|
|
#1 |
|
FFR Player
Join Date: Oct 2006
Posts: 155
|
The command prompt and task manager on my laptop are hijacked for some reason.
It's times like this I wish I had a Mac. Suggestions? |
|
|
|
|
|
#2 |
|
FFR Veteran
Join Date: Aug 2005
Posts: 893
|
What do you mean? Please provide details.
__________________
Are you a stepartist? |
|
|
|
|
|
#3 |
|
FFR Player
|
Post a HijackThis log. I won't be able to completely remove it (I'm not really all that great haha, but I won't tell you to delete anything I'm not sure you should) but I should be able to make your computer at least usable. That is, assuming you actually have Trojan and it isn't anything else.
Or, if you don't trust me, run an AVG scan.
__________________
last.fm Last edited by lord_carbo; 04-15-2007 at 12:49 AM.. |
|
|
|
|
|
#4 |
|
Banned
|
System restore.
|
|
|
|
|
|
#5 |
|
shots FIRED
Global Moderator, User Support, Judge
|
Try a scan in safe mode first. I think I have a virus in my comp too. I can't find it still; it's probably hidden.
|
|
|
|
|
|
#6 |
|
FFR Player
Join Date: Oct 2006
Posts: 155
|
Logfile of HijackThis v1.99.1
Scan saved at 10:16:20 PM, on 15/04/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\Program Files\Toshiba\Tvs\TvsTray.exe C:\Program Files\Synaptics\SynTP\Toshiba.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe C:\WINDOWS\system32\TPSMain.exe C:\Program Files\ltmoh\Ltmoh.exe C:\WINDOWS\Logi_MwX.Exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\WINDOWS\FixCamera.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\QUICKENW\QWDLLS.EXE C:\WINDOWS\system32\RAMASST.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\svchost.exe C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\ntvdm.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\ZEREYA~1\LOCALS~1\Temp\Rar$EX00.500\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://shoptoshiba.ca/welcome O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O4 - Global Startup: svchost.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe |
|
|
|
|
|
#7 |
|
FFR Player
|
Yeah, see, you've got a svchost.exe that's not in sys32, so it's probably trying to hide itself from virus scanning programs which wouldn't, by default, delete something entitled svchost.exe.
First, through HijackThis, remove: O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE It is not a good entry: http://www.pcreview.co.uk/startup/ALCMTR.EXE.php Now, you probably do have Trojan, so run a scan in safe mode with AVG Free. If it doesn't catch it, use a program like Killbox or something to delete on reboot: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\svchost.exe
__________________
last.fm Last edited by lord_carbo; 04-15-2007 at 01:36 AM.. |
|
|
|
|
|
#8 |
|
let it snow~
|
There's a trojan on your computer?
![]() Tell him to get off. |
|
|
|
|
|
#9 |
|
FFR Player
Join Date: Oct 2006
Posts: 155
|
Squeek, I'm all for your good humor and stuff, but this is not as funny, because I want to learn C and I need to use the command prompt.
And would it not be more appropriate to use a trojan horse? Edit: On the topic of free internet security (**** $49+ for Norton), is there a good firewall out there? Last edited by ygugsa295; 04-15-2007 at 02:04 AM.. |
|
|
|
|
|
#10 |
|
shots FIRED
Global Moderator, User Support, Judge
|
Trend Micro is a good one; I forgot if it was free or not.
|
|
|
|
|
|
#11 |
|
FFR Player
Join Date: May 2004
Posts: 244
|
zone alarm is the best free firewall imo
and ewido (avg) anti spyware is a very comprehensive anti-malware scan
__________________
Last edited by Could_Strife007; 04-15-2007 at 02:17 AM.. |
|
|
|
|
|
#12 |
|
let it snow~
|
You set yourself up for this.
Not to mention that you're asking for help on a flash game's website. Sure, as it turns out, you'll probably get the help, but there are forums that exist for the sole purpose of solving computer problems out there. |
|
|
|
|
|
#13 |
|
FFR Veteran
Join Date: Aug 2005
Posts: 893
|
Such as Techguy.org.
As for free firewalls, I personally use ZoneAlarm, although I've heard good things about Kerio.
__________________
Are you a stepartist? |
|
|
|
|
|
#14 |
|
FFR Player
Join Date: Aug 2003
Location: Planet vegeta
Age: 30
Posts: 531
|
Sheesh, I had a really nasty virus a few weeks ago that forced me to reinstall windows. I think the name was W32-Fujacks or something along those longs.
Anyway, run avg and hijackthis scan.
__________________
![]() <- Support!"Dumbledore returns from the dead and declares it to be hammertime, Harry proceeds to break it down, Voldemort is unable to touch this." Evilcowgod is not amused. |
|
|
|
|
|
#15 |
|
FFR Player
Join Date: Oct 2006
Posts: 155
|
|
|
|
|
|
|
#16 |
|
FFR Player
Join Date: Aug 2003
Location: Planet vegeta
Age: 30
Posts: 531
|
Safe mode makes it so windows only loads the neccesary(?) drivers to run your PC, this excludes start up items, video drivers networking, etc. to make sure whatever you're trying to get rid of isn't running. Wikipeda - safe mode
__________________
![]() <- Support!"Dumbledore returns from the dead and declares it to be hammertime, Harry proceeds to break it down, Voldemort is unable to touch this." Evilcowgod is not amused. Last edited by evilcowgod; 04-15-2007 at 03:01 AM.. Reason: i liek pie |
|
|
|
|
|
#17 |
|
FFR Player
Join Date: Oct 2006
Posts: 155
|
Mmmkay.
brb scanning |
|
|
|
|
|
#18 |
|
FFR Player
|
K then, ignore me why don't ya >=( I guarantee you that ALCMTR.EXE and that copy of svchost.exe in your start menu folder are the causes behind any malware or Trojan or whatever in your computer.
__________________
last.fm |
|
|
|
|
|
#19 |
|
Banned
|
Everyone knows to listen to evilcowgod over you. Duh...
|
|
|
|
|
|
#20 |
|
FFR Player
Join Date: Aug 2003
Location: Planet vegeta
Age: 30
Posts: 531
|
Lol. But seriously I do know a thing or two when it comes to getting rid of spyware/viruses. I've had more than enough over the 3/4 years that i've been into computers.
__________________
![]() <- Support!"Dumbledore returns from the dead and declares it to be hammertime, Harry proceeds to break it down, Voldemort is unable to touch this." Evilcowgod is not amused. |
|
|
|
![]() |
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
|
|