Results 1 to 3 of 3

Thread: I need help fast {HJT LOG inside}

  1. #1
    Junior Member
    Join Date
    Apr 2009

    Default I need help fast {HJT LOG inside}

    ok about a week ago i started to get alot of pop ups and when u have internet open it open like 50 tabs and now when i got home my girlfriend seen a message about saying your computer has a virus and she closed it and it shut down the computer and now when you start the computer sometimes you cant click thing and u have to restart. i also play counter strike source and when im playing it just freezes in about 30 mins of playing and freezes the hole cumpter and i got a message saying theres issues with the computer and i tryed to fix them and i dont know how to fix this i was told there was a virus on my cumpter can anyone hlep me please

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:07:55 PM, on 4/5/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\AskBarDis\bar\bin\AskService.exe
    C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\AVG\AVG8\aAvgApi.exe
    C:\Program Files\Angle Interactive\RD Platinum v5.0\RDPlatinumv5.exe
    C:\Program Files\AVG\AVG8\avgui.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\AVG\AVG8\avgscanx.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\Internet Explorer\Iexplore.exe
    C:\Documents and Settings\Owner\Desktop\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: C:\WINDOWS\system32\ds43g4nfjkn93.dll - {d5bf49a0-94f3-42bd-f434-3604812c8955} - C:\WINDOWS\system32\ds43g4nfjkn93.dll
    O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [windowsrvc32] iysokaqhsqux.exe
    O4 - HKLM\..\Run: [Rxadijameh] rundll32.exe "C:\WINDOWS\ekidavak.dll",e
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
    O4 - HKLM\..\RunServices: [windowsrvc32] iysokaqhsqux.exe
    O4 - HKCU\..\Run: [windowsrvc32] iysokaqhsqux.exe
    O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\Owner\reader_s.exe
    O4 - HKCU\..\Run: [Diagnostic Manager] C:\DOCUME~1\Owner\LOCALS~1\Temp\1262207594.exe
    O4 - HKCU\..\RunServices: [windowsrvc32] iysokaqhsqux.exe
    O4 - HKUS\S-1-5-18\..\Run: [svc] c:\program Files\ThunMail\testabd.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Diagnostic Manager] C:\WINDOWS\TEMP\3459689408.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [reader_s] C:\WINDOWS\system32\config\systemprofile\reader_s.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [svc] c:\program Files\ThunMail\testabd.exe (User 'Default user')
    O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
    O4 - S-1-5-18 Startup: RDPlatinum v5.lnk = C:\Program Files\Angle Interactive\RD Platinum v5.0\RDPlatinumv5.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
    O4 - .DEFAULT Startup: RDPlatinum v5.lnk = C:\Program Files\Angle Interactive\RD Platinum v5.0\RDPlatinumv5.exe (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: RDPlatinum v5.lnk = C:\Program Files\Angle Interactive\RD Platinum v5.0\RDPlatinumv5.exe
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: c:\progra~1\ThunMail\testabd.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O22 - SharedTaskScheduler: kjm6t5rinmhp8o87t7r6gh - {C2BA40A2-74F3-42BD-F434-2604812C8954} - C:\WINDOWS\system32\nhser43uhjnefr.dll
    O22 - SharedTaskScheduler: lkjf9873jhifjnsfi8w3fe - {D5BF49A0-94F3-42BD-F434-3604812C8955} - C:\WINDOWS\system32\ds43g4nfjkn93.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
    O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
    O23 - Service: Dhcp server (dhcpsrv) - Unknown owner - C:\WINDOWS\dhcp\svchost.exe
    O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe (file missing)
    O23 - Service: Smart Card (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe (file missing)
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (file missing)
    O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exe (file missing)
    O23 - Service: Performance Logs and Alerts (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe (file missing)
    O23 - Service: tdctxte Service (tdctxte) - Unknown owner - C:\WINDOWS\system32\tdctxte.exe (file missing)
    O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

    End of file - 8866 bytes

  2. #2
    Junior Member
    Join Date
    Apr 2009

    Default please help

    ok now i dont have any sound. I try to go to volume control and it says i dont have and active mixer devices avavilable. i dont have any sound at all

  3. #3
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Clearwater, Florida


    Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
    "BEFORE you POST" (READ this Procedure before Requesting Assistance)
    All advice given is taken at your own risk.
    Please make sure you have read this information so we are on the same page.

    Posting additional comments or logs before a volunteer responds, can push you back instead of forward, because your thread ends up with a newer date. Also, helpers may think you are already being assisted because of the post count.

    This machine needs to be formatted.

    This system is infected with a polymorphic file infector called Virut. Virut is capable of infecting all the machine's executable files (.exe) and screensaver files (.scr). However, the problem is that the virus has a number of bugs in its code, and as a result, it may misinfect a proportion of executable files and therefore, the files are corrupted beyond repair. As of now, security experts suggest that a format and clean install, or destructive recovery if you have an OEM recovery partition, is the best way to clean the infection and it is the best and safest way to return the machine to its normal working state.

    Backup all your documents and important items (personal data, work documents, etc) only. DO NOT backup any executable files (softwares) and screensavers (*.scr). It attempts to infect any accessed .exe or .scr files by appending itself to the executable.

    Also, avoid backing up compressed files (zip/cab/rar) files that have .exe or .scr files inside them. Virut can penetrate and infect .exe files inside compressed files too.

    Recent variants also modify htm, html, asp and php files.

    Do not back up to another machine, as it may become compromised. Burn to DVD/CD, or to an external drive which has nothing else on it, and which you can format should it happen to become infected from the backups.

    See miekiemoes' blog for similar comments here:

    Information Links

    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts