Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Hijackthis log I need some assistance please

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Hijackthis log I need some assistance please

Unread postby borisbathtime » January 14th, 2008, 8:22 am

I am getting constant pop-ups - mainly celldorado and ukprizedraw plus some others.
Have run Avast scan Bit defender scan Adaware scan and AVG scan also am putting the URLs into a block log with pop-up Blocker. Still they keep comming. HELP.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:16:10, on 14/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RTDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe
C:\Program Files\FlashGet\flashget.exe
C:\PROGRA~1\RETROS~1\RETROS~1.1\RetroExpress.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
C:\Program Files\Griffin Technology\AirClick\AirClick.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Wireless\Client Manager\CMags.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\RETROS~1\RETROS~1.1\retrorun.exe
C:\Program Files\Pop up Blocker\pd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.demon.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/defau ... l=en&s=gen
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Demon
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=www-cache.demon.co.uk:8080;gopher=www-cache.demon.co.uk:8080;http=www-cache.demon.co.uk:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.demon.net;ftp.demon.co.uk;www.demon.co.uk;<local>
O1 - Hosts: 127.98.9.1 pop3.demon.co.uk.b9
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: PrintMe - {97387E2B-B2FA-4E4A-A607-F3B5C134F71C} - C:\Program Files\EFI\PrintMeToolbar\htpmcap.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: PrintMe - {97387E2B-B2FA-4E4A-A607-F3B5C134F71C} - C:\Program Files\EFI\PrintMeToolbar\htpmcap.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [RTDCPL] RTDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] "C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Opware12] "C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe"
O4 - HKLM\..\Run: [OCAudioIni] "C:\Program Files\One-click Audio Converter\OCAudioIni.exe"
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\RETROS~1\RETROS~1.1\RetroExpress.exe /h
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpWasher] C:\Program Files\Webroot\PopUpWasher\PopUpWasher.exe
O4 - HKCU\..\Run: [RemoteCenter] "C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe /SCB
O4 - HKCU\..\Run: [Pop up Blocker] "C:\Program Files\Pop up Blocker\pd.exe" Minimize
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AirClick.lnk = C:\Program Files\Griffin Technology\AirClick\AirClick.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Wireless Client Manager.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PRDIE - {41737187-53FC-46B2-B0EE-0A2471E4A429} - C:\Program Files\Privacy Defender\prd.exe
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PD - {BE8EABA3-D3ED-4986-AE8E-B4546E8E25C1} - C:\Program Files\Pop up Blocker\pd.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.demon.net
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8668100093
O17 - HKLM\System\CCS\Services\Tcpip\..\{3BF728A3-2FEB-4970-AE1F-C7074F92CB21}: NameServer = 158.152.1.58,158.152.1.43
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Dantz - C:\PROGRA~1\RETROS~1\RETROS~1.1\retrorun.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 15899 bytes


Any Ideas ?
Thanks,
Tony
borisbathtime
Regular Member
 
Posts: 18
Joined: January 14th, 2008, 8:11 am
Advertisement
Register to Remove

Re: Hijackthis log I need some assistance please

Unread postby 'KotaGuy » January 17th, 2008, 12:49 pm

If you still require help can you post a new HijackThis log please. Its been a few days since you've posted and something in the log may have changed since then.

Thanks!
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Re: Hijackthis log I need some assistance please

Unread postby borisbathtime » January 17th, 2008, 5:50 pm

YES still need help - heres another log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:47:48, on 17/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\RTDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe
C:\Program Files\FlashGet\flashget.exe
C:\PROGRA~1\RETROS~1\RETROS~1.1\RetroExpress.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Pop up Blocker\pd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Griffin Technology\AirClick\AirClick.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Wireless\Client Manager\CMags.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\RETROS~1\RETROS~1.1\retrorun.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.demon.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/defau ... l=en&s=gen
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Demon
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=www-cache.demon.co.uk:8080;gopher=www-cache.demon.co.uk:8080;http=www-cache.demon.co.uk:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.demon.net;ftp.demon.co.uk;www.demon.co.uk;<local>
O1 - Hosts: 127.98.9.1 pop3.demon.co.uk.b9
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: PrintMe - {97387E2B-B2FA-4E4A-A607-F3B5C134F71C} - C:\Program Files\EFI\PrintMeToolbar\htpmcap.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: PrintMe - {97387E2B-B2FA-4E4A-A607-F3B5C134F71C} - C:\Program Files\EFI\PrintMeToolbar\htpmcap.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RTDCPL] RTDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] "C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Opware12] "C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe"
O4 - HKLM\..\Run: [OCAudioIni] "C:\Program Files\One-click Audio Converter\OCAudioIni.exe"
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\RETROS~1\RETROS~1.1\RetroExpress.exe /h
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpWasher] C:\Program Files\Webroot\PopUpWasher\PopUpWasher.exe
O4 - HKCU\..\Run: [RemoteCenter] "C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Pop up Blocker] "C:\Program Files\Pop up Blocker\pd.exe" Minimize
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AirClick.lnk = C:\Program Files\Griffin Technology\AirClick\AirClick.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Wireless Client Manager.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PD - {BE8EABA3-D3ED-4986-AE8E-B4546E8E25C1} - C:\Program Files\Pop up Blocker\pd.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.demon.net
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8668100093
O17 - HKLM\System\CCS\Services\Tcpip\..\{3BF728A3-2FEB-4970-AE1F-C7074F92CB21}: NameServer = 158.152.1.58,158.152.1.43
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Dantz - C:\PROGRA~1\RETROS~1\RETROS~1.1\retrorun.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 14263 bytes
borisbathtime
Regular Member
 
Posts: 18
Joined: January 14th, 2008, 8:11 am

Re: Hijackthis log I need some assistance please

Unread postby 'KotaGuy » January 17th, 2008, 6:06 pm

I noticed you posted your log here as well...

http://forum.bitdefender.com/lofiversio ... t3923.html

Please let me know if you would like to be helped here or if you are going to continue with your log at the other forum. If you want to continue to be helped here, I ask that you request for your topic at the BitDefender forum to be closed.

Thanks.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Re: Hijackthis log I need some assistance please

Unread postby borisbathtime » January 18th, 2008, 7:50 am

Ok - will close it - obviously I'm looking for anyone anywhere to help me. You may also notice that my second log has less programs running because in my efforts to sort out the problem I ended up with so many anti virus, anti spyware and anti pop up programs running that my computer was running extremely slow.
borisbathtime
Regular Member
 
Posts: 18
Joined: January 14th, 2008, 8:11 am

Re: Hijackthis log I need some assistance please

Unread postby 'KotaGuy » January 18th, 2008, 10:30 am

Run HijackThis. Click the Misc Tools button. Then the Uninstall Manager button. then the Save List button. Save the list to your Desktop.

Run Kaspersky Online AV Scanner
Using Internet Explorer Go to http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html and click the Accept button at the end of the page.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
  • Read the Requirements and limitations before you click Accept.
  • Allow the ActiveX download if necessary.
  • Once the database has downloaded, click Next.
  • Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
  • Click on "My Computer" and then put the kettle on!
  • When the scan has completed, click Save Report As...
  • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
  • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

Copy and paste the report into your next reply along with the Uninstall List please.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Re: Hijackthis log I need some assistance please

Unread postby borisbathtime » January 18th, 2008, 2:07 pm

OK THATS DONE . HERE ARE THE UNINSTALL FILE AND THE KASPERSKY FILE

Ad-Aware 2007
Adobe Flash Player 9 ActiveX
Adobe Photoshop Elements 2.0
Adobe Reader 7.0.9
AirClick
allTunes
Apple Mobile Device Support
Apple Software Update
avast! Antivirus
BitComet 0.95
BitTorrent 4.24.0
Canon Camera Window for ZoomBrowser EX
Canon EOS Kiss REBEL 300D WIA Driver
Canon i865
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PhotoPrint Plus
Canon Utilities File Viewer Utility 1.3
Canon Utilities PhotoStitch 3.1
Canon Utilities RemoteCapture 2.7
Canon Utilities ZoomBrowser EX
Cda Product Service - shared component
CD-LabelPrint
CinepPlayer 30 Update
Creative MediaSource
Creative System Information
Dell CinePlayer
Dell Driver Reset Tool
Dell Media Experience
Dell Support 5.0.0 (630)
DesignPro 5 Lite Edition
DVD Decrypter (Remove Only)
DVDFab Platinum 3.2.1.0
Easy-WebPrint
EFI PrintMe Toolbar
FileAlyzer
Firetrust Benign 1.5.0
FlashGet 1.8.2.1003
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
HP Image Zone 4.0
HP Scanjet 3770
HP Software Update
iMesh
ImTOO DVD Copy Express
InCD
iPod for Windows 2006-03-23
iPod for Windows User Guide
iPod System Software Updater 2.0.1
iTunes
Java DB 10.2.2.0
Java(TM) 6 Update 3
Java(TM) SE Development Kit 6 Update 3
Learn2 Player (Uninstall Only)
LimeWire
LimeWire PRO 4.12.6
Lotus SmartSuite 97
MAGIX audio cleaning lab 3.0 deLuxe
MailWasher Free
MailWasher Pro
Maxtor OneTouch III
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money
Microsoft Money System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft Office PowerPoint Viewer 2003
MixMeister Express 6
Mozilla Firefox (2.0.0.11)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
Nero Digital
Nero Media Player
Nero OEM
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
oggcodecs 0.71.0946
OmniPage Pro 12.0
One-click Audio Converter Uninstall
PCFriendly
Pop up Blocker v6.0.6 (remove only)
QuickTime
Readiris Pro 9
RealPlayer
Retrospect 6.0
Retrospect Express HD 1.1
RunAlyzer
SA21xx Device Manager
ScanSoft RealSpeak
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Sonic Activation Module
Sound Blaster Audigy 2 ZS
Transfer MyPC
Turnpike Six
Ulead DVD MovieFactory 2
Ulead MediaStudio Pro 7.0
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB931836)
VideoLAN VLC media player 0.8.6c
Viewpoint Media Player
Window Washer
Windows Internet Explorer 7
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 9 Series SDK
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
WinRAR archiver
WinZip
Wireless Client
Wireless Client Manager V3.30
Yahoo! Toolbar

KASPERSKY ONLINE SCANNER REPORT
Friday, January 18, 2008 6:03:46 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 18/01/2008
Kaspersky Anti-Virus database records: 522081
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 95740
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 01:10:05

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Tony\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\Tony\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Tony\Local Settings\Application Data\ApplicationHistory\AirClick.exe.58306b3.ini.inuse Object is locked skipped
C:\Documents and Settings\Tony\Local Settings\Application Data\ApplicationHistory\RetroExpress.exe.fe859fee.ini.inuse Object is locked skipped
C:\Documents and Settings\Tony\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Tony\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Tony\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Tony\Local Settings\Temp\Perflib_Perfdata_ed0.dat Object is locked skipped
C:\Documents and Settings\Tony\Local Settings\Temp\Perflib_Perfdata_f90.dat Object is locked skipped
C:\Documents and Settings\Tony\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Tony\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Tony\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Tony\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\access_log Object is locked skipped
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\error.log Object is locked skipped
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\error_log Object is locked skipped
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\ssl_request_log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP453\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\_nvidia_xxx_.log Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_798.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\{00000003-00000000-00000003-00001102-00000004-20011102}.CDF Object is locked skipped

Scan process completed.
borisbathtime
Regular Member
 
Posts: 18
Joined: January 14th, 2008, 8:11 am

Re: Hijackthis log I need some assistance please

Unread postby 'KotaGuy » January 18th, 2008, 10:02 pm

Hmm... the logs aren't showing much...

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Re: Hijackthis log I need some assistance please

Unread postby borisbathtime » January 19th, 2008, 7:52 am

OKy Doky - Heres the ComboFix log

ComboFix 08-01-18.5 - Tony 2008-01-19 11:45:22.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.473 [GMT 0:00]
Running from: C:\Downloads\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Tony\Application Data\inst.exe
C:\Documents and Settings\Tony\Local Settings\Application Data\uaxytqiuv.dat
C:\Documents and Settings\Tony\Local Settings\Application Data\uaxytqiuv.exe
c:\Documents and Settings\Tony\Local Settings\Application Data\uaxytqiuv_nav.dat
c:\Documents and Settings\Tony\Local Settings\Application Data\uaxytqiuv_navps.dat
C:\WINDOWS\ORUN32.EXE
C:\WINDOWS\system32\CMMGR32.EXE
C:\WINDOWS\system32\nvs2.inf

.
((((((((((((((((((((((((( Files Created from 2007-12-19 to 2008-01-19 )))))))))))))))))))))))))))))))
.

2008-01-19 11:43 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-18 15:21 . 2008-01-18 15:21 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-18 15:21 . 2008-01-18 15:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-18 12:47 . 2008-01-18 12:47 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-18 12:15 . 2008-01-18 12:15 <DIR> d-------- C:\Deckard
2008-01-14 12:15 . 2008-01-14 12:15 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-11 14:41 . 2008-01-11 14:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-11 14:39 . 2008-01-16 18:36 121 --a------ C:\WINDOWS\bdagent.INI
2008-01-11 14:31 . 2008-01-11 14:33 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-01-11 14:12 . 2008-01-11 14:12 <DIR> d-------- C:\Program Files\Sun
2008-01-11 14:12 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-08 12:46 . 2008-01-14 11:15 <DIR> d-------- C:\Program Files\Pop up Blocker
2008-01-08 12:11 . 2008-01-08 12:11 <DIR> d-------- C:\Documents and Settings\Tony\Application Data\PopUpSentry.com
2008-01-08 12:10 . 2008-01-08 12:13 <DIR> d-------- C:\Program Files\PopUpSentry.com
2008-01-07 11:47 . 2008-01-08 12:52 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-07 11:47 . 2008-01-07 11:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-02 19:23 . 2008-01-02 19:23 <DIR> d-------- C:\Program Files\Philips

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-19 11:45 --------- d-----w C:\Program Files\FlashGet
2008-01-19 11:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\RetroExp
2008-01-18 14:44 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-01-18 14:15 --------- d-----w C:\Documents and Settings\Tony\Application Data\MailWasherPro
2008-01-18 14:12 --------- d-----w C:\Program Files\Microsoft Money
2008-01-11 14:12 --------- d-----w C:\Program Files\Java
2008-01-08 12:20 --------- d-----w C:\Program Files\Transfer MyPC
2008-01-08 12:20 --------- d-----w C:\Program Files\Audio Converter
2008-01-06 22:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-03 18:43 --------- d-----w C:\Documents and Settings\Tony\Application Data\dvdcss
2008-01-02 19:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-04 14:56 93,264 -c--a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 -c--a-w C:\WINDOWS\system32\AVASTSS.scr
2007-12-01 18:10 --------- d-----w C:\Documents and Settings\Tony\Application Data\Apple Computer
2007-09-20 17:07 47,360 -c--a-w C:\Documents and Settings\Tony\Application Data\pcouffin.sys
2007-09-03 17:12 81,920 ----a-w C:\Documents and Settings\Tony\Application Data\ezpinst.exe
2006-10-03 02:43 2,402,550 -c--a-w C:\WINDOWS\inf\SETBD.tmp
2006-10-03 02:43 2,402,550 -c--a-w C:\WINDOWS\inf\SET90.tmp
2006-04-01 17:00 786,432 -c-ha-w C:\Documents and Settings\Default User\Original Copy of NTUSER.DAT
2006-04-01 17:00 262,144 -c--a-w C:\Documents and Settings\All Users\Original Copy of ntuser.dat
2006-01-24 15:21 59,840 -c--a-w C:\Documents and Settings\Tony\Application Data\GDIPFONTCACHEV1.DAT
2006-04-16 13:00 56 -csh--r C:\WINDOWS\system32\E14A0EBD15.sys
2006-04-16 13:00 3,766 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2004-07-19 07:51 306688]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"PopUpWasher"="C:\Program Files\Webroot\PopUpWasher\PopUpWasher.exe" [ ]
"RemoteCenter"="C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe" [2003-10-08 15:35 139264]
"RemoteControl"="" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-21 18:37 68856]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"Pop up Blocker"="C:\Program Files\Pop up Blocker\pd.exe" [2007-01-12 21:45 1236992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTDCPL"="RTDCPL.EXE" [2005-07-08 18:16 12298240 C:\WINDOWS\system32\RTDCPL.EXE]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 05:00 33280 C:\WINDOWS\system32\rundll32.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 13:00 79224]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-15 17:00 196608]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 07:38 241664]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 09:43 57344]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 00:00 45056]
"CTHelper"="CTHELPER.EXE" [2003-10-06 06:57 24576 C:\WINDOWS\system32\CTHELPER.EXE]
"SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 17:06 45056]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 00:00 90112]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44 81920]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44 249856]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"Opware12"="C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe" [2002-08-01 02:49 49152]
"RemoteCenter"="" []
"OCAudioIni"="C:\Program Files\One-click Audio Converter\OCAudioIni.exe" [2006-01-23 19:13 57344]
"Flashget"="C:\Program Files\FlashGet\flashget.exe" [2007-04-16 15:10 1699840]
"RetroExpress"="C:\PROGRA~1\RETROS~1\RETROS~1.1\RetroExpress.exe" [2006-02-06 07:22 18583552]
"MaxtorOneTouch"="C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe" [2006-03-27 14:04 712704]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [2007-10-31 15:32 2250104]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 05:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-04-02 13:43:23]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
AirClick.lnk - C:\Program Files\Griffin Technology\AirClick\AirClick.exe [2005-03-07 03:27:00]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-10-09 16:39:00]
Wireless Client Manager.lnk - C:\Program Files\Wireless\Client Manager\CMags.EXE [2006-04-01 17:06:46]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lotus QuickStart.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Lotus QuickStart.lnk
backup=C:\WINDOWS\pss\Lotus QuickStart.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a--c--- 2005-02-16 22:11 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--------- 2004-06-04 11:33 1400944 C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
--a--c--- 2005-07-12 19:05 1117184 C:\Program Files\McAfee\SpamKiller\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
--a--c--- 2005-08-08 12:48 1109504 C:\Program Files\Webroot\Washer\wwDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)

R2 gearsec;gearsec;C:\WINDOWS\system32\gearsec.exe [2003-10-20 13:47]
R2 PfDetNT;PfDetNT;C:\WINDOWS\system32\drivers\PfModNT.sys [2003-03-05 11:19]
R2 wwEngineSvc;Window Washer Engine;C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-08-09 12:56]
R3 wlags51b;Agere Wireless USB Driver;C:\WINDOWS\system32\DRIVERS\wlags51b.sys [2003-09-22 17:14]
S1 SABKUTIL;SABKUTIL;C:\Program Files\PopUpSentry.com\Pop-Up Sentry!\SABKUTIL.sys []
S3 Wdm1;USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc.sys [2003-07-28 11:01]

*Newly Created Service* - AD-WATCH_REAL-TIME_SCANNER
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2008-01-03 19:33:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-13 03:30:00 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.ex
- C:\Program Files\RegistrySmart
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-19 11:49:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-19 11:49:28
ComboFix-quarantined-files.txt 2008-01-19 11:49:26
borisbathtime
Regular Member
 
Posts: 18
Joined: January 14th, 2008, 8:11 am

Re: Hijackthis log I need some assistance please

Unread postby 'KotaGuy » January 19th, 2008, 7:17 pm

Can you upload C:\WINDOWS\system32\E14A0EBD15.sys to VirusTotal and copy/pase the results of the scan in your next reply please.

Thanks.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Re: Hijackthis log I need some assistance please

Unread postby borisbathtime » January 20th, 2008, 7:49 am

Result: 0/32 (0%)

Antivirus Version Last Update Result
AhnLab-V3 2008.1.19.10 2008.01.18 -
AntiVir 7.6.0.48 2008.01.20 -
Authentium 4.93.8 2008.01.20 -
Avast 4.7.1098.0 2008.01.20 -
AVG 7.5.0.516 2008.01.19 -
BitDefender 7.2 2008.01.20 -
CAT-QuickHeal 9.00 2008.01.19 -
ClamAV 0.91.2 2008.01.20 -
DrWeb 4.44.0.09170 2008.01.20 -
eSafe 7.0.15.0 2008.01.16 -
eTrust-Vet 31.3.5470 2008.01.18 -
Ewido 4.0 2008.01.20 -
FileAdvisor 1 2008.01.20 -
Fortinet 3.14.0.0 2008.01.20 -
F-Prot 4.4.2.54 2008.01.19 -
F-Secure 6.70.13260.0 2008.01.19 -
Ikarus T3.1.1.20 2008.01.20 -
Kaspersky 7.0.0.125 2008.01.20 -
McAfee 5211 2008.01.18 -
Microsoft 1.3109 2008.01.20 -
NOD32v2 2807 2008.01.19 -
Norman 5.80.02 2008.01.18 -
Panda 9.0.0.4 2008.01.19 -
Prevx1 V2 2008.01.20 -
Rising 20.27.62.00 2008.01.20 -
Sophos 4.24.0 2008.01.20 -
Sunbelt 2.2.907.0 2008.01.17 -
Symantec 10 2008.01.20 -
TheHacker 6.2.9.191 2008.01.19 -
VBA32 3.12.2.5 2008.01.19 -
VirusBuster 4.3.26:9 2008.01.20 -
Webwasher-Gateway 6.6.2 2008.01.20 -
Additional information
File size: 56 bytes
MD5: 05e582c248a4d9f84c41bf9dba20ae9e
SHA1: 1e02a71e61bcea9c8c3fec12b037149b062ee2f7
PEiD: -
borisbathtime
Regular Member
 
Posts: 18
Joined: January 14th, 2008, 8:11 am

Re: Hijackthis log I need some assistance please

Unread postby 'KotaGuy » January 20th, 2008, 1:58 pm

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

File::
C:\WINDOWS\system32\E14A0EBD15.sys


Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply along with a new HijackThis log.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Re: Hijackthis log I need some assistance please

Unread postby borisbathtime » January 20th, 2008, 3:22 pm

Ok heres the two new files



ComboFix 08-01-18.5 - Tony 2008-01-20 19:14:31.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.437 [GMT 0:00]
Running from: C:\Downloads\ComboFix.exe
Command switches used :: C:\Documents and Settings\Tony\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\WINDOWS\system32\E14A0EBD15.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\E14A0EBD15.sys

.
((((((((((((((((((((((((( Files Created from 2007-12-20 to 2008-01-20 )))))))))))))))))))))))))))))))
.

2008-01-19 11:43 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-18 15:21 . 2008-01-18 15:21 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-18 15:21 . 2008-01-18 15:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-18 12:47 . 2008-01-18 12:47 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-18 12:15 . 2008-01-18 12:15 <DIR> d-------- C:\Deckard
2008-01-14 12:15 . 2008-01-14 12:15 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-11 14:41 . 2008-01-11 14:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-11 14:39 . 2008-01-16 18:36 121 --a------ C:\WINDOWS\bdagent.INI
2008-01-11 14:31 . 2008-01-11 14:33 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-01-11 14:12 . 2008-01-11 14:12 <DIR> d-------- C:\Program Files\Sun
2008-01-11 14:12 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-08 12:46 . 2008-01-14 11:15 <DIR> d-------- C:\Program Files\Pop up Blocker
2008-01-08 12:11 . 2008-01-08 12:11 <DIR> d-------- C:\Documents and Settings\Tony\Application Data\PopUpSentry.com
2008-01-08 12:10 . 2008-01-08 12:13 <DIR> d-------- C:\Program Files\PopUpSentry.com
2008-01-07 11:47 . 2008-01-08 12:52 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-07 11:47 . 2008-01-07 11:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-02 19:23 . 2008-01-02 19:23 <DIR> d-------- C:\Program Files\Philips

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-20 19:14 --------- d-----w C:\Program Files\FlashGet
2008-01-20 11:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\RetroExp
2008-01-19 12:01 --------- d-----w C:\Program Files\Microsoft Money
2008-01-18 14:44 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-01-18 14:15 --------- d-----w C:\Documents and Settings\Tony\Application Data\MailWasherPro
2008-01-11 14:12 --------- d-----w C:\Program Files\Java
2008-01-08 12:20 --------- d-----w C:\Program Files\Transfer MyPC
2008-01-08 12:20 --------- d-----w C:\Program Files\Audio Converter
2008-01-06 22:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-03 18:43 --------- d-----w C:\Documents and Settings\Tony\Application Data\dvdcss
2008-01-02 19:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-04 14:56 93,264 -c--a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 -c--a-w C:\WINDOWS\system32\AVASTSS.scr
2007-12-01 18:10 --------- d-----w C:\Documents and Settings\Tony\Application Data\Apple Computer
2007-09-20 17:07 47,360 -c--a-w C:\Documents and Settings\Tony\Application Data\pcouffin.sys
2007-09-03 17:12 81,920 ----a-w C:\Documents and Settings\Tony\Application Data\ezpinst.exe
2006-10-03 02:43 2,402,550 -c--a-w C:\WINDOWS\inf\SETBD.tmp
2006-10-03 02:43 2,402,550 -c--a-w C:\WINDOWS\inf\SET90.tmp
2006-04-01 17:00 786,432 -c-ha-w C:\Documents and Settings\Default User\Original Copy of NTUSER.DAT
2006-04-01 17:00 262,144 -c--a-w C:\Documents and Settings\All Users\Original Copy of ntuser.dat
2006-01-24 15:21 59,840 -c--a-w C:\Documents and Settings\Tony\Application Data\GDIPFONTCACHEV1.DAT
2006-04-16 13:00 3,766 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-01-19_11.49.13.34 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-19 11:45:08 1,376,256 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-20 19:14:19 1,376,256 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-19 11:45:08 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-20 19:14:19 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-19 11:45:09 1,376,256 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-20 19:14:19 1,376,256 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-19 11:45:09 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-20 19:14:19 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-19 11:45:09 9,138,176 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-20 19:14:19 9,138,176 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-19 11:45:09 249,856 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-20 19:14:19 249,856 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-20 11:33:03 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_7a8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2004-07-19 07:51 306688]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"PopUpWasher"="C:\Program Files\Webroot\PopUpWasher\PopUpWasher.exe" [ ]
"RemoteCenter"="C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe" [2003-10-08 15:35 139264]
"RemoteControl"="" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-21 18:37 68856]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"Pop up Blocker"="C:\Program Files\Pop up Blocker\pd.exe" [2007-01-12 21:45 1236992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTDCPL"="RTDCPL.EXE" [2005-07-08 18:16 12298240 C:\WINDOWS\system32\RTDCPL.EXE]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 05:00 33280 C:\WINDOWS\system32\rundll32.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 13:00 79224]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-15 17:00 196608]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 07:38 241664]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 09:43 57344]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 00:00 45056]
"CTHelper"="CTHELPER.EXE" [2003-10-06 06:57 24576 C:\WINDOWS\system32\CTHELPER.EXE]
"SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 17:06 45056]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 00:00 90112]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44 81920]
"ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44 249856]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"Opware12"="C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe" [2002-08-01 02:49 49152]
"RemoteCenter"="" []
"OCAudioIni"="C:\Program Files\One-click Audio Converter\OCAudioIni.exe" [2006-01-23 19:13 57344]
"Flashget"="C:\Program Files\FlashGet\flashget.exe" [2007-04-16 15:10 1699840]
"RetroExpress"="C:\PROGRA~1\RETROS~1\RETROS~1.1\RetroExpress.exe" [2006-02-06 07:22 18583552]
"MaxtorOneTouch"="C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe" [2006-03-27 14:04 712704]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [2007-10-31 15:32 2250104]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 05:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-04-02 13:43:23]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
AirClick.lnk - C:\Program Files\Griffin Technology\AirClick\AirClick.exe [2005-03-07 03:27:00]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-10-09 16:39:00]
Wireless Client Manager.lnk - C:\Program Files\Wireless\Client Manager\CMags.EXE [2006-04-01 17:06:46]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lotus QuickStart.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Lotus QuickStart.lnk
backup=C:\WINDOWS\pss\Lotus QuickStart.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a--c--- 2005-02-16 22:11 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--------- 2004-06-04 11:33 1400944 C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
--a--c--- 2005-07-12 19:05 1117184 C:\Program Files\McAfee\SpamKiller\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
--a--c--- 2005-08-08 12:48 1109504 C:\Program Files\Webroot\Washer\wwDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)

R2 gearsec;gearsec;C:\WINDOWS\system32\gearsec.exe [2003-10-20 13:47]
R2 PfDetNT;PfDetNT;C:\WINDOWS\system32\drivers\PfModNT.sys [2003-03-05 11:19]
R2 wwEngineSvc;Window Washer Engine;C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-08-09 12:56]
R3 wlags51b;Agere Wireless USB Driver;C:\WINDOWS\system32\DRIVERS\wlags51b.sys [2003-09-22 17:14]
S1 SABKUTIL;SABKUTIL;C:\Program Files\PopUpSentry.com\Pop-Up Sentry!\SABKUTIL.sys []
S3 Wdm1;USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc.sys [2003-07-28 11:01]

*Newly Created Service* - AD-WATCH_REGISTRY_FILTER
.
Contents of the 'Scheduled Tasks' folder
"2008-01-03 19:33:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-13 03:30:00 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.ex
- C:\Program Files\RegistrySmart
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-20 19:18:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-20 19:18:31
ComboFix-quarantined-files.txt 2008-01-20 19:18:29
ComboFix2.txt 2008-01-19 11:49:28







Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:19:52, on 20/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RTDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe
C:\Program Files\FlashGet\flashget.exe
C:\PROGRA~1\RETROS~1\RETROS~1.1\RetroExpress.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Pop up Blocker\pd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Griffin Technology\AirClick\AirClick.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Wireless\Client Manager\CMags.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\RETROS~1\RETROS~1.1\retrorun.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.demon.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/defau ... l=en&s=gen
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=www-cache.demon.co.uk:8080;gopher=www-cache.demon.co.uk:8080;http=www-cache.demon.co.uk:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.demon.net;ftp.demon.co.uk;www.demon.co.uk;<local>
O1 - Hosts: 127.98.9.1 pop3.demon.co.uk.b9
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: PrintMe - {97387E2B-B2FA-4E4A-A607-F3B5C134F71C} - C:\Program Files\EFI\PrintMeToolbar\htpmcap.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: PrintMe - {97387E2B-B2FA-4E4A-A607-F3B5C134F71C} - C:\Program Files\EFI\PrintMeToolbar\htpmcap.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RTDCPL] RTDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] "C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Opware12] "C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe"
O4 - HKLM\..\Run: [OCAudioIni] "C:\Program Files\One-click Audio Converter\OCAudioIni.exe"
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\RETROS~1\RETROS~1.1\RetroExpress.exe /h
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpWasher] C:\Program Files\Webroot\PopUpWasher\PopUpWasher.exe
O4 - HKCU\..\Run: [RemoteCenter] "C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Pop up Blocker] "C:\Program Files\Pop up Blocker\pd.exe" Minimize
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AirClick.lnk = C:\Program Files\Griffin Technology\AirClick\AirClick.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Wireless Client Manager.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PD - {BE8EABA3-D3ED-4986-AE8E-B4546E8E25C1} - C:\Program Files\Pop up Blocker\pd.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.demon.net
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8668100093
O17 - HKLM\System\CCS\Services\Tcpip\..\{3BF728A3-2FEB-4970-AE1F-C7074F92CB21}: NameServer = 158.152.1.58,158.152.1.43
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Dantz - C:\PROGRA~1\RETROS~1\RETROS~1.1\retrorun.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 14456 bytes
borisbathtime
Regular Member
 
Posts: 18
Joined: January 14th, 2008, 8:11 am

Re: Hijackthis log I need some assistance please

Unread postby 'KotaGuy » January 21st, 2008, 9:43 am

Click Start>Run type in appqiz.cpl and hit Enter. From the list uninstall the following:

Java DB 10.2.2.0
Java(TM) 6 Update 3
Java(TM) SE Development Kit 6 Update 3


Run and scan with HijackThis and place checks beside the following:

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll


Close all open browsers/windows and click the Fix button.

Reboot.

Download the latest version of Java Runtime Environment (JRE) 6 Update 4.
  • Scroll down to where it says Java Runtime Environment (JRE) 6 Update 4.
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on the download to install the newest version.

Post a new HijackThis log when done.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Re: Hijackthis log I need some assistance please

Unread postby borisbathtime » January 21st, 2008, 10:06 am

Hi - I tried to run appqiz.cpl but got a mssg saying windows couldnt find it.
However - the pop ups seem to have ceased for the moment - dont know if some of the files that combofix deleted did the trick but let me pause on this for a couple of days and I will let you know if they are really gone.
Thanks
Tony
borisbathtime
Regular Member
 
Posts: 18
Joined: January 14th, 2008, 8:11 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 32 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware