Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

My HiJack This Log -- & your Help please

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: My HiJack This Log -- & your Help please

Unread postby bad-malware » April 6th, 2009, 4:05 pm

Okay. NOW, I'm having trouble w eset.

In explorer, I get as far as the 'install active x' windows.

I choose install.

Then I put Kaspersky on Pause (w manual re-start).

Now I have a broken graphic window at eset.

I've tried to reload the site.

I've close the browser and started again.

I've re-booted.

This is where I'm at. Broken graphic windows at eset at the point where I should be able to 'Start' the online scan.

Standing by ...

P.S.

Here are my settings from Explorer:

In Explorer, Tools, Internet Options, Security Settings:

DL signed Active X
- Enable

Download Unsigned Active X
- Prompt

Initialize and script Active X not marked as safe
- Prompt

Run activeX controls and plug-ins
- Prompt

Script activeX controls marked safe for scripting
- Enable

Thanks.
bad-malware
Regular Member
 
Posts: 31
Joined: March 21st, 2009, 12:19 am
Advertisement
Register to Remove

Re: My HiJack This Log -- & your Help please

Unread postby peku006 » April 6th, 2009, 4:45 pm

Hi bad-malware

Let´s try Panda

Please go >here< to run Panda's ActiveScan
  • Once you are on the Panda site, click the Scan your PC now button
  • A new window will open...click the Scan Now button
  • Allow the ActiveX control to be installed. It will start downloading the files it requires for the scan. Note: This may take a couple of minutes
  • Run the ActiveX control, if requested. The screen will then show the scanning progress - the scan will take a while to finish. Please be patient.
  • When the scan has finished, click on Export To
  • Save the file as Activescan.txt to your Desktop
  • Close the Activescan window then go to your Desktop
  • Double-click on Activescan.txt and it will open in Notepad
  • In Notepad, click Edit > Select all, then Edit > Copy
  • Reply to this thread and click Ctrl+V to paste the log in your reply

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: My HiJack This Log -- & your Help please

Unread postby bad-malware » April 6th, 2009, 10:58 pm

Update:

Panda is running. It has been scanning for almost 6 hours. It's at 24% now - it 'hung at 11% for quite some time, but is cycling through files. C is finished. And D: is much smaller drive.

Past online scans have completed in an hour or so.

I'll keep the scan running unless you advise otherwise.

Using 100% CPU. I have everything else closed.

Virus protection paused. But I can't shut down the Update. It seems to be the process taking CPU.

It's Kapersky. I've stopped the Update - but the icon still shows it is updating. And the menu shows Update is 0% - but the status bar looks like it is engaged. I can't figure out how to stop it.

<Very bad computer day ... and I've had no work time. :(>

Thanks for your continued help.
bad-malware
Regular Member
 
Posts: 31
Joined: March 21st, 2009, 12:19 am

Re: My HiJack This Log -- & your Help please

Unread postby bad-malware » April 7th, 2009, 1:12 am

I stopped this scan after 9 hours.

It was still doing files in D drive - which is set up as my restore drive.
So all of C was scanned.

Here's the file exported from the scan:

;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-04-06 22:08:32
PROTECTIONS: 2
MALWARE: 18
SUSPECTS: 3
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Spyware Doctor with AntiVirus <NULL> Yes Yes
Kaspersky Anti-Virus 8.0.0.506 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-7.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-7.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-7.txt[.casalemedia.com/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-12.txt[.doubleclick.net/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-7.txt[.doubleclick.net/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-13.txt[.doubleclick.net/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-1.txt[.doubleclick.net/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-2.txt[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-1.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-7.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-2.txt[.atdmt.com/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-1.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-1.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-7.txt[.fastclick.net/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-2.txt[.mediaplex.com/]
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-8.txt[.clickbank.net/]
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-3.txt[.clickbank.net/]
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-4.txt[.clickbank.net/]
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-2.txt[.clickbank.net/]
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-1.txt[.clickbank.net/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-6.txt[.apmebf.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-11.txt[.apmebf.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-11.txt[.apmebf.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-15.txt[.apmebf.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-12.txt[.apmebf.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-12.txt[.apmebf.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-10.txt[.apmebf.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-8.txt[.apmebf.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-14.txt[.apmebf.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-9.txt[.apmebf.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-13.txt[.apmebf.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-13.txt[.apmebf.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-15.txt[.apmebf.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-7.txt[.apmebf.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-14.txt[.apmebf.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-13.txt[.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-12.txt[.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-9.txt[.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-8.txt[.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-10.txt[.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-11.txt[.burstnet.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-9.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-15.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-9.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-15.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-15.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-15.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-1.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-9.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-7.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-1.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-16.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-16.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-16.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-16.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-7.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-2.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-2.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-17.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-17.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-7.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-1.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-9.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-18.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-18.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-7.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-7.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-19.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-19.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-15.txt[.advertising.com/]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-7.txt[statse.webtrendslive.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-1.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-1.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-2.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-1.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-1.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-2.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-2.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-2.txt[.ads.pointroll.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-17.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-7.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-18.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-18.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-19.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-19.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-17.txt[.zedo.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-7.txt[.adrevolver.com/]
00199981 Cookie/Seeq TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-1.txt[www48.seeq.com/]
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-18.txt[searchportal.information.com/]
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-17.txt[searchportal.information.com/]
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-16.txt[searchportal.information.com/]
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-9.txt[searchportal.information.com/]
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-19.txt[searchportal.information.com/]
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-2.txt[searchportal.information.com/]
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-1.txt[searchportal.information.com/]
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-8.txt[searchportal.information.com/]
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-7.txt[searchportal.information.com/]
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-3.txt[searchportal.information.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-14.txt[.target.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-14.txt[.target.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-15.txt[.target.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-13.txt[.target.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-13.txt[.target.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-12.txt[.target.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-12.txt[.target.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-15.txt[.target.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-11.txt[.target.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-11.txt[.target.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-10.txt[.target.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-10.txt[.target.com/]
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-15.txt[.did-it.com/]
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-15.txt[.did-it.com/]
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n80ptylq.default\cookies-15.txt[.did-it.com/]
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Documents and Settings\Owner\Desktop\Online Dudes & Reports\Marketing Reports\Third Sphere\ezinetactics.zip[ezinetactics.exe]
;===================================================================================================================================================================================
SUSPECTS
Sent Location ;
;===================================================================================================================================================================================
No C:\Documents and Settings\Owner\Desktop\Online Dudes & Reports\Warrior\site flipper\6000PLRARTICLES.zip[PLR ARTICLES/pdreseller.zip][Software/PDR.exe]
No C:\Documents and Settings\Owner\Desktop\Public Domain\WSO Public Domain\b1.zip[Public Domain Researcher Software/PDR.exe]
No C:\Program Files\AskBarDis\bar\bin\askPopStp.dll ;
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description ;
;===================================================================================================================================================================================
;===================================================================================================================================================================================


*** Thank you ***
bad-malware
Regular Member
 
Posts: 31
Joined: March 21st, 2009, 12:19 am

Re: My HiJack This Log -- & your Help please

Unread postby John B. » April 7th, 2009, 7:01 am

Hi bad-malware,

Because peku is in hospital this week, I do not know the details but he announced it so it was probably planned, I will help you until you are all clean and afterwards possibly with non-malware related problems.

As I need to read the whole topic in order to completely understand what I happening I may not be able to reply today. In the mean time, please let me know what problems you still have that you initially had and if you have any other problems that you have not mentioned before. Include as much detail as possible.

Regards,
John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Re: My HiJack This Log -- & your Help please

Unread postby bad-malware » April 7th, 2009, 2:56 pm

Hi John. Thanks for taking over. Sorry to hear about peku.

Original problem: Spy sweeper found 'mal-behav 160'. I couldn't quarantine it. I ran a number of scans - details in OP.

Then, in the middle of the XP Service Pack 3 update, my computer crashed and blue-screened (details in OP).

I did an image - of the crashed system - using Acronis restore disk.

Then I reinstalled XP.

Then I put my system back in place from an earlier image (2 weeks before crash).

Current status is:

- Running slow
- Sometimes 'hangs'
- CPU high with no sign in processes of what is using it

Yesterday it blue-screened on me again while trying to do the online F-scanner.

Last night I got an error screen while shutting down and it did a disk check.

This morning I can't run the Disk Check utility - get a message that some files are not available.

(From earlier in the post, you'll see that Kaspersky is returning almost 600 files/incidents -- but not sure what that message is really saying -- details posted above.)

Thank you.
bad-malware
Regular Member
 
Posts: 31
Joined: March 21st, 2009, 12:19 am

Re: My HiJack This Log -- & your Help please

Unread postby John B. » April 7th, 2009, 3:36 pm

Hi,

Let's get started with some research.

I'd like you to check some files for malware.
C:\Documents and Settings\Owner\Desktop\Online Dudes & Reports\Marketing Reports\Third Sphere\ezinetactics.zip
C:\Documents and Settings\Owner\Desktop\Online Dudes & Reports\Warrior\site flipper\6000PLRARTICLES.zip
C:\Documents and Settings\Owner\Desktop\Public Domain\WSO Public Domain\b1.zip
C:\WINDOWS\iun3403.exe

  • Copy/Paste the first file on the list into the white Upload a file box.
  • Click Send/Submit, and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programs.
  • After a while, a window will open, with details of what the scans found.
  • Save the complete results in a Notepad/Word document on your desktop.
  • Repeat for all files on the list.

Post all the results and a new HijackThis log in a reply to this topic (use multiple posts if needed). Also let me know whether you know what the top 3 zip files are used for and where you got them.

Regards,
John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Re: My HiJack This Log -- & your Help please

Unread postby bad-malware » April 7th, 2009, 5:33 pm

John. Here's the first of those files. It's from library of a hosting service (Third Sphere). I don't need to keep it.

Service load:
0% 100%
File: ezinetactics.zip
Status:
INFECTED/MALWARE
MD5: 8cd36de427ae4c54d58e2fb241969fb0
Packers detected:
UPX
Scanner results
Scan taken on 07 Apr 2009 21:27:02 (GMT)
A-Squared
Found AdWare.WebStars.B!IK
AntiVir
Found ADSPY/WebStars.B
ArcaVir
Found Adware.Webstars.b
Avast
Found Win32:Adware-gen
AVG Antivirus
Found Generic.OC
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found AdWare.W32.WebStars.b
Dr.Web
Found BackDoor.IRC.Dostan.46
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found not-a-virus:AdWare.Win32.WebStars.b (4, 1, 400)
Ikarus
Found AdWare.WebStars.B
Kaspersky Anti-Virus
Found not-a-virus:AdWare.Win32.WebStars.b
NOD32
Found nothing
Norman Virus Control
Found W32/WebStars.A
Panda Antivirus
Found nothing
Quick Heal
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found AdWare.Win32.WebStars.b

<end>
bad-malware
Regular Member
 
Posts: 31
Joined: March 21st, 2009, 12:19 am

Re: My HiJack This Log -- & your Help please

Unread postby bad-malware » April 7th, 2009, 6:25 pm

#3 of the files. Public Domain/b1.zip. This is software given with a product I purchased. It can go...I don't need it. File has never been unzipped.

File b1.zip received on 04.08.2009 00:11:25 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 17/40 (42.5%)
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 38 and 55 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
a-squared 4.0.0.101 2009.04.07 Trojan-Dropper!IK
AhnLab-V3 5.0.0.2 2009.04.07 Win-Trojan/Xema.variant
AntiVir 7.9.0.138 2009.04.07 TR/Dropper.Gen
Antiy-AVL 2.0.3.1 2009.04.07 -
Authentium 5.1.2.4 2009.04.07 -
Avast 4.8.1335.0 2009.04.07 Win32:Trojan-gen {Other}
AVG 8.5.0.285 2009.04.07 Dropper.Generic.ADJC
BitDefender 7.2 2009.04.07 Trojan.Generic.1571640
CAT-QuickHeal 10.00 2009.04.07 Trojan.Agent.ATV
ClamAV 0.94.1 2009.04.07 -
Comodo 1102 2009.04.07 -
DrWeb 4.44.0.09170 2009.04.07 -
eSafe 7.0.17.0 2009.04.07 -
eTrust-Vet 31.6.6442 2009.04.07 -
F-Prot 4.4.4.56 2009.04.07 -
F-Secure 8.0.14470.0 2009.04.07 -
Fortinet 3.117.0.0 2009.04.07 -
GData 19 2009.04.07 Trojan.Generic.1571640
Ikarus T3.1.1.49.0 2009.04.07 Trojan-Dropper
K7AntiVirus 7.10.695 2009.04.07 Trojan.Win32.Malware.3
Kaspersky 7.0.0.125 2009.04.08 -
McAfee 5577 2009.04.07 Generic Dropper
McAfee+Artemis 5577 2009.04.07 Generic Dropper
McAfee-GW-Edition 6.7.6 2009.04.07 Trojan.Dropper.Gen
Microsoft 1.4502 2009.04.07 -
NOD32 3994 2009.04.07 -
Norman 6.00.06 2009.04.07 W32/Smalldrp.APSK
nProtect 2009.1.8.0 2009.04.07 -
Panda 10.0.0.14 2009.04.07 Suspicious file
PCTools 4.4.2.0 2009.04.07 -
Prevx1 V2 2009.04.08 High Risk Worm
Rising 21.24.12.00 2009.04.07 -
Sophos 4.40.0 2009.04.07 -
Sunbelt 3.2.1858.2 2009.04.06 Trojan.1
Symantec 1.4.4.12 2009.04.07 -
TheHacker 6.3.4.0.303 2009.04.07 -
TrendMicro 8.700.0.1004 2009.04.07 -
VBA32 3.12.10.2 2009.04.07 -
ViRobot 2009.4.7.1682 2009.04.07 -
VirusBuster 4.6.5.0 2009.04.07 -
Additional information
File size: 65813 bytes
MD5...: a60c041a9d5905a010cf06f936e8819c
SHA1..: 1b4a00834e87186c7bdf5386b9a38d030ed29843
SHA256: 2208db5b0a11c486e2b56d29dcbd41a9424b65d01da6cc24f49e5bb034e3f588
SHA512: 8278f70e95f9654eb7158a6e84f7ceb4e2a2f236826d452fe3f79c1f727a65e8
0c596a7e9e8391df2827535ac0dcf68f001e7cff2bcbe014df9c192f2aa9c68a
ssdeep: 1536:qJ9dqFOAaV5GblnGGNFqPVaSGiKa451j5KKhHknuZ37vTk8:NaV5gZGGNFq
ASGiU5B5ZOuR
PEiD..: -
TrID..: File type identification
ZIP compressed archive (99.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: -
RDS...: NSRL Reference Data Set
-
Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=B070AB0B1568C144FFDC02400376060081C90396' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=B070AB0B1568C144FFDC02400376060081C90396</a>
bad-malware
Regular Member
 
Posts: 31
Joined: March 21st, 2009, 12:19 am

Re: My HiJack This Log -- & your Help please

Unread postby bad-malware » April 7th, 2009, 8:09 pm

The 6000PLR.zip file is too large to upload. Virus total won't take it. The other link took forrever and then didn't seem to take it either. It should be a collection of articles and was a bonus for something I purchased. It has never been unzipped.

--

The last file in the list:
iun3404.exe

I don't know what this is. Properties say:
Setup Factory 4.0
Indigo Rose Corporation (Software Design)
Created October 2006.

File iun3403.exe received on 04.08.2009 01:21:45 (CET)
Current status: finished
Result: 0/40 (0.00%)
Compact Compact
Print results Print results
Antivirus Version Last Update Result
a-squared 4.0.0.101 2009.04.07 -
AhnLab-V3 5.0.0.2 2009.04.07 -
AntiVir 7.9.0.138 2009.04.07 -
Antiy-AVL 2.0.3.1 2009.04.07 -
Authentium 5.1.2.4 2009.04.07 -
Avast 4.8.1335.0 2009.04.07 -
AVG 8.5.0.285 2009.04.07 -
BitDefender 7.2 2009.04.08 -
CAT-QuickHeal 10.00 2009.04.07 -
ClamAV 0.94.1 2009.04.07 -
Comodo 1102 2009.04.07 -
DrWeb 4.44.0.09170 2009.04.08 -
eSafe 7.0.17.0 2009.04.07 -
eTrust-Vet 31.6.6442 2009.04.07 -
F-Prot 4.4.4.56 2009.04.08 -
F-Secure 8.0.14470.0 2009.04.08 -
Fortinet 3.117.0.0 2009.04.07 -
GData 19 2009.04.08 -
Ikarus T3.1.1.49.0 2009.04.07 -
K7AntiVirus 7.10.695 2009.04.07 -
Kaspersky 7.0.0.125 2009.04.08 -
McAfee 5577 2009.04.07 -
McAfee+Artemis 5577 2009.04.07 -
McAfee-GW-Edition 6.7.6 2009.04.07 -
Microsoft 1.4502 2009.04.07 -
NOD32 3994 2009.04.07 -
Norman 6.00.06 2009.04.07 -
nProtect 2009.1.8.0 2009.04.07 -
Panda 10.0.0.14 2009.04.07 -
PCTools 4.4.2.0 2009.04.07 -
Prevx1 V2 2009.04.08 -
Rising 21.24.12.00 2009.04.07 -
Sophos 4.40.0 2009.04.08 -
Sunbelt 3.2.1858.2 2009.04.06 -
Symantec 1.4.4.12 2009.04.08 -
TheHacker 6.3.4.0.303 2009.04.07 -
TrendMicro 8.700.0.1004 2009.04.07 -
VBA32 3.12.10.2 2009.04.07 -
ViRobot 2009.4.7.1682 2009.04.07 -
VirusBuster 4.6.5.0 2009.04.07 -
Additional information
File size: 214528 bytes
MD5...: 3b8a82e9d3068673b7319ce813c6ff78
SHA1..: a0c120ea45759dd07f315eb97fd2aeff20d382a6
SHA256: c147574d1af491a8410e525f8d7c2895ab508bb2a2bde02b459f77c9317e565d
SHA512: 4daeed37b3d7fc76ed0ae84e12d862e2b8ea144b714e0eacc9d0915c7644d57b
fcd8ce73a39fe1d62b5c192fecdb40800cc72b93549e96bee508df290a17d925
ssdeep: 3072:BF76RzhE57M91xzJQNTBnWdIIWdd2T4OsibfqvcJGw80hqNr16:Bmz+5ySN
91AT4OHSZwQJ6
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ 4.x (64.8%)
Win32 Executable MS Visual C++ (generic) (18.1%)
Windows Screen Saver (6.3%)
Win32 Executable Generic (4.1%)
Win32 Dynamic Link Library (generic) (3.6%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xb500
timedatestamp.....: 0x33a998c2 (Thu Jun 19 20:38:26 1997)
machinetype.......: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x237f3 0x23800 6.48 18c629337bd0c4446cc286e6bb7bdca4
.rdata 0x25000 0x6888 0x6a00 4.02 4383a513143a135213d572f11a267f54
.data 0x2c000 0x69f8 0x2c00 3.80 efabc6d9a4fc7be85def940b3effff68
.idata 0x33000 0x1f1e 0x2000 5.44 9f92ff03e817c794c41f6a1a1fbb5a27
.rsrc 0x35000 0xa28 0xc00 3.36 6915b0c863923ad3d12d881bd3c4c485
.reloc 0x36000 0x47ce 0x4800 5.44 a4198039b77e0ac90599999c1f56a3f7

( 9 imports )
> KERNEL32.dll: GetCurrentThread, GlobalDeleteAtom, lstrcpynA, GlobalGetAtomNameA, CloseHandle, lstrcmpA, MultiByteToWideChar, GlobalAddAtomA, LocalFree, GlobalAlloc, CreateFileA, ReadFile, WriteFile, SetFilePointer, FlushFileBuffers, LockFile, UnlockFile, SetEndOfFile, FindFirstFileA, GetVolumeInformationA, GetFullPathNameA, DuplicateHandle, GetCurrentProcess, FileTimeToSystemTime, FileTimeToLocalFileTime, GlobalFlags, LocalAlloc, InitializeCriticalSection, TlsAlloc, DeleteCriticalSection, GlobalHandle, LeaveCriticalSection, GlobalReAlloc, EnterCriticalSection, TlsGetValue, TlsSetValue, LocalReAlloc, GetVersion, GetProcessVersion, FindClose, WideCharToMultiByte, GetCurrentThreadId, LoadResource, SetErrorMode, RtlUnwind, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, RaiseException, HeapAlloc, HeapFree, ExitProcess, TerminateProcess, GetTimeZoneInformation, GetCPInfo, GetACP, GetOEMCP, HeapSize, HeapReAlloc, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetFileType, GetStdHandle, HeapCreate, SetUnhandledExceptionFilter, GetStringTypeA, GetStringTypeW, IsBadReadPtr, IsBadWritePtr, IsBadCodePtr, LCMapStringA, LCMapStringW, GetLocaleInfoA, GetLocaleInfoW, SetStdHandle, CompareStringA, CompareStringW, SetEnvironmentVariableA, GetProfileStringA, InterlockedDecrement, InterlockedIncrement, lstrcatA, GlobalUnlock, GlobalLock, lstrlenA, GetWindowsDirectoryA, FindResourceA, GlobalFree, LockResource, GetModuleFileNameA, GetSystemDirectoryA, MulDiv, lstrcmpiA, GetPrivateProfileStringA, WritePrivateProfileStringA, MoveFileExA, GetPrivateProfileIntA, RemoveDirectoryA, DeleteFileA, GetFileSize, GetFileTime, CreateProcessA, WaitForSingleObject, LoadLibraryA, GetProcAddress, GetLastError, FreeLibrary, lstrcpyA, SetFileAttributesA, GetVersionExA, SetLastError, SizeofResource
> USER32.dll: LoadStringA, GetCapture, GetTopWindow, ScreenToClient, IsWindowVisible, EndDeferWindowPos, CopyRect, BeginDeferWindowPos, DeferWindowPos, EqualRect, AdjustWindowRectEx, SetFocus, GetFocus, GetSysColor, MapWindowPoints, SystemParametersInfoA, SendDlgItemMessageA, SetDlgItemTextA, IsDialogMessageA, SetWindowTextA, ShowWindow, EnableMenuItem, CheckMenuItem, SetMenuItemBitmaps, ModifyMenuA, GetMenuState, LoadBitmapA, GetMenuCheckMarkDimensions, CharUpperA, SetRectEmpty, LoadAcceleratorsA, TranslateAcceleratorA, GetDesktopWindow, DestroyMenu, LoadMenuA, SetMenu, ReuseDDElParam, UnpackDDElParam, InvalidateRect, IsIconic, BringWindowToTop, PostQuitMessage, ShowOwnedPopups, SetMessageQueue, GetCursorPos, ValidateRect, GetMessageA, GetDC, ReleaseDC, GetWindowDC, BeginPaint, EndPaint, TabbedTextOutA, DrawTextA, GrayStringA, GetClassNameA, PtInRect, ClientToScreen, WinHelpA, IsWindowUnicode, CharNextA, OffsetRect, InflateRect, DefDlgProcA, DrawFocusRect, IntersectRect, ExcludeUpdateRgn, ShowCaret, HideCaret, GetClassInfoA, RegisterClassA, GetMenuItemCount, GetSubMenu, GetMenuItemID, GetMenu, GetDlgItem, GetWindowTextLengthA, GetWindowTextA, GetDlgCtrlID, GetKeyState, DefWindowProcA, CreateWindowExA, CallNextHookEx, UnhookWindowsHookEx, SetWindowsHookExA, SetPropA, GetLastActivePopup, GetForegroundWindow, SetForegroundWindow, GetPropA, RemovePropA, CallWindowProcA, GetMessageTime, GetMessagePos, GetWindow, GetWindowRect, SetWindowLongA, SetWindowPos, RegisterWindowMessageA, GetNextDlgTabItem, EndDialog, SetActiveWindow, IsWindow, CreateDialogIndirectParamA, DestroyWindow, GetParent, TranslateMessage, DispatchMessageA, PeekMessageA, DdeClientTransaction, DdeAccessData, DdeUnaccessData, DdeInitializeA, SetCapture, SetCursor, DdeCreateStringHandleA, DdeConnect, DdeFreeStringHandle, ReleaseCapture, DdeDisconnect, DdeUninitialize, wsprintfA, MessageBoxA, SendMessageA, GetClientRect, PostMessageA, GetSystemMetrics, LoadIconA, LoadCursorA, UpdateWindow, EnableWindow, GetActiveWindow, IsWindowEnabled, GetWindowLongA, WindowFromPoint, UnregisterClassA
> GDI32.dll: RestoreDC, SetTextColor, SetBkMode, SetMapMode, SetViewportOrgEx, OffsetViewportOrgEx, SetViewportExtEx, CreateDIBitmap, CreateCompatibleDC, BitBlt, GetTextExtentPointA, Escape, ExtTextOutA, TextOutA, RectVisible, PtVisible, GetDeviceCaps, Rectangle, CreateHatchBrush, CreateSolidBrush, CreatePen, CreateFontA, DeleteObject, SelectObject, PatBlt, SetWindowExtEx, ScaleWindowExtEx, GetClipBox, SetBkColor, GetObjectA, IntersectClipRect, CreateBitmap, DeleteDC, SaveDC, GetStockObject, ScaleViewportExtEx
> ADVAPI32.dll: RegDeleteKeyA, RegQueryValueExA, RegCloseKey, RegCreateKeyExA, RegOpenKeyExA, RegSetValueExA
> SHELL32.dll: DragQueryFileA, SHChangeNotify, DragFinish
> COMCTL32.dll: -
> ole32.dll: OleInitialize, OleUninitialize
> WINSPOOL.DRV: ClosePrinter, OpenPrinterA, DocumentPropertiesA
> comdlg32.dll: GetFileTitleA

( 0 exports )
RDS...: NSRL Reference Data Set
-
bad-malware
Regular Member
 
Posts: 31
Joined: March 21st, 2009, 12:19 am

Re: My HiJack This Log -- & your Help please

Unread postby bad-malware » April 7th, 2009, 9:17 pm

John, I can't upload the 6000PLRarticle.zip --- it's 39 mb. It's a collection of articles. Has never been unzipped. I don't need it. Came as a bonus with a purchase.

Below is a fresh HiJack this log.

Thank you.

---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:16:20 PM, on 4/7/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Documents and Settings\Owner\Application Data\mjusbsp\ar00000\magicJackSplash.exe
C:\Documents and Settings\Owner\Application Data\mjusbsp\st00000\mjsetup.exe
C:\Documents and Settings\Owner\Application Data\mjusbsp\magicJackLoader.exe
C:\Documents and Settings\Owner\Application Data\mjusbsp\in00000\magicJackSplash.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html ... B&M=MX6214
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html ... B&M=MX6214
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html ... B&M=MX6214
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.shareware.us/srchasst.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "C:\Program Files\Google\Gmail Notifier\gnotify.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [AcronisTimounterMonitor] "C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [TELUS_eCare_Lite_McciTrayApp] "C:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [CursorXP] "C:\Program Files\CursorXP\CursorXP.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~2\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~2\KASPER~1\mzvkbd3.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 12863 bytes
bad-malware
Regular Member
 
Posts: 31
Joined: March 21st, 2009, 12:19 am

Re: My HiJack This Log -- & your Help please

Unread postby John B. » April 8th, 2009, 8:45 am

Hi,

Some of the files contained malware so we will delete those. We will also update Adobe Reader and Java so that your computer is totally ready for online scanners (in case old versions have bad influence on it).

Step 1: Remove HijackThis entries
  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)

    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)


  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

Step 2: Delete files
Use Explorer to navigate to and delete the following files (if present):

C:\Documents and Settings\Owner\Desktop\Online Dudes & Reports\Marketing Reports\Third Sphere\ezinetactics.zip
C:\Documents and Settings\Owner\Desktop\Online Dudes & Reports\Warrior\site flipper\6000PLRARTICLES.zip
C:\Documents and Settings\Owner\Desktop\Public Domain\WSO Public Domain\b1.zip

Now just exit Explorer.

Step 3: Update Java
Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
First remove the older versions:
  • Click Start
  • Go to Control Panel
  • Go to Add/Remove Programs
  • Find and click Remove for each version of Java that is present
  • Download JavaRa and unzip it to your desktop.
  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location.
Now let's download and install the newest version:
  • Download Java SE Runtime Environment (JRE) 6 Update 13 from here: http://java.sun.com/javase/downloads/index.jsp
  • As Platform select your operating system, agree to the License Agreement and click Continue.
  • Now click on the link under Windows Offline Installation and download the installer to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on the download to install the newest version.
  • Reboot your computer.

Step 4: Update Adobe Reader
It looks like your version of Adobe Reader is out of date and you're vulnarable for infections. Please update it now:
  • Visit this website: http://www.adobe.com/
  • Click Get ADOBE Reader
  • Choose to Download
  • If a prompt comes up Allow it to enable to download manager of Adobe
  • Older versions of Adobe Reader will automatically be removed and the newest version will be installed
  • After the download manager is done go to your desktop and delete the newly created folder

Step 5: Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:
  • Start HijackThis
  • Click on the Open The Misc Tool Section button
  • Click on the Open Uninstall Manager button.
  • Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Save the file to your desktop.

Step 6: Post logs
Please post the following logs in a reply to this topic (use multiple posts if needed):
  • Uninstall log
  • New HijackThis log
  • JavaRa log

Regards,
John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Re: My HiJack This Log -- & your Help please

Unread postby bad-malware » April 8th, 2009, 4:52 pm

Hi John. I've completed the list:

Step 1 - Hijack Fix Checked - done. Note: I saw a Spy Doctor button (09- Extra Button). I've been trying to get Spy Doctor off my system. Should that be removed?

Step 2 - Deleted files

Step 3 - Update Java. Uninstall. Run JavaRA (log below). Install new.

Step 4 - Install current Adobe reader.

Step 5 - Uninstall list (log below).

Two logs below - fresh Hijack this Log in next post.

Thank you.

--- JavaRa Log ---

JavaRa 1.13 Removal Log.Report follows after line.------------------------------------The JavaRa removal process was started on Wed Apr 08 11:45:39 2009

Found and removed: Software\JavaSoft\Java2D\1.5.0_02Found and removed: Software\JavaSoft\Java2D\1.6.0_03Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_02\------------------------------------Finished reporting.

--- <end> ---

--- HJT Uninstall List ---

3ivx MPEG-4 5.0.1 Decoder (remove only)
ACDSee
Acrobat.com
Acronis True Image Home
Adobe AIR
Adobe AIR
Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Reader 9.1
Adobe® Photoshop® Album Starter Edition 3.0
AI RoboForm (All Users)
Apple Mobile Device Support
Apple Software Update
Arachnophilia version 4.0
Bonjour
Broadcom 802.11 Network Adapter
Camtasia Studio 3
CommentKahuna
CursorXP
DAO 3.5
Desktop Acquisition Manager
Domain Name Analyzer v4.1.022207
Dr. Robert Anthony's Intention Activator
DupeFree Pro
DVD Solution
EditPlus 3
FileZilla (remove only)
getPlus(R) for Adobe
Google Gmail Notifier
GPL Ghostscript Lite 8.61
gtw_logo
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB910728)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
HP Deskjet 3740
HP Photo Imaging Software
HP Photo Printing Software
HP Software Update
Intel Matrix Storage Manager
Intel(R) Graphics Media Accelerator Driver
iPod for Windows 2005-09-23
iTunes
Java(TM) 6 Update 13
Kaspersky Anti-Virus 2009
Kaspersky Anti-Virus 2009
Make Your Knowledge Sell!
Malwarebytes' Anti-Malware
Maxtor Manager
Maxtor Manager
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Starter Edition 2006
Microsoft Office 2000 SR-1 Premium
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mindjet MindManager Viewer 6
Motorola SM56 Data Fax Modem
Mozilla Firefox (3.0.8)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
muvee Plugin 1.0
NCH Toolbox Uninstall
nichExplorer
OpenOffice.org 2.2
Palm Desktop and Synchronization Software
Panda ActiveScan 2.0
PDFZilla V1.0.7
Power2Go 4.0
PowerDVD
Quicken Basic 2000
QuickTime
Registry Mechanic 5.2
Security Task Manager 1.7e
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
SigmaTel Audio
Skype™ 3.8
SnagIt 7
SpywareBlaster 4.1
Synaptics Pointing Device Driver
TC Web Conferencing
Texas Instruments PCIxx21/x515/xx12 drivers.
Tiger Asset Manager
Tiger Asset Manager
Tiger PDF Creator
Tiger PDF Creator
Update for Windows XP (KB910437)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VC 9.0 Runtime
WarriorPDF 5.0.0.614
WebEx
Windows Backup Utility
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Yahoo! Messenger
ZoneAlarm
ZoneAlarm Spy Blocker Toolbar

-- <end> --
bad-malware
Regular Member
 
Posts: 31
Joined: March 21st, 2009, 12:19 am

Re: My HiJack This Log -- & your Help please

Unread postby bad-malware » April 8th, 2009, 4:53 pm

Fresh HiJack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:52:30 PM, on 4/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html ... B&M=MX6214
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html ... B&M=MX6214
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html ... B&M=MX6214
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "C:\Program Files\Google\Gmail Notifier\gnotify.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [AcronisTimounterMonitor] "C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [TELUS_eCare_Lite_McciTrayApp] "C:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [CursorXP] "C:\Program Files\CursorXP\CursorXP.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~2\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~2\KASPER~1\mzvkbd3.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 12985 bytes
bad-malware
Regular Member
 
Posts: 31
Joined: March 21st, 2009, 12:19 am

Re: My HiJack This Log -- & your Help please

Unread postby John B. » April 9th, 2009, 11:22 am

Hi,

Note: I saw a Spy Doctor button (09- Extra Button). I've been trying to get Spy Doctor off my system. Should that be removed?

Very good. Yes you can remove it. Will give instructions in this post.. Other than that we will run a Kaspersky Online Scan to see what it finds ;)

Ask Toolbar
Ask Toolbar can be removed to free up resources without compromising system performance. Above that it is by some anti-virus companies rated as PUP:
http://vil.nai.com/vil/content/v_146646.htm
This software is not a virus or a Trojan. It is detected as a "potentially unwanted program" (PUP). PUPs are any piece of software that a reasonably security- or privacy-minded computer user may want to be informed of and, in some cases, remove. PUPs are often made by a legitimate corporate entity for some beneficial purpose, but they alter the security state of the computer on which they are installed, or the privacy posture of the user of the system, such that most users will want to be aware of them.

Please let me know whether you want to get rid of Ask Toolbar or not.

Step 1: Remove HijackThis entry
  • Run HijackThis
  • Click on the Scan button
  • Put a check beside the item listed below (if present):

    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll

  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

Step 2: Run ATF Cleaner
Double-click ATF Cleaner.exe to open it.

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

Step 3: Run Kaspersky Online Scan
Please go to Kaspersky website to perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to your desktop by changing the Files of type to Text file (.txt) before clicking on the Save button.
  • Now close the window.

Step 4: Post logs
Please post the following logs in a reply to this topic (use multiple posts if needed):
  • Let me know if you want to get rid of Ask Toolbar or not
  • Let me know how your computer is running and what problems you still have
  • New HijackThis log
  • Kaspersky Online Scan log

Regards,
John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 60 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware