1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Hijack this log file - I think my computer has a virus

Discussion in 'Virus & Other Malware Removal' started by okpeggyflying, Apr 15, 2008.

Thread Status:
Not open for further replies.
  1. okpeggyflying

    okpeggyflying Thread Starter

    Joined:
    Apr 15, 2008
    Messages:
    1
    I think I have a virus. My computer is making funny noises and I have some pop ups occuring and the whole system has slowed down considerably.
    I have run hijack this but not sure what to do with it. here is my log file
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:00:51 AM, on 04/15/08
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device

    Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Trend Micro\BM\TMBMSRV.exe
    C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe
    C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe
    C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b]

    E:\Languages\EN\Programs\Registration.exe /title="CorelDRAW

    Graphics Suite 12" /date=041608 serial=dr12wrx-1868303-hjj

    lang=EN
    O4 - HKLM\..\Run: [ISUSPM Startup]

    C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

    Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program

    Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [ctfmon.exe]

    C:\WINDOWS\system32\ctfmon.exe
    O9 - Extra button: Research -

    {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

    C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02}

    (HouseCall Control) -

    http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows

    Genuine Advantage Validation Tool) -

    http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE}

    (Housecall ActiveX 6.5) -

    http://housecall65.trendmicro.com/housecall/applet/html/nat

    ive/x86/win32/activex/hcImpl.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image

    Uploader Control) -

    http://www.photolab.ca/Upload/ImageUploader4.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java

    Runtime Environment 1.6.0) -

    http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows

    -i586-jc.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}

    (ActiveScan Installer Class) -

    http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma

    Image Uploader 3.0 Control) -

    http://www.photolab.ca/en/Photo/ImageUploader3.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}

    (ActiveDataInfo Class) -

    https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.

    cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}

    (Shockwave Flash Object) -

    http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/

    swflash.cab
    O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook

    Photo Uploader 4) -

    http://upload.facebook.com/controls/FacebookPhotoUploader4_

    5.cab
    O17 -

    HKLM\System\CCS\Services\Tcpip\..\{35EE70F3-1A4B-4F7F-82CB-

    21C0CEEEB3B1}: NameServer = 192.168.0.1,4.2.2.2
    O17 -

    HKLM\System\CS1\Services\Tcpip\..\{35EE70F3-1A4B-4F7F-82CB-

    21C0CEEEB3B1}: NameServer = 192.168.0.1,4.2.2.2
    O17 -

    HKLM\System\CS2\Services\Tcpip\..\{35EE70F3-1A4B-4F7F-82CB-

    21C0CEEEB3B1}: NameServer = 192.168.0.1,4.2.2.2
    O23 - Service: Apple Mobile Device - Apple, Inc. -

    C:\Program Files\Common Files\Apple\Mobile Device

    Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program

    Files\Bonjour\mDNSResponder.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) -

    Macrovision Corporation - C:\Program Files\Common

    Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program

    Files\iPod\bin\iPodService.exe
    O23 - Service: Trend Micro Central Control Component

    (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend

    Micro\Internet Security\SfCtlCom.exe
    O23 - Service: Trend Micro Unauthorized Change Prevention

    Service (TMBMServer) - Trend Micro Inc. - C:\Program

    Files\Trend Micro\BM\TMBMSRV.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) -

    Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend

    Micro Inc. - C:\Program Files\Trend Micro\Internet

    Security\TmProxy.exe

    --
    End of file - 4831 bytes
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/703955

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice