Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

HijackThis Log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: HijackThis Log

Unread postby stewy.23 » March 5th, 2008, 7:46 am

Incident Status Location

Dialer:dialer.dk Not disinfected c:\windows\downloaded program files\games.inf
Adware:adware/ist.yoursitebar Not disinfected c:\windows\downloaded program files\ysbactivex.inf
Spyware:spyware/media-motor Not disinfected c:\windows\seeve.exe
Adware:adware/keenvalue Not disinfected c:\program files\common files\SearchUpgrader
Dialer:dialer.su Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\uninstall\Switch
Adware:adware/mediatickets Not disinfected Windows Registry
Adware:adware/wintools Not disinfected Windows Registry
Potentially unwanted tool:application/myway Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}
Adware:adware/savenow Not disinfected Windows Registry
Possible Virus. Not disinfected C:\Program Files\ICQToolbar\toolbar.dll
Dialer:Dialer.GQK Not disinfected C:\Program Files\Trend Micro\HijackThis\BACKUPS\backup-20080105-120123-596.inf
Virus:W32/Gibe.C.worm Disinfected Personal Folders\Systems\INSTALL5.exe
Virus:W32/Gibe.C.worm Disinfected Personal Folders\Systems\Latest Microsoft Security Update\Q592443.exe
Spyware:Cookie/Revenue Not disinfected C:\Documents and Settings\Sera\Cookies\sera@adsrevenue[1].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Sera\Cookies\sera@www.systemdoctor[2].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Sera\Cookies\sera@888[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Sera\Cookies\sera@azjmp[2].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Sera\Cookies\sera@winantivirus[2].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Sera\Cookies\sera@systemdoctor[2].txt
Spyware:Cookie/Mp3s Hits Not disinfected C:\Documents and Settings\Sera\Cookies\sera@www.mp3shits[1].txt
Spyware:Cookie/Kazaa Networks Not disinfected C:\Documents and Settings\Sera\Cookies\sera@desktop.kazaa[2].txt
Virus:Eicar.Mod Renamed C:\Documents and Settings\Adam\Desktop\AntiVirus Utilities\Test Anti-Virus.txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\5y0go2g6.default\COOKIES.TXT[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\5y0go2g6.default\COOKIES.TXT[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\5y0go2g6.default\COOKIES.TXT[.serving-sys.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\5y0go2g6.default\COOKIES.TXT[.xiti.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\5y0go2g6.default\COOKIES.TXT[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Adam\Application Data\Mozilla\Firefox\Profiles\5y0go2g6.default\cookiesnew.txt[.com.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\sera-jane\Cookies\sera-jane@atwola[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\sera-jane\Application Data\Mozilla\Firefox\Profiles\4oahil1f.default\COOKIES.TXT[.doubleclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\sera-jane\Application Data\Mozilla\Firefox\Profiles\4oahil1f.default\COOKIES.TXT[.atdmt.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\sera-jane\Application Data\Mozilla\Firefox\Profiles\4oahil1f.default\COOKIES.TXT[.adtech.de/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\sera-jane\Application Data\Mozilla\Firefox\Profiles\4oahil1f.default\COOKIES.TXT[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\sera-jane\Application Data\Mozilla\Firefox\Profiles\4oahil1f.default\COOKIES.TXT[.bs.serving-sys.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\sera-jane\Application Data\Mozilla\Firefox\Profiles\4oahil1f.default\COOKIES.TXT[.statcounter.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\sera-jane\Application Data\Mozilla\Firefox\Profiles\4oahil1f.default\COOKIES.TXT[.mediaplex.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\sera-jane\Application Data\Mozilla\Firefox\Profiles\4oahil1f.default\COOKIES.TXT[.overture.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\sera-jane\Application Data\Mozilla\Firefox\Profiles\4oahil1f.default\COOKIES.TXT[.atwola.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\sera-jane\Application Data\Mozilla\Firefox\Profiles\4oahil1f.default\COOKIES.TXT[.advertising.com/]
Spyware:Cookie/Adviva Not disinfected C:\Documents and Settings\sera-jane\Application Data\Mozilla\Firefox\Profiles\4oahil1f.default\COOKIES.TXT[.adviva.net/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\sera-jane\Application Data\Mozilla\Firefox\Profiles\4oahil1f.default\COOKIES.TXT[.yadro.ru/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\sera-jane\Application Data\Mozilla\Firefox\Profiles\4oahil1f.default\COOKIES.TXT[.casalemedia.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\sera-jane\Application Data\Mozilla\Firefox\Profiles\4oahil1f.default\COOKIES.TXT[.tribalfusion.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\sera-jane\Application Data\Mozilla\Firefox\Profiles\4oahil1f.default\COOKIES.TXT[.ads.pointroll.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\sera-jane\Application Data\Mozilla\Firefox\Profiles\4oahil1f.default\COOKIES.TXT[.com.com/]
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\sera-jane\Application Data\Mozilla\Firefox\Profiles\4oahil1f.default\COOKIES.TXT[.azjmp.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\sera-jane\Application Data\Mozilla\Firefox\Profiles\4oahil1f.default\COOKIES.TXT[.xiti.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\sera-jane\Application Data\Mozilla\Firefox\Profiles\4oahil1f.default\COOKIES.TXT[.bravenet.com/]
Virus:W32/Gibe.C.worm Disinfected Personal Folders\Systems\INSTALL5.exe
Virus:W32/Gibe.C.worm Disinfected Personal Folders\Systems\Latest Microsoft Security Update\Q592443.exe
Virus:W32/Gibe.C.worm Disinfected Personal Folders\Systems\INSTALL5.exe
Virus:W32/Gibe.C.worm Disinfected Personal Folders\Systems\Latest Microsoft Security Update\Q592443.exe
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Stevo\Application Data\Mozilla\Firefox\Profiles\njob2434.default\COOKIES.TXT[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Stevo\Application Data\Mozilla\Firefox\Profiles\njob2434.default\COOKIES.TXT[.bs.serving-sys.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Stevo\Application Data\Mozilla\Firefox\Profiles\njob2434.default\COOKIES.TXT[.atdmt.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Emmah Stewart\Application Data\Mozilla\Firefox\Profiles\i43bms6v.default\COOKIES.TXT[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Emmah Stewart\Application Data\Mozilla\Firefox\Profiles\i43bms6v.default\COOKIES.TXT[.doubleclick.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Emmah Stewart\Application Data\Mozilla\Firefox\Profiles\i43bms6v.default\COOKIES.TXT[.advertising.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Emmah Stewart\Application Data\Mozilla\Firefox\Profiles\i43bms6v.default\COOKIES.TXT[.overture.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Emmah Stewart\Application Data\Mozilla\Firefox\Profiles\i43bms6v.default\COOKIES.TXT[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Emmah Stewart\Application Data\Mozilla\Firefox\Profiles\i43bms6v.default\COOKIES.TXT[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Emmah Stewart\Application Data\Mozilla\Firefox\Profiles\i43bms6v.default\COOKIES.TXT[.serving-sys.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Emmah Stewart\Application Data\Mozilla\Firefox\Profiles\i43bms6v.default\COOKIES.TXT[.questionmarket.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Emmah Stewart\Application Data\Mozilla\Firefox\Profiles\i43bms6v.default\COOKIES.TXT[.adrevolver.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Emmah Stewart\Application Data\Mozilla\Firefox\Profiles\i43bms6v.default\COOKIES.TXT[.apmebf.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Emmah Stewart\Application Data\Mozilla\Firefox\Profiles\i43bms6v.default\COOKIES.TXT[.mediaplex.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Emmah Stewart\Application Data\Mozilla\Firefox\Profiles\i43bms6v.default\COOKIES.TXT[statse.webtrendslive.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Emmah Stewart\Application Data\Mozilla\Firefox\Profiles\i43bms6v.default\COOKIES.TXT[.adtech.de/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Emmah Stewart\Application Data\Mozilla\Firefox\Profiles\i43bms6v.default\COOKIES.TXT[.atwola.com/]
stewy.23
Regular Member
 
Posts: 53
Joined: January 10th, 2008, 8:18 am
Advertisement
Register to Remove

Re: HijackThis Log

Unread postby stewy.23 » March 5th, 2008, 7:47 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:47:25 PM, on 3/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\eTrust Vet Antivirus\ISafe.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\eTrust Vet Antivirus\VetMsg.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\CA\eTrust Vet Antivirus\CAVRID.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Vet Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Documents and Settings\Adam\Desktop\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se4009.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9595150156
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/vi ... ebscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... Client.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/a ... _en_dl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{46D99EE4-E0D0-49F0-888C-E613F91FE630}: NameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{46D99EE4-E0D0-49F0-888C-E613F91FE630}: NameServer = 192.168.1.254
O20 - AppInit_DLLs:
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Vet Antivirus\ISafe.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust Vet Antivirus\VetMsg.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
O24 - Desktop Component 1: (no name) - file:///C:/My%20Documents/adams/New%20Folder/sara001.jpg
O24 - Desktop Component 2: (no name) - file:///C:/My%20Documents/Photo001.jpg

--
End of file - 9296 bytes
stewy.23
Regular Member
 
Posts: 53
Joined: January 10th, 2008, 8:18 am

Re: HijackThis Log

Unread postby dan12 » March 5th, 2008, 2:44 pm

Hi, stewy, sorry for delay but had a bit of work on.

Please download ATF Cleaner here by Atribune. This program is for XP and Windows 2000 only.
It does not require any installation and uses minimal system resources. It is set up to clean IE, FireFox and Opera, and detects the browsers you have and grays out the other(s).

  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Recommend UNCHECKING COOKIES if you rely on system remembered passwords.
  • Click the Empty Selected button.

    If you use Firefox browser
  • Click Firefox at the top and choose: Select All EXCEPT FIREFOX SAVED PASSWORDS
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser
  • Click Opera at the top and choose: Select All EXCEPT COOKIES AND SAVED PASSWORDS
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your cookies and saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

--------------------------

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

Code: Select all
    File::
    c:\windows\downloaded program files\games.inf
    c:\windows\downloaded program files\ysbactivex.inf
    c:\windows\seeve.exe
    C:\Documents and Settings\Adam\Desktop\AntiVirus Utilities\Test Anti-Virus.txt
    Folder:
    c:\program files\common files\SearchUpgrader
    C:\Program Files\ICQToolbar

    Registry::
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}]
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\uninstall\Switch]


    


Save this as CFScript.txt, in the same location as ComboFix.exe


Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall



Your Java is out of date Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of [URL=http://java.sun.com/javase/downloads/index.jsp] Java Runtime Environment (JRE) 6 Update 5/URL].
  • Scroll down to where it says " Java Runtime Environment (JRE) 6 Update 5".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.

Can you do me a further panda scan to see if we got everything

Can you let me know what there is in this folder "AntiVirus Utilities" which is on Adams desktop?
please post a new HJT log when done and the panda log
dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: HijackThis Log

Unread postby stewy.23 » March 6th, 2008, 5:14 am

thanks,

In anti virus Utilities it is a tool to check if your anti virus is working.
Theres a wiki on it http://en.wikipedia.org/wiki/Eicar_test_file

Code: Select all
ComboFix 08-03-01 - Adam 2008-03-06 19:50:09.5 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.144 [GMT 11:00]
Running from: C:\Documents and Settings\Adam\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Adam\Desktop\CfScript.txt
 * Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((   Files Created from 2008-02-06 to 2008-03-06  )))))))))))))))))))))))))))))))
.

2008-03-05 20:39 . 2008-03-05 20:39	30,590	--a------	C:\WINDOWS\SYSTEM32\pavas.ico
2008-03-05 20:39 . 2008-03-05 20:39	1,406	--a------	C:\WINDOWS\SYSTEM32\Help.ico
2008-03-05 20:38 . 2008-03-05 20:38	<DIR>	d--------	C:\WINDOWS\SYSTEM32\ActiveScan
2008-03-05 17:00 . 2008-03-05 17:00	<DIR>	d--------	C:\WINDOWS\BDOSCAN8
2008-03-04 18:41 . 2008-03-04 18:41	<DIR>	d--hs----	C:\FOUND.002
2008-03-03 19:02 . 2008-03-03 19:02	<DIR>	d--------	C:\Program Files\Audacity
2008-03-02 15:43 . 2008-03-02 15:43	<DIR>	d--------	C:\Documents and Settings\Adam\Application Data\Malwarebytes
2008-03-02 15:42 . 2008-03-02 15:42	<DIR>	d--------	C:\Program Files\Malwarebytes' Anti-Malware
2008-03-02 15:42 . 2008-03-02 15:42	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-02-24 16:40 . 2008-02-24 16:40	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\TVU networks
2008-02-23 10:52 . 2008-02-23 10:52	<DIR>	d--------	C:\Documents and Settings\Stevo\Application Data\Apple Computer
2008-02-23 08:02 . 2008-02-23 08:02	<DIR>	d--------	C:\Documents and Settings\Emmah Stewart\Application Data\LimeWire
2008-02-21 20:32 . 2008-02-21 20:32	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\OnlineArmor
2008-02-21 20:32 . 2008-02-21 20:32	<DIR>	d--------	C:\Documents and Settings\Adam\Application Data\OnlineArmor
2008-02-21 20:30 . 2008-02-08 04:36	69,120	--a------	C:\WINDOWS\SYSTEM32\DRIVERS\OADriver.sys
2008-02-21 20:30 . 2008-02-17 02:43	25,088	--a------	C:\WINDOWS\SYSTEM32\DRIVERS\OAmon.sys
2008-02-21 20:30 . 2007-12-26 05:14	22,016	--a------	C:\WINDOWS\SYSTEM32\DRIVERS\oanet.sys
2008-02-16 15:32 . 2008-02-16 15:32	<DIR>	d--h-----	C:\Program Files\Zero G Registry
2008-02-16 15:32 . 2008-02-16 15:32	<DIR>	d--------	C:\Program Files\Britannica 8.0
2008-02-16 15:30 . 2008-02-16 15:30	<DIR>	d--h-----	C:\Documents and Settings\Adam\InstallAnywhere
2008-02-12 20:51 . 2008-02-12 20:51	<DIR>	d--------	C:\Program Files\Tall Emu
2008-02-09 23:20 . 2008-02-09 23:20	<DIR>	d--------	C:\Documents and Settings\Emmah Stewart\Application Data\Apple Computer
2008-02-09 22:26 . 2008-02-09 22:26	<DIR>	d--------	C:\Program Files\Zone Labs
2008-02-09 22:14 . 2008-02-09 22:14	<DIR>	d--------	C:\Documents and Settings\Adam\Application Data\Kerio
2008-02-09 22:07 . 2008-02-09 22:07	<DIR>	d--------	C:\Program Files\Kerio
2008-02-07 16:15 . 2008-02-07 16:15	<DIR>	d--------	C:\Documents and Settings\Adam\.idlerc

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-09 11:17	4,851	----a-w	C:\WINDOWS\system32\drivers\kwflower.log
2008-02-09 11:14	2,257	----a-w	C:\WINDOWS\system32\drivers\kwfupper.log
2008-02-05 11:58	173,576	----a-w	C:\Documents and Settings\Steve\Application Data\GDIPFONTCACHEV1.DAT
2008-02-05 11:49	---------	d-----w	C:\Program Files\Microsoft Synchronization Services
2008-02-05 11:49	---------	d-----w	C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-05 11:49	---------	d-----w	C:\Program Files\Microsoft Silverlight
2008-02-05 11:41	---------	d-----w	C:\Program Files\Microsoft Visual Studio 9.0
2008-02-05 11:41	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-05 11:39	---------	d-----w	C:\Program Files\Microsoft SDKs
2008-02-05 11:33	---------	d-----w	C:\Program Files\Reference Assemblies
2008-02-05 11:33	---------	d-----w	C:\Program Files\MSBuild
2008-02-05 11:17	---------	d-----w	C:\Program Files\MSXML 6.0
2008-02-03 03:49	---------	d-----w	C:\Program Files\EsetOnlineScanner
2008-01-31 06:44	---------	d-----w	C:\Program Files\Spybot - Search & Destroy
2008-01-31 04:44	---------	d-----w	C:\Documents and Settings\Stevo\Application Data\HP
2008-01-31 01:36	---------	d-----w	C:\Program Files\SpywareGuard
2008-01-29 09:54	---------	d-----w	C:\Documents and Settings\Stevo\Application Data\vlc
2008-01-29 04:53	---------	d-----w	C:\Documents and Settings\Adam\Application Data\Grisoft
2008-01-29 04:38	---------	d-----w	C:\Program Files\SpywareBlaster
2008-01-27 00:56	---------	d-----w	C:\Program Files\Windows Live Safety Center
2008-01-25 10:20	---------	d-----w	C:\Documents and Settings\Emmah Stewart\Application Data\Subversion
2008-01-25 10:18	---------	d-----w	C:\Documents and Settings\Emmah Stewart\Application Data\OnlineArmor
2008-01-25 10:18	---------	d-----w	C:\Documents and Settings\Emmah Stewart\Application Data\Grisoft
2008-01-24 12:26	---------	d-----w	C:\Documents and Settings\Stevo\Application Data\Subversion
2008-01-24 12:23	---------	d-----w	C:\Documents and Settings\Stevo\Application Data\OnlineArmor
2008-01-24 12:23	---------	d-----w	C:\Documents and Settings\Stevo\Application Data\Grisoft
2008-01-22 02:31	---------	d-----w	C:\Documents and Settings\Steve\Application Data\OnlineArmor
2008-01-21 22:13	---------	d-----w	C:\Documents and Settings\sera-jane\Application Data\OnlineArmor
2008-01-20 11:37	5,607	----a-w	C:\WINDOWS\~GLH0001.TMP
2008-01-20 11:37	27,136	----a-w	C:\WINDOWS\~GLH0000.TMP
2008-01-20 11:37	155,136	----a-w	C:\WINDOWS\~GLC0000.TMP
2008-01-20 06:30	---------	d-----w	C:\Program Files\COMODO
2008-01-18 10:53	---------	d-----w	C:\Documents and Settings\Adam\Application Data\vlc
2008-01-15 22:58	65,024	----a-w	C:\WINDOWS\system32\drivers\kvpndrv.sys
2008-01-13 06:54	---------	d-----w	C:\Documents and Settings\sera-jane\Application Data\Ahead
2008-01-11 05:53	44,544	----a-w	C:\WINDOWS\SYSTEM32\dllcache\pngfilt.dll
2008-01-09 04:20	---------	d-----w	C:\Documents and Settings\All Users\Application Data\comodo
2008-01-09 04:20	---------	d-----w	C:\Documents and Settings\Adam\Application Data\Comodo
2008-01-09 04:01	53,248	----a-w	C:\WINDOWS\bdoscandel.exe
2008-01-08 12:46	---------	d-----w	C:\Program Files\TablEdit
2008-01-06 06:26	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-06 04:08	---------	d-sh--w	C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-06 04:08	---------	d-----w	C:\Program Files\Windows Live
2008-01-06 04:07	---------	d-----w	C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-06 02:45	---------	d-----w	C:\Program Files\SmartFTP Client
2008-01-06 02:44	---------	d-----w	C:\Program Files\SmartFTP Client 2.5 Setup Files
2007-12-19 23:01	347,136	----a-w	C:\WINDOWS\SYSTEM32\dllcache\dxtmsft.dll
2007-12-18 09:51	179,584	----a-w	C:\WINDOWS\SYSTEM32\dllcache\mrxdav.sys
2007-12-12 03:29	516,096	----a-w	C:\WINDOWS\iwexec.exe
2007-12-08 05:21	3,592,192	------w	C:\WINDOWS\SYSTEM32\dllcache\mshtml.dll
2007-12-06 11:01	625,664	------w	C:\WINDOWS\SYSTEM32\dllcache\iexplore.exe
2007-12-06 11:00	70,656	------w	C:\WINDOWS\SYSTEM32\dllcache\ie4uinit.exe
2007-12-06 11:00	13,824	------w	C:\WINDOWS\SYSTEM32\dllcache\ieudinit.exe
2007-12-06 04:59	161,792	------w	C:\WINDOWS\SYSTEM32\dllcache\ieakui.dll
2005-07-24 08:05	1,586	----a-w	C:\Program Files\INSTALL.LOG
2004-12-24 21:03	13,824	------w	C:\WINDOWS\Internet Logs\xDB4264.TMP
2004-12-24 21:02	431,616	------w	C:\WINDOWS\Internet Logs\xDB4240.TMP
2004-12-24 20:58	9,216	------w	C:\WINDOWS\Internet Logs\xDB10D3.TMP
2004-12-24 20:51	11,264	------w	C:\WINDOWS\Internet Logs\xDBA186.TMP
2004-12-24 07:18	431,616	------w	C:\WINDOWS\Internet Logs\xDB271.TMP
2004-12-24 07:18	11,264	------w	C:\WINDOWS\Internet Logs\xDB23B0.TMP
2004-12-24 07:17	431,616	------w	C:\WINDOWS\Internet Logs\xDB2223.TMP
2004-12-24 07:17	11,264	------w	C:\WINDOWS\Internet Logs\xDB2280.TMP
2004-12-24 07:11	431,616	------w	C:\WINDOWS\Internet Logs\xDB10D4.TMP
2004-12-24 07:11	13,312	------w	C:\WINDOWS\Internet Logs\xDB1114.TMP
2004-12-24 07:05	431,616	------w	C:\WINDOWS\Internet Logs\xDBA252.TMP
2004-12-24 07:05	13,312	------w	C:\WINDOWS\Internet Logs\xDBA2A4.TMP
2004-12-24 07:02	13,824	------w	C:\WINDOWS\Internet Logs\xDB4374.TMP
2004-12-24 07:00	431,616	------w	C:\WINDOWS\Internet Logs\xDB4345.TMP
2004-12-24 01:17	431,616	------w	C:\WINDOWS\Internet Logs\xDBB0D1.TMP
2004-12-24 01:17	13,824	------w	C:\WINDOWS\Internet Logs\xDBB131.TMP
2004-12-24 01:12	14,848	------w	C:\WINDOWS\Internet Logs\xDBF1D5.TMP
2004-12-24 01:11	431,616	------w	C:\WINDOWS\Internet Logs\xDBF1A0.TMP
2004-12-23 21:45	431,616	------w	C:\WINDOWS\Internet Logs\xDB90F1.TMP
2004-12-23 21:45	13,312	------w	C:\WINDOWS\Internet Logs\xDB9120.TMP
2004-12-23 21:35	431,616	------w	C:\WINDOWS\Internet Logs\xDB7015.TMP
2004-12-23 21:35	13,824	------w	C:\WINDOWS\Internet Logs\xDBD035.TMP
2004-12-23 21:30	431,616	------w	C:\WINDOWS\Internet Logs\xDB2054.TMP
2004-12-23 21:29	11,264	------w	C:\WINDOWS\Internet Logs\xDB20A0.TMP
2004-12-23 21:26	13,824	------w	C:\WINDOWS\Internet Logs\xDBD2E0.TMP
2004-12-23 21:24	431,616	------w	C:\WINDOWS\Internet Logs\xDBD220.TMP
2004-12-23 21:18	431,616	------w	C:\WINDOWS\Internet Logs\xDB5320.TMP
2004-12-23 21:18	11,264	------w	C:\WINDOWS\Internet Logs\xDB5393.TMP
2004-12-23 06:33	11,264	------w	C:\WINDOWS\Internet Logs\xDB1375.TMP
2004-12-23 06:32	431,616	------w	C:\WINDOWS\Internet Logs\xDB1263.TMP
2004-12-23 06:32	24,064	------w	C:\WINDOWS\Internet Logs\xDB1283.TMP
2004-12-23 06:26	431,616	------w	C:\WINDOWS\Internet Logs\xDBD011.TMP
2004-12-23 06:26	431,616	------w	C:\WINDOWS\Internet Logs\xDBA132.TMP
2004-12-23 06:26	431,616	------w	C:\WINDOWS\Internet Logs\xDB9343.TMP
2004-12-23 06:26	431,616	------w	C:\WINDOWS\Internet Logs\xDB2373.TMP
2004-12-23 06:26	431,616	------w	C:\WINDOWS\Internet Logs\xDB12B0.TMP
2004-12-23 06:26	431,616	------w	C:\WINDOWS\Internet Logs\xDB10B5.TMP
2004-12-22 21:29	431,616	------w	C:\WINDOWS\Internet Logs\xDB1E4.TMP
2004-12-22 21:29	19,456	------w	C:\WINDOWS\Internet Logs\xDB233.TMP
2004-12-22 05:02	20,992	------w	C:\WINDOWS\Internet Logs\xDB32E6.TMP
2004-12-22 05:01	431,616	------w	C:\WINDOWS\Internet Logs\xDB32C3.TMP
2004-12-21 10:17	406,528	------w	C:\WINDOWS\Internet Logs\xDB3195.TMP
2004-12-21 10:17	16,896	------w	C:\WINDOWS\Internet Logs\xDB31B4.TMP
2004-12-21 03:49	22,016	------w	C:\WINDOWS\Internet Logs\xDB4311.TMP
2004-12-21 03:47	406,528	------w	C:\WINDOWS\Internet Logs\xDB42B1.TMP
1999-07-06 23:00	6	--sh--r	C:\WINDOWS\@desktop@.dat
2005-05-13 06:12	217,073	--sha-r	C:\WINDOWS\meta4.exe
2005-06-22 04:37	45,568	--sha-r	C:\WINDOWS\SYSTEM32\cygz.dll
2004-01-24 13:00	70,656	--sha-r	C:\WINDOWS\SYSTEM32\i420vfw.dll
2004-01-24 13:00	70,656	--sha-r	C:\WINDOWS\SYSTEM32\yv12vfw.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]
@={30351346-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]
@={30351347-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]
@={30351348-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]
@={3035134B-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]
@={3035134C-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]
@={3035134D-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]
@={3035134E-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
@={7D688A77-C613-11D0-999B-00C04FD655E1}

[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 11:40	536576	--a------	C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 11:40	536576	--a------	C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 11:40	536576	--a------	C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 11:40	536576	--a------	C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 11:40	536576	--a------	C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 11:40	536576	--a------	C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 11:40	536576	--a------	C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]
2007-10-26 14:34	8460288	--a------	C:\WINDOWS\SYSTEM32\SHELL32.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
"msnmsgr"="C:\Documents and Settings\Adam\Desktop\msnmsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CAVRID"="C:\Program Files\CA\eTrust Vet Antivirus\CAVRID.exe" [2007-05-03 13:16 230928]
"SoundMan"="SOUNDMAN.EXE" [2005-10-04 14:12 90112 C:\WINDOWS\soundman.exe]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-08-28 19:58 177416]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36 256576]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2008-01-27 16:38 316728]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"OnlineArmor GUI"="C:\Program Files\Tall Emu\Online Armor\oaui.exe" [2008-02-17 02:54 5492800]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 19:48 53760 C:\WINDOWS\SYSTEM32\narrator.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 11:40:44 282624]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [2008-02-17 02:54 660992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders	msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^w98Eject.exe]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\w98Eject.exe
backup=C:\WINDOWS\pss\w98Eject.exeCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-06-01 13:32 94208 C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2007-04-12 16:25 220160 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HomeFtp]
C:\Program Files\HomeFtp\HomeFtp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-12-15 11:18 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMprocess]
C:\Program Files\IM Names\IM-svr.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-10-30 09:36 256576 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
--a------ 2006-06-22 19:52 190024 C:\Program Files\MessengerPlus! 3\MsgPlus.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-14 03:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2001-07-09 20:50 155648 C:\WINDOWS\system32\\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2006-06-15 12:36 229376 C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\YAHOO!\MESSEN~1\YAHOOM~1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"Vet Alert"=C:\VET\VETMSG.EXE
"VetTray"=C:\VET\VETTRAY.EXE
"SoundMan"=SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\XLink Kai Evolution VII\\kaiLaunch.exe"=
"C:\\Program Files\\XLink Kai Evolution VII\\kaiEngine.exe"=
"C:\\Documents and Settings\\Adam\\Desktop\\msnmsgr.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R1 OADevice;OADriver;C:\WINDOWS\system32\drivers\OADriver.sys [2008-02-08 04:36]
R1 OAmon;OAmon;C:\WINDOWS\system32\drivers\OAmon.sys [2008-02-17 02:43]
R1 OAnet;OAnet;C:\WINDOWS\system32\drivers\OAnet.sys [2007-12-26 05:14]
R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2006-11-09 14:29]
S2 SvcOnlineArmor;Online Armor;"C:\Program Files\Tall Emu\Online Armor\oasrv.exe" [2008-02-17 02:54]
S3 DIGIRPS;Digi PortServer Driver;C:\WINDOWS\system32\DRIVERS\digirlpt.sys [2001-08-17 12:17]
S3 kvpndev;Kerio VPN adapter;C:\WINDOWS\system32\DRIVERS\kvpndrv.sys [2008-01-16 09:58]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;C:\WINDOWS\system32\DRIVERS\kwflower.sys []
S3 PsSdk30;PsSdk30;C:\WINDOWS\system32\Drivers\PsSdk30.drv []
S3 WPRO_40_755;WinPcap Packet Driver (WPRO_40_755);C:\WINDOWS\system32\drivers\WPRO_40_755.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3972666-3ca6-11dc-88d8-000d6112e9d0}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:WIN9X /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:WIN9X /user /install
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
C:\WINDOWS\SYSTEM32\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl
.
Contents of the 'Scheduled Tasks' folder
"2008-02-29 22:00:02 C:\WINDOWS\Tasks\Tune-up Application Start.job"
"2007-07-02 21:35:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-06 08:47:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-06 19:56:31
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully 
hidden files: 0 

**************************************************************************
.
Completion time: 2008-03-06 19:59:51
ComboFix3.txt  2008-02-28 08:46:00
ComboFix2.txt  2008-03-01 06:59:50
.
2008-03-05 05:49:22	--- E O F ---  
stewy.23
Regular Member
 
Posts: 53
Joined: January 10th, 2008, 8:18 am

Re: HijackThis Log

Unread postby dan12 » March 6th, 2008, 7:25 am

Hi, can I see a HJT log and panda scan.
Thanks :)
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: HijackThis Log

Unread postby stewy.23 » March 7th, 2008, 5:43 am

Sorry i took so long but the online scan take hours for me to do so i can't manage to do one.

I installed a new Anti-virus program avast because my CA subscription had finished can i do a scan with avast and post it here ?
stewy.23
Regular Member
 
Posts: 53
Joined: January 10th, 2008, 8:18 am

Re: HijackThis Log

Unread postby stewy.23 » March 7th, 2008, 5:48 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:47:26 PM, on 3/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Adam\Desktop\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Documents and Settings\Adam\Desktop\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se4009.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9595150156
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/vi ... ebscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... Client.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/a ... _en_dl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{46D99EE4-E0D0-49F0-888C-E613F91FE630}: NameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{46D99EE4-E0D0-49F0-888C-E613F91FE630}: NameServer = 192.168.1.254
O20 - AppInit_DLLs:
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
O24 - Desktop Component 1: (no name) - file:///C:/My%20Documents/adams/New%20Folder/sara001.jpg
O24 - Desktop Component 2: (no name) - file:///C:/My%20Documents/Photo001.jpg

--
End of file - 9283 bytes
stewy.23
Regular Member
 
Posts: 53
Joined: January 10th, 2008, 8:18 am

Re: HijackThis Log

Unread postby dan12 » March 7th, 2008, 6:21 am

Hi, Stewy, thanks for the retuned log. I do appreciate these scan can take for ever.
I would however like to see either a panda or kaspersky scan have you tried kaspersky again, you need Internet explorer to run it, as firefox doesn't support activex
We are nearly finished but I just need piece of mind that I have everything.
If You are really struggling I will see what other I can run :)
Tied up with a few logs but hope not to be too long.
In the mean time can you:
Your Java is out of date Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 5.
  • Scroll down to where it says " Java Runtime Environment (JRE) 6 Update 5".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.
Please include in your next post:
  • Kaspersky scan log or panda
  • New highjackthis log

Thanks dan



dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: HijackThis Log

Unread postby stewy.23 » March 8th, 2008, 1:24 am

thanks but i cant find java on my add and remove programs list is there any other way to remove it?
stewy.23
Regular Member
 
Posts: 53
Joined: January 10th, 2008, 8:18 am

Re: HijackThis Log

Unread postby dan12 » March 8th, 2008, 9:34 am

Hi, don't worry I will do it manually.
please continue, at work at present but will be back later :)
dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: HijackThis Log

Unread postby stewy.23 » March 8th, 2008, 9:55 pm

Hi
I cant do a Kaspersky scan it always stops on Britannica 2008. It takes like 1:30 hours to scan 50 000 files.
stewy.23
Regular Member
 
Posts: 53
Joined: January 10th, 2008, 8:18 am

Re: HijackThis Log

Unread postby dan12 » March 9th, 2008, 8:11 am

Hi, Stewy,
I have found another scanner to hopefully get what I want.

Please visit TotalScan.

  • Under Scan Now click the Full Scan button.
  • Follow the prompts to install the Active X if necessary.
  • It will take a while, let it run unhindered.
  • When the scan is finished, a report will be generated.
  • Next to Scan Details click the small Save button and save the report to your desktop.
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: HijackThis Log

Unread postby stewy.23 » March 9th, 2008, 9:09 pm

thanks

While i was loading the files for the scan, Avira picked up a virus from it called W95/bumblebee
stewy.23
Regular Member
 
Posts: 53
Joined: January 10th, 2008, 8:18 am

Re: HijackThis Log

Unread postby dan12 » March 9th, 2008, 9:15 pm

Do you have the report or is it not finished yet?
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: HijackThis Log

Unread postby stewy.23 » March 9th, 2008, 9:28 pm

dan12 wrote:Do you have the report or is it not finished yet?

No i mean My Anti Virus Avira picked up a virus from that website you gave me.

Is that website safe?
stewy.23
Regular Member
 
Posts: 53
Joined: January 10th, 2008, 8:18 am
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: M2Judy and 65 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware