Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Thursday 6.3.2025 / 20:10
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > i'm afraid of having a virus(hijackthis log included)
Show topics
 
Forums
Forums
I'm afraid of having a virus(hijackthis log included)
  Jump to:
 
Posted Message
xFreeze
Newbie
_ 		13. May 2008 @ 17:14 _ Link to this message    Send private message to this user   
I have downloaded an IronMan the game trainer, and when I opened it a window popped up saying something like "C:\Windows\System32\H@tKeysH@@k.dll".
I can't find it in System32 and I have hidden\system files show enabled.
I scanned my system with Nod32 and AVG Free Edition 8.0 and it found nothing.
HiJackThis log: 
Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:09:44 AM, on 5/15/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal



Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Windows\System32\rundll32.exe

D:\Program Files\Multi-Direction Opitcal Mouse\Multi-Direction Opitcal Mouse\2.0\ACQTMAPP.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\taskeng.exe

D:\IDM\IDMan.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\AVG\AVG8\avgui.exe

C:\Program Files\AVG\AVG8\avgscanx.exe

C:\Users\user\Desktop\VundoFix.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe



R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

O1 - Hosts: ::1 localhost

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\IDM\IDMIECC.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [ACQTMOUSE] "D:\Program Files\Multi-Direction Opitcal Mouse\Multi-Direction Opitcal Mouse\2.0\ACQTMAPP.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [NVIDIA nTune] "d:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear

O4 - HKCU\..\Run: [IDMan] D:\IDM\IDMan.exe /onboot

O4 - HKCU\..\Run: [UIWatcher] D:\Your Uninstaller\UIWatcher.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Daemon Tools\daemon.exe" -autorun

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O8 - Extra context menu item: &ייצוא אל Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Download all links with IDM - D:\IDM\IEGetAll.htm

O8 - Extra context menu item: Download FLV video content with IDM - D:\IDM\IEGetVL.htm

O8 - Extra context menu item: Download with IDM - D:\IDM\IEExt.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: ??? ?? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: ?&?? ?? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing

O13 - Gopher Prefix: 

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: nTune Service (nTuneService) - NVIDIA - d:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: wampapache - Apache Software Foundation - D:\Wamp Server\bin\apache\apache2.2.8\bin\httpd.exe

O23 - Service: wampmysqld - Unknown owner - D:\Wamp Server\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe



--

End of file - 7340 bytes

P.S I'm running VundoFix right now.
Thanks to the helpers,
xFreeze.
[ + quote]
Advertisement
_ 		__
i_am_alex
Member
_ 		13. May 2008 @ 21:25 _ Link to this message    Send private message to this user   
[ + quote]
xFreeze
Newbie
_ 		14. May 2008 @ 07:08 _ Link to this message    Send private message to this user   
Umm..
I ended the rundll32.exe process and my computer became abit faster..
The link you gave me says my system should be slower :O
And how EGUI.exe and dwm.exe are releated to this?
EGUI.exe is Eset Smart Security(Nod32) and dwm.exe is Windows Vista Aero :O.
I still can't delete the IronMan trainer,it says it's being used by another program...
P.S VundoFix found nothing..
EDIT: I quartinated rundll32.exe..
[ + quote]

This message has been edited since posting. Last time this message was edited on 14. May 2008 @ 07:12
i_am_alex
Member
_ 		14. May 2008 @ 09:53 _ Link to this message    Send private message to this user   
Originally posted by xFreeze:
 Umm..
I ended the rundll32.exe process and my computer became abit faster..
The link you gave me says my system should be slower :O
And how EGUI.exe and dwm.exe are releated to this?
EGUI.exe is Eset Smart Security(Nod32) and dwm.exe is Windows Vista Aero :O.
I still can't delete the IronMan trainer,it says it's being used by another program...
P.S VundoFix found nothing..
EDIT: I quartinated rundll32.exe..
Don't end RUNDLL, just showing it. Those links say they could be possibly infected.

Download Avast, install it, boot yout PC in safe mode, and scan. If it finds nothing, just locate the file manually and remove on start up.
[ + quote]
Advertisement
_ 		__
 
_
xFreeze
Newbie
_ 		14. May 2008 @ 10:17 _ Link to this message    Send private message to this user   
I have a problem booting on safemode..
My PC starts up too fast and it doesnt go on safemode even if I mass click F8..
EDIT: OK SafeMode works now.. I had to enable USB 2.0 in boot..
I am downloading Avast 4 Free Home Edition.
[ + quote]

This message has been edited since posting. Last time this message was edited on 14. May 2008 @ 11:12
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > i'm afraid of having a virus(hijackthis log included)
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2025 by AfterDawn Ltd.

  IDG TechNetwork