Supreme1 Posted December 10, 2007 CID Share Posted December 10, 2007 Alright here is the story 2 days ago my brother downloaded something our other, it was a .bat file of some sort. From the gist of it, It is reeking havoc the explorer.exe crashes over and over and over I'm so-so with computers just not on the virus side all post his hijack this log and see if any of you see suspicous files, I ran it once prior to this wrote down things i thought where out of place i got 15 confirmed ad ware,malware,etc things erased but it is still crashing over and over, Also honestly i suck at explaining things so bear with me. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:54:51 PM, on 12/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32Ati2evxx.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:Program FilesLavasoftAd-Aware 2007aawservice.exe C:WINDOWSsystem32spoolsv.exe C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe C:PROGRA~1GrisoftAVG7avgamsvr.exe C:PROGRA~1GrisoftAVG7avgupsvc.exe C:PROGRA~1GrisoftAVG7avgemc.exe C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe C:Program FilesComodoFirewallcmdagent.exe C:Program FilesIntelliAdminagentagent.exe C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE C:Program FilesWebrootSpy SweeperWRSSSDK.exe C:WINDOWSsystem32wscntfy.exe C:WINDOWSsystem32wuauclt.exe C:WINDOWSsystem32Ati2evxx.exe C:WINDOWSsystem32taskmgr.exe C:Documents and SettingsNate JDesktopHiJackThis.exe C:Program FilesGrisoftAVG7avgwb.dat C:WINDOWSSystem32imapi.exe O4 - HKLM..Run: [ATIPTA] C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe O4 - HKLM..Run: [soundMan] SOUNDMAN.EXE O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program FilesJavajre1.6.0_03binjusched.exe" O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot O4 - HKLM..Run: [ATICCC] "C:Program FilesATI TechnologiesATI.ACEcli.exe" runtime -Delay O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe" O4 - HKLM..Run: [COMODO Firewall Pro] "C:Program FilesComodoFirewallCPF.exe" /background O4 - HKLM..Run: [WinVNC] "C:Program FilesTightVNCWinVNC.exe" -servicehelper O4 - HKLM..Run: [sSC_UserPrompt] "C:Program FilesCommon FilesSymantec SharedSecurity CenterUsrPrmpt.exe" O4 - HKLM..Run: [ssAAD.exe] C:PROGRA~1SonySONICS~1SsAAD.exe O4 - HKLM..Run: [spySweeper] "C:Program FilesWebrootSpy SweeperSpySweeper.exe" /startintray O4 - HKLM..Run: [sCDEmuApp.exe] C:Program FilesPowerISOSCDEmuApp.exe O4 - HKLM..Run: [sC2] C:Program FilesSecCenterscprot4.exe O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeQTTask.exe" -atboottime O4 - HKLM..Run: [NeroFilterCheck] C:Program FilesCommon FilesAheadLibNeroCheck.exe O4 - HKLM..Run: [myivo] C:Program FilesAlericMyIVObinmyivomgr.exe O4 - HKLM..Run: [MacroMachine BootMark] C:Program FilesTronanMacroMachineBootMark.exe O4 - HKLM..Run: [DAEMON Tools] "C:Program FilesDAEMON Toolsdaemon.exe" -lang 1033 O4 - HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe" O4 - HKLM..Run: [AIMWDInstallFilename] C:PROGRA~1AIMAIMWDI~1.EXE O4 - HKLM..Run: [efqdsjyx] rundll32.exe "C:Program Filespqhczsdwrcvgfodu.dll",Init O4 - HKLM..Run: [avp] C:WINDOWSTEMPwinC3D.exe O4 - HKLM..Run: [smgr] mgrs.exe O4 - HKLM..Run: [AVG7_CC] C:PROGRA~1GrisoftAVG7avgcc.exe /STARTUP O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe O4 - HKCU..Run: [spybotSD TeaTimer] C:Program FilesSpybot - Search & DestroyTeaTimer.exe O4 - HKCU..Run: [Yahoo! Pager] "C:Program FilesYahoo!MessengerYahooMessenger.exe" -quiet O4 - HKCU..Run: [Weather] C:PROGRA~1AWSWEATHE~1Weather.EXE 1 O4 - HKCU..Run: [RealPlayer] "C:Program FilesRealRealPlayerrealplay.exe" /RunUPGToolCommandReBoot O4 - HKCU..Run: [PeerGuardian] C:Program FilesPeerGuardian2pg2.exe O4 - HKCU..Run: [MsnMsgr] "C:Program FilesMSN Messengermsnmsgr.exe" /background O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background O4 - HKCU..Run: [MalwareAlarm] C:Program FilesMalwareAlarmMalwareAlarm.exe O4 - HKCU..Run: [ares] "C:Program FilesAresAres.exe" -h O4 - HKCU..Run: [Aim6] "C:Program FilesAIM6aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU..Run: [AIM] C:Program FilesAIMaim.exe -cnetwait.odl O4 - HKCU..RunOnce: [CheckNetworkConnection] "C:Program FilesSupport.comproviderComcastdesktopdoctor.exe" /flow /flow=diagnosenetwork /trayclick=true /haveconfirmedwiring=true /haverenewed=true /haverestartedmodem=true /onrestart=true /havehealed=true /issuenumber=79518ae9-3c67-4492-9a7f-ea5520541000 O4 - HKUSS-1-5-19..Run: [AVG7_Run] C:PROGRA~1GrisoftAVG7avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUSS-1-5-20..Run: [AVG7_Run] C:PROGRA~1GrisoftAVG7avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUSS-1-5-18..Run: [AVG7_Run] C:PROGRA~1GrisoftAVG7avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS.DEFAULT..Run: [AVG7_Run] C:PROGRA~1GrisoftAVG7avgw.exe /RUNONCE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe O4 - Startup: IntelliAdmin Agent Tray Icon.lnk = C:Program FilesIntelliAdminAgentAgentSettings.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe O4 - Global Startup: MacroMachine.lnk = ? O4 - Global Startup: palstart.exe O8 - Extra context menu item: &AIM Search - res://C:Program FilesAIM ToolbarAIMBar.dll/aimsearch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03binssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03binssv.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:Program FilesAIMaim.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:Program FilesPartyGamingPartyPokerRunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:Program FilesPartyGamingPartyPokerRunApp.exe (file missing) O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:Documents and SettingsNate JStart MenuProgramsIMVURun IMVU.lnk O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:Program FilesPokerStars.NETPokerStarsUpdate.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O10 - Unknown file in Winsock LSP: c:windowssystem32nwprovau.dll O20 - AppInit_DLLs: C:WINDOWSsystem32guard32.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:Program FilesLavasoftAd-Aware 2007aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe (file missing) O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVG7avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVG7avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVG7avgemc.exe O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:Program FilesComodoFirewallcmdagent.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe O23 - Service: IntelliAdminRC - IntelliNavigator, Inc - C:Program FilesIntelliAdminagentagent.exe O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE O23 - Service: MSCSPTISRV - Sony Corporation - C:Program FilesCommon FilesSony SharedAVLibMSCSPTISRV.exe O23 - Service: PACSPTISVR - Sony Corporation - C:Program FilesCommon FilesSony SharedAVLibPACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:Program FilesCommon FilesSony SharedAVLibSPTISRV.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:Program FilesWebrootSpy SweeperWRSSSDK.exe O23 - Service: VNC Server (winvnc) - Unknown owner - C:Program FilesTightVNCWinVNC.exe (file missing) -- End of file - 9314 bytes Here is the report thank you for your time. Quote Link to comment Share on other sites More sharing options...
Supreme1 Posted December 11, 2007 Author CID Share Posted December 11, 2007 I must say I did tinker with it a bit again I Installed AVG Anti virus so it did change the log a bit due to the new modules being installed all post a updated log tomorrow. Quote Link to comment Share on other sites More sharing options...
coknuck Posted December 11, 2007 CID Share Posted December 11, 2007 Post your log here and it will tell you whats good and whats bad. http://www.hijackthis.de/ Quote Link to comment Share on other sites More sharing options...
trivium03 Posted December 11, 2007 CID Share Posted December 11, 2007 try also to install nod32 and scan it. Quote Link to comment Share on other sites More sharing options...
Sequoia Posted December 11, 2007 CID Share Posted December 11, 2007 Have you tried finding another copy of explorer.exe with search in your OS?If you have that see if you can copy & paste it in where your Windowsexplorer.exe is.You may have to do this in safe mode .You may not be able to do it from even safe mode.If you had DOS then it would be much easier from outside Windows.Then you could just extract or copy the extra & probably good explorer.exe to DOS then to C:Windows. There is a linux boot disc you can do this with but you have to learn some linux. This is the one I used to make some repairs to my OS. http://trinityhome.org/Home/index.php?wpid=1&front_id=12 Read the information at the site & if you know a linux user that could help you that would be a plus.I struggled through & managed to get what I needed to done but I don't know the correct instruction for you to use this. Also I haven't used one but XP has a recovery console if you have a full Windows XP install disc.It might be possible to fix it from there. Quote Link to comment Share on other sites More sharing options...
Supreme1 Posted December 12, 2007 Author CID Share Posted December 12, 2007 I eneded up finding the problem it was a .dll of somesort had a odd name ljghfed or something, Thanks to all who gave a reply. trivium03<--- AVG did the trick for me in this case. Quote Link to comment Share on other sites More sharing options...
trivium03 Posted December 12, 2007 CID Share Posted December 12, 2007 ok. good for you Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.