1. Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Hijack this help me

Discussion in 'General Software' started by grunt_408, Jun 24, 2008.

  1. grunt_408

    grunt_408

    Joined:
    Aug 5, 2007
    Messages:
    2,147 (0.59/day)
    Thanks Received:
    880
    Location:
    Australia
    can someone look at this for me
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:14:11 PM, on 6/24/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe
    C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe
    C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe
    C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
    C:\Program Files\Panda Security\Panda Internet Security 2008\AVENGINE.EXE
    c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE
    C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Panda Security\Panda Internet Security 2008\ApvxdWin.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Logitech\G-series Software\LGDCore.exe
    C:\Program Files\Logitech\G-series Software\LCDMon.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
    C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
    C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\Panda Security\Panda Internet Security 2008\SRVLOAD.EXE
    C:\Program Files\Panda Security\Panda Internet Security 2008\WebProxy.exe
    C:\Program Files\Panda Security\Panda Internet Security 2008\PavBckPT.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Sarah\My Documents\New Folder\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
    O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE" /s
    O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Internet Security 2008\Inicio.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
    O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1214357530765
    O17 - HKLM\System\CCS\Services\Tcpip\..\{02D5B361-A00C-4340-8DC9-830C1FE6B8E8}: NameServer = 192.168.1.1
    O17 - HKLM\System\CS2\Services\Tcpip\..\{02D5B361-A00C-4340-8DC9-830C1FE6B8E8}: NameServer = 192.168.1.1
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe
    O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe
    O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe
    O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
    O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE
    O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe
    O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe

    --
    End of file - 6670 bytes
     
    10 Year Member at TPU
  2. oily_17

    oily_17

    Joined:
    Sep 25, 2006
    Messages:
    2,312 (0.58/day)
    Thanks Received:
    670
    Location:
    Norn Iron
    What seems to be the problem? Do you think your pc is infected ?
     
    10 Year Member at TPU
  3. grunt_408

    grunt_408

    Joined:
    Aug 5, 2007
    Messages:
    2,147 (0.59/day)
    Thanks Received:
    880
    Location:
    Australia
    I am not sure I cant seem to find a virus but it is doing strange things. At first it wouldnt let me install anti virus and Id get regular crc errors when trying to install a game or something not matter where it came from cd or downloaded. Now when I turn it on the taskbar changes from blue to the 98 style grey and the start button stays green wtf. I have also tried replacing my hdd with a brand new one along with using the latest chipset drivers for my motherboard. I have also put the Overclock back down to stock and run memtest overnight. Also I have removed my soundcard just in case it was that. I think it may be my motherboard dying on me but am not 100 percent sure. The last thing I am going to try tonight after work is swapping the 3870 with x1950 to see if that changes anything.:banghead: One thing I did do before I got these problems is use g-parted on my old hdd to repartition my hdd so I could try vista. I had to use the VESA driver to get a display could that have done damage?
     
    10 Year Member at TPU
  4. oily_17

    oily_17

    Joined:
    Sep 25, 2006
    Messages:
    2,312 (0.58/day)
    Thanks Received:
    670
    Location:
    Norn Iron
    I cant see anything in your HiJackThis log to be worried about..although I am not an expert.

    Not sure what is up with your pc.When you used g-parted on your drive did you just shrink the original partition? Maybe something has messed up when doing this.
    Try swapping out your GPU and reinstall your drivers to see if that helps.

    If you still want to scan your pc for anything malicious then you can use an on-line scanner -

    Kaspersky Online Scanner

    Note you have to use IE to use this scanner.
     
    10 Year Member at TPU
  5. grunt_408

    grunt_408

    Joined:
    Aug 5, 2007
    Messages:
    2,147 (0.59/day)
    Thanks Received:
    880
    Location:
    Australia
    Yer have tried the panda one all clear. I just updated the inf file for the chipset still seem to be problem though generic host win32 or whatever its called crashed on startup.
     
    10 Year Member at TPU
  6. panchoman

    panchoman Sold my stars!

    Joined:
    Jul 16, 2007
    Messages:
    9,595 (2.60/day)
    Thanks Received:
    1,201
    looks like its svchost, because its a common host for viruses and my hijackthis doesn't list my svchost in the irregularities, and its basically a pub for viruses and i wouldn't be suprised if theres a virus in there... just delete svchost(use unlocker or use linux) and replace it with a fresh svchost (i'll give you mine if you'd like)
     
    10 Year Member at TPU
  7. oily_17

    oily_17

    Joined:
    Sep 25, 2006
    Messages:
    2,312 (0.58/day)
    Thanks Received:
    670
    Location:
    Norn Iron
    Have you tried MemTest86+ to check your memory is in good condition.

    Svchost is needed to run your OS properly and deleting the wrong one will screw up your install.

    EDIT: To get a list of what services are running in each svchost,
    Open a command prompt and type Tasklist /SVC
     
    Last edited: Jun 24, 2008
    10 Year Member at TPU
  8. thoughtdisorder

    thoughtdisorder New Member

    Joined:
    Jan 4, 2008
    Messages:
    1,818 (0.52/day)
    Thanks Received:
    267
    Location:
    Just South of Mars
    Have you tried disabling Teatimer.exe at startup and seeing if that makes a difference when you boot? You can start it after boot up manually if that's not the problem. Sometimes starting teatimer.exe at boot can cause funny issues. (Teatimer.exe is the Spybot engine)
     
  9. grunt_408

    grunt_408

    Joined:
    Aug 5, 2007
    Messages:
    2,147 (0.59/day)
    Thanks Received:
    880
    Location:
    Australia
    Updating the inf file for the chipset fixed it. Thanks guys for trying to help me
     
    10 Year Member at TPU

Currently Active Users Viewing This Thread: 1 (0 members and 1 guest)