Member Avatar for shinroz

Logfile of HijackThis v1.99.1
Scan saved at 2:39:16 PM, on 3/19/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
D:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\System32\carpserv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
D:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
D:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\MASTER CARPIO\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CVirtualDNSObj Object - {86C510E9-97EF-4749-914F-0280247BE3A6} - C:\WINDOWS\VirtualDNS.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunServer] D:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKLM\..\RunServices: [Windows ASN Services] clfy.exe
O4 - HKCU\..\Run: [PowerBar] :ÔwV€s«ºÜDþsdþDþàýdþg;Ôw0þK;Ôwt¥@l¥@`3f.«Âwþ€™´þ¿íÖwpOÙwÿÿÿÿK;Ôw‘=ÔwsVé>Ôwl¥@ þ¯eÔwt¥@pPbàýl¥@l¥@ÄþÜCÔwt¥@l¥@8¥@l¥@§s
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A937D27-3F9E-4FAA-A4AF-A46AA0E4580C}: NameServer = 58.69.254.104 58.69.254.106
O17 - HKLM\System\CS1\Services\Tcpip\..\{2A937D27-3F9E-4FAA-A4AF-A46AA0E4580C}: NameServer = 58.69.254.104 58.69.254.106
O20 - Winlogon Notify: msupdate - msupdate32.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: MsHS64 - Unknown owner - C:\WINDOWS\MsHS64.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

is there any threat of virus on these files?

  • 2 Contributors
  • 1 Reply
  • 55 Views
  • 14 Hours Discussion Span
  • Latest Post Latest Post by tayspen
Member Avatar for tayspen

Hi, Please run HJT again and plcae a check next to thed following.


O2 - BHO: CVirtualDNSObj Object - {86C510E9-97EF-4749-914F-0280247BE3A6} - C:\WINDOWS\VirtualDNS.dll (file missing)

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O20 - Winlogon Notify: msupdate - msupdate32.dll (file missing)

Then if these are not trelated to your ISP, or you dont what they are, check them.


O17 - HKLM\System\CCS\Services\Tcpip\..\{2A937D27-3F9E-4FAA-A4AF-A46AA0E4580C}: NameServer = 58.69.254.104 58.69.254.106

O17 - HKLM\System\CS1\Services\Tcpip\..\{2A937D27-3F9E-4FAA-A4AF-A46AA0E4580C}: NameServer = 58.69.254.104 58.69.254.106

I have never seen anything like this.


O4 - HKCU\..\Run: [PowerBar] :ÔwV€s«ºÜDþsdþDþàýdþg;Ôw0þK;Ôwt¥@l¥@`3f.«Âwþ€™´þ¿íÖwpO ÙwÿÿÿÿK;Ôw‘=ÔwsVé>Ôwl¥@ þ¯eÔwt¥@pPbàýl¥@l¥@ÄþÜCÔwt¥@l¥@8¥@l¥@§s

I would hceck it if I were you.

Then once they are all checked. Close all browsers and click Fix Checked

--------------------------------------------------------

Download ewido - http://www.ewido.net/en/ - Install. Update. Scan. Remove any thing it finds.

Post a new HJT log, and the ewido log.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.