1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

should i be woried

Discussion in 'Windows XP' started by computerboyo, Jul 8, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. computerboyo

    computerboyo Thread Starter

    Joined:
    Mar 21, 2007
    Messages:
    46
    i was playing a game that require a script for the game to be download rise on nation TaP for no nukes on shilds or final upgrades than it frose as the game started than i shut it down i restarted than hers where it starts to get wird.
    it asked me to login never asked me before than
    upon login a comand promt opened saying done.
    im runing avg right now
    tis is the current status with some change system files ran sfc /scannow but thhose dident change
    [​IMG]
    should i be woried?
     
  2. Solartide

    Solartide

    Joined:
    Jul 8, 2007
    Messages:
    29
    It asked you to login, login to what exactly?
     
  3. computerboyo

    computerboyo Thread Starter

    Joined:
    Mar 21, 2007
    Messages:
    46
    my account but i was the only account on the system and before this i never had to do that
     
  4. The Hound

    The Hound

    Joined:
    May 27, 2007
    Messages:
    3,235
    I"d be worried.

    When your avg scan finishes, post a hijackthis log and let the experts worry for you.

    Download hijackthis here:

    http://www.thespykiller.co.uk/files/HJTsetup.exe

    Save HJTsetup.exe to your desktop.
    Double click on the HJTsetup.exe icon on your desktop.
    By default it will install to C:\Program Files\Hijack This.
    Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    Put a check by Create a desktop icon then click Next again.
    Continue to follow the rest of the prompts from there.
    At the final dialogue box click Finish and it will launch Hijack This.

    Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    Click Save to save the log file and then the log will open in notepad.
    Click Edit > Select All> Edit > Copy to copy the entire contents of the log.
    Paste the log in your next reply.

    DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
     
  5. computerboyo

    computerboyo Thread Starter

    Joined:
    Mar 21, 2007
    Messages:
    46
    shuld i replace the cahnges system files form the ones on my xp setup disk?
     
  6. Blackmirror

    Blackmirror

    Joined:
    Dec 5, 2006
    Messages:
    32,642
    If i might make a suggestion about your signature
    all that computer info can be entered in your profile

    Have you installed any windows updates
     
  7. computerboyo

    computerboyo Thread Starter

    Joined:
    Mar 21, 2007
    Messages:
    46
    all of them
     
  8. computerboyo

    computerboyo Thread Starter

    Joined:
    Mar 21, 2007
    Messages:
    46
    shuld i do a spyware check with windows defender?
     
  9. The Hound

    The Hound

    Joined:
    May 27, 2007
    Messages:
    3,235
    Why not just post the log (see post #4 in this thread), and let a malware expert help you sort this out...the more you do on your own, the more difficult it becomes to separate what that script did from what you may have tried to do...
     
  10. computerboyo

    computerboyo Thread Starter

    Joined:
    Mar 21, 2007
    Messages:
    46
  11. Blackmirror

    Blackmirror

    Joined:
    Dec 5, 2006
    Messages:
    32,642
    When Avg detects changes that are not viruses and you know that you have updated with windows updates

    do a system only scan in AVG and confirm changes

    I would recommend a hijack this log as well
     
  12. ozrom1e

    ozrom1e

    Joined:
    May 15, 2006
    Messages:
    11,849
    Seems like they are already in there so just to make your thread shorted why not edit the signature and make it shorter with a saying of some sort. And I do have to compliment you on showing system specs, I wish everybody did as well.
     
  13. computerboyo

    computerboyo Thread Starter

    Joined:
    Mar 21, 2007
    Messages:
    46
    avg only dected the changed files runing hijack this now....
     
  14. computerboyo

    computerboyo Thread Starter

    Joined:
    Mar 21, 2007
    Messages:
    46
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:01:22 PM, on 7/8/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
    C:\Program Files\Cerberus\Cerberus.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\devnz\gbpvr\GBPVRRecordingService.exe
    C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
    C:\Program Files\HomingBeacon.NET\hb3svc.exe
    C:\Program Files\devnz\gbpvr\GBPVRTray.exe
    C:\Program Files\No-IP\DUC20.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Soltek] C:\WINDOWS\system32\autorun.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Startup: GBPVRTray.exe.lnk = ?
    O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
    O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u1-windows-i586-jc.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E43A2616-0A64-4733-89A2-A2E65A93B56C}: NameServer = 192.168.0.1
    O23 - Service: Apache2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Cerberus FTP Server - Grant Averett - C:\Program Files\Cerberus\Cerberus.exe
    O23 - Service: GB-PVR Recording Service - devnz.com - C:\Program Files\devnz\gbpvr\GBPVRRecordingService.exe
    O23 - Service: HomingBeacon Dynamic DNS (HomingBeacon) - ChangeIP.com - C:\Program Files\HomingBeacon.NET\hb3svc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

    --
    End of file - 6575 bytes
     
  15. computerboyo

    computerboyo Thread Starter

    Joined:
    Mar 21, 2007
    Messages:
    46
    This one seems spisuious
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - should woried
  1. Edvinas112edvis
    Replies:
    2
    Views:
    799
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/593262

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice