do i have any virus?

jhahhaha · 09-13-2008, 01:04 PM

do i have any virus? i have scanned with avg 8.0 but i dunno...
here is a hijack this log thing

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:50:32, on 2008-09-13
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\mabidwe.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\roytctm.exe
C:\WINDOWS\system32\soxpeca.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\WINDOWS\system32\tdydowkc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe
C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wsldoekd.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tv.nu/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 64.34.46.60 travelvalid.com
O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SaiVolume] C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe
O4 - HKLM\..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1213399670046
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {8FD07749-EFFA-48C6-947C-45A8D7BF422F} - http://www.cyberlink.com/multi/patch...ateAdvisor.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary...t.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: PremierOpinion - C:\Program Files\PremierOpinion\pmls.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AFinding Service (AFinding) - Unknown owner - C:\WINDOWS\system32\afinding.exe (file missing)
O23 - Service: afisicx Corporation inc. (afisicx) - Unknown owner - C:\WINDOWS\system32\afisicx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: mabidwe Service (mabidwe) - Unknown owner - C:\WINDOWS\system32\mabidwe.exe
O23 - Service: macidwe Service (macidwe) - Unknown owner - C:\WINDOWS\system32\macidwe.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NOBICYT Service (NOBICYT) - Unknown owner - C:\WINDOWS\system32\Nobicyt.exe (file missing)
O23 - Service: noxtcyr Settings storage service (noxtcyr) - Unknown owner - C:\WINDOWS\system32\noxtcyr.exe (file missing)
O23 - Service: noytcyr Service (noytcyr) - Unknown owner - C:\WINDOWS\system32\noytcyr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: perfmons - Unknown owner - C:\WINDOWS\system32\perfs.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe (file missing)
O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe (file missing)
O23 - Service: roxtctm Manages messages (roxtctm) - Unknown owner - C:\WINDOWS\system32\roxtctm.exe (file missing)
O23 - Service: roytctm Service (roytctm) - Unknown owner - C:\WINDOWS\system32\roytctm.exe
O23 - Service: sobicyt Service (sobicyt) - Unknown owner - C:\WINDOWS\system32\sobicyt.exe (file missing)
O23 - Service: sotpeca Event propagation service (sotpeca) - Unknown owner - C:\WINDOWS\system32\sotpeca.exe (file missing)
O23 - Service: soxpeca Service (soxpeca) - Unknown owner - C:\WINDOWS\system32\soxpeca.exe
O23 - Service: SRS Labs License Service - SRS Labs - C:\Program Files\Common Files\SRS Labs Shared\Service\srslabslicenseservice.exe
O23 - Service: tdxdowkc Service (tdxdowkc) - Unknown owner - C:\WINDOWS\system32\tdxdowkc.exe (file missing)
O23 - Service: tdydowkc Service (tdydowkc) - Unknown owner - C:\WINDOWS\system32\tdydowkc.exe
O23 - Service: WServing Service (WServing) - Unknown owner - C:\WINDOWS\system32\wserving.exe (file missing)
O23 - Service: wsldoekd Corporation inc. (wsldoekd) - Unknown owner - C:\WINDOWS\system32\wsldoekd.exe

--
End of file - 10020 bytes

cetkat · 09-13-2008, 02:30 PM

Yes, you do. I don't do HijackThis logs.. you need to post in that forum for a detailed analysis and directions for how to clean your system.

http://www.techsupportforum.com/secu...oval-help.html

Google is your friend. Malware usually shows up in your running processes under C:\WINDOWS\system32\filename. I searched for the ones I'm not familar with and came up with:

MALWARE (possibly all part of the same program):
mabidwe.exe
soxpeca.exe
roytctm.exe
tdydowkc.exe
wsldoekd.exe

NOT Malware, but something you may want to look at:
PnkBstrA.exe
http://gabriel.lozano-moran.name/blo...5a781e520.aspx

This is as far as I can help you.. so if you need futher assistance, follow the above link. Good luck!

**justpassingby** · 09-13-2008, 02:37 PM

Hi jhahhaha and welcome to TSF !

PnkBstrA.exe is an anti-cheat program that installs with some online games and starts automatically with Windows. The other processes made of random letters are something to be concerned about. I've seen some virtual CD drives (daemon tools among others) use such processes but having 5 of them is unusual.

As cetkat said you'll need to follow this link, read the instructions carefully and post your final log with a sumary of your issues in a new thread in the HijackThis log help section. Be very patient since that section is extremely busy, they'll get back to you as soon as they'll have reviewed your log.

I'll close this thread since HJT log help isn't allowed outside of the HJT section. Read this : http://www.techsupportforum.com/secu...lping-you.html

09-13-2008, 01:04 PM	#1 (permalink)
jhahhaha Registered User Join Date: Sep 2008 Posts: 1 OS: xp	do i have any virus? do i have any virus? i have scanned with avg 8.0 but i dunno... here is a hijack this log thing Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:50:32, on 2008-09-13 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\mabidwe.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\A4Tech\Mouse\Amoumain.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\roytctm.exe C:\WINDOWS\system32\soxpeca.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\WINDOWS\system32\tdydowkc.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe C:\Program Files\Saitek\SD6\Software\ProfilerU.exe C:\Program Files\Saitek\SD6\Software\SaiMfd.exe C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\wsldoekd.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\NETGEAR\WG111v3\WG111v3.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tv.nu/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O1 - Hosts: 64.34.46.60 travelvalid.com O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [SaiVolume] C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe O4 - HKLM\..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1213399670046 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {8FD07749-EFFA-48C6-947C-45A8D7BF422F} - http://www.cyberlink.com/multi/patch...ateAdvisor.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary...t.cab56907.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: PremierOpinion - C:\Program Files\PremierOpinion\pmls.dll (file missing) O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: AFinding Service (AFinding) - Unknown owner - C:\WINDOWS\system32\afinding.exe (file missing) O23 - Service: afisicx Corporation inc. (afisicx) - Unknown owner - C:\WINDOWS\system32\afisicx.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: mabidwe Service (mabidwe) - Unknown owner - C:\WINDOWS\system32\mabidwe.exe O23 - Service: macidwe Service (macidwe) - Unknown owner - C:\WINDOWS\system32\macidwe.exe (file missing) O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NOBICYT Service (NOBICYT) - Unknown owner - C:\WINDOWS\system32\Nobicyt.exe (file missing) O23 - Service: noxtcyr Settings storage service (noxtcyr) - Unknown owner - C:\WINDOWS\system32\noxtcyr.exe (file missing) O23 - Service: noytcyr Service (noytcyr) - Unknown owner - C:\WINDOWS\system32\noytcyr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: perfmons - Unknown owner - C:\WINDOWS\system32\perfs.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe (file missing) O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe (file missing) O23 - Service: roxtctm Manages messages (roxtctm) - Unknown owner - C:\WINDOWS\system32\roxtctm.exe (file missing) O23 - Service: roytctm Service (roytctm) - Unknown owner - C:\WINDOWS\system32\roytctm.exe O23 - Service: sobicyt Service (sobicyt) - Unknown owner - C:\WINDOWS\system32\sobicyt.exe (file missing) O23 - Service: sotpeca Event propagation service (sotpeca) - Unknown owner - C:\WINDOWS\system32\sotpeca.exe (file missing) O23 - Service: soxpeca Service (soxpeca) - Unknown owner - C:\WINDOWS\system32\soxpeca.exe O23 - Service: SRS Labs License Service - SRS Labs - C:\Program Files\Common Files\SRS Labs Shared\Service\srslabslicenseservice.exe O23 - Service: tdxdowkc Service (tdxdowkc) - Unknown owner - C:\WINDOWS\system32\tdxdowkc.exe (file missing) O23 - Service: tdydowkc Service (tdydowkc) - Unknown owner - C:\WINDOWS\system32\tdydowkc.exe O23 - Service: WServing Service (WServing) - Unknown owner - C:\WINDOWS\system32\wserving.exe (file missing) O23 - Service: wsldoekd Corporation inc. (wsldoekd) - Unknown owner - C:\WINDOWS\system32\wsldoekd.exe -- End of file - 10020 bytes

09-13-2008, 02:30 PM	#2 (permalink)
cetkat Registered User Join Date: May 2008 Posts: 204 OS: XP SP3	Re: do i have any virus? Yes, you do. I don't do HijackThis logs.. you need to post in that forum for a detailed analysis and directions for how to clean your system. http://www.techsupportforum.com/secu...oval-help.html Google is your friend. Malware usually shows up in your running processes under C:\WINDOWS\system32\filename. I searched for the ones I'm not familar with and came up with: MALWARE (possibly all part of the same program): mabidwe.exe soxpeca.exe roytctm.exe tdydowkc.exe wsldoekd.exe NOT Malware, but something you may want to look at: PnkBstrA.exe http://gabriel.lozano-moran.name/blo...5a781e520.aspx This is as far as I can help you.. so if you need futher assistance, follow the above link. Good luck!

09-13-2008, 02:37 PM	#3 (permalink)
justpassingby Moderator, Microsoft Support Join Date: Mar 2007 Location: Belgium Posts: 6,124 OS: XP Home SP3 / Ubuntu My System	Re: do i have any virus? Hi jhahhaha and welcome to TSF ! PnkBstrA.exe is an anti-cheat program that installs with some online games and starts automatically with Windows. The other processes made of random letters are something to be concerned about. I've seen some virtual CD drives (daemon tools among others) use such processes but having 5 of them is unusual. As cetkat said you'll need to follow this link, read the instructions carefully and post your final log with a sumary of your issues in a new thread in the HijackThis log help section. Be very patient since that section is extremely busy, they'll get back to you as soon as they'll have reviewed your log. I'll close this thread since HJT log help isn't allowed outside of the HJT section. Read this : http://www.techsupportforum.com/secu...lping-you.html __________________ Malware removal steps. Post your logs there and not here ! Posting system specs Last edited by justpassingby; 09-13-2008 at 02:41 PM.