://us.games2.yimg.com/download.games.y...ctl_0_0_0_2.ocx [Ofoto Upload Manager Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\axofupld.dll CODEBASE = http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab [Wwlaunch Control] InProcServer32 = C:\WINDOWS\DOWNLO~1\wwlaunch.ocx CODEBASE = http://www.worldwinner.com/games/shared/wwlaunch.cab [SwapIt Control] InProcServer32 = C:\WINDOWS\DOWNLO~1\swapit.ocx CODEBASE = http://www.worldwinner.com/games/v64/swapit/swapit.cab [Shockwave Flash Object] InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab -------------------------------------------------- Enumerating Windows NT logon/logoff scripts: No scripts set to run Windows NT checkdisk command: BootExecute = autocheck autochk * Windows NT 'Wininit.ini': PendingFileRenameOperations: C:\Program Files\HPQ\Shared\hpqwmi.events\|\|C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GLB1A2B.EXE\|\|C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nst7C.tmp\System.dll\|\|C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nst7C.tmp\\|\|C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_iu14D2N.tmp -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\system32\webcheck.dll SysTray: C:\WINDOWS\system32\stobject.dll -------------------------------------------------- End of report, 10,257 bytes Report generated in 0.078 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only

mommy_pandos View Member Profile	Aug 25 2006, 08:25 AM Post #2
New Member Group: New Member Posts: 2 Joined: 23-August 06 From: California Member No.: 60,548 Operating System: win xp	bump

« Next Oldest · HijackThis™ Logs and Infections Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies	Topic Starter	Views	Last Action
HijackThis™ Logs and Infections Removal [Resolved] helper.sig file on reboot v2	11	brians2	424	1st December 2008 - 01:24 AM Last post by: jpshortstuff
HijackThis™ Logs and Infections Removal [Closed] certain keys disabled, reboot takes eternity	2	helpme67	69	29th November 2008 - 03:45 PM Last post by: LDTate
Microsoft Windows™ running windows xp had to reboot with disk and lost everything	1	sport66	111	11th November 2008 - 06:38 PM Last post by: HFCG
Microsoft Windows™ I'm getting the blue screen of death, forced to reboot often	2	Sonja27	116	9th November 2008 - 07:48 PM Last post by: Ztruker