Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Please help... this is my hijackthis log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Please help... this is my hijackthis log

Unread postby kevin320 » June 1st, 2008, 10:35 pm

My computer is acting really weird. Google, myspace, and facebook do not work in mozilla firefox, while other sites such as youtube and wikipedia do. I've tried to delete strange .dll's from my startup, but they keep coming back. This is my hijackthis log, and please help. Thank you =D

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:34:46 PM, on 6/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {0a452a47-c5a8-4854-a237-4b9b06b376f0} - (no file)
O3 - Toolbar: (no name) - {0a452a47-c5a8-4854-a237-4b9b06b376f0} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [imekrmig] C:\IME\IMKR\imekrmig.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [BMbfd29693] Rundll32.exe "C:\WINDOWS\system32\jqjkqper.dll",s
O4 - HKCU\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scan ... ProExe.cab
O16 - DPF: {36A4B20A-2B75-4101-86CE-F9B03CA4B91C} (DownStarter Control) - http://bgweb.clubbox.co.kr/bin/DownStarter.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
kevin320
Active Member
 
Posts: 6
Joined: June 1st, 2008, 10:10 pm
Advertisement
Register to Remove

Re: Please help... this is my hijackthis log

Unread postby dan12 » June 2nd, 2008, 4:28 am

welcome to malwareremoval forums

My name is Dan, and I will be helping you to remove any infection(s) that you may have.

Please note! that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

Please observe these rules while we work:
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • REMEMBER, ABSENCE OF SYMPTOMS DOES NOT MEAN THE INFECTION IS ALL GONE.
If you can do these things, everything should go smoothly.
  • Please note you'll need to have Administrator priviledges to perform the fixes. (XP accounts are Administrator by default)
  • Please let me know if you are using a computer with multiple accounts, as this can affect the instructions given.

Unless informed of in advance, failure to post replies within 5 days will result in this thread being closed.


It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

I'm presently looking over your log and hope not to be too long.
Will be back with you as soon as I can.
Thanks dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Please help... this is my hijackthis log

Unread postby dan12 » June 2nd, 2008, 4:29 am

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix


Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Please help... this is my hijackthis log

Unread postby kevin320 » June 2nd, 2008, 5:14 pm

After I installed Windows Recovery, I pressed exit on my anti virus which is BitDefender. During the run of combo fix, BitDefender kept popping up and asking me to allow certain files to be allowed into the registry. If I ignored it, combo fix would not resume its operation. When combo fix was finished, it did not show a log, and it automatically re-booted. However, when I re-booted, my all websites on Firefox ironically started to work again, and my computer is operating normally, except the fact that my clock is messed up.

I ran hijackthis again, and this is my log.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:10, on 2008-06-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {0a452a47-c5a8-4854-a237-4b9b06b376f0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {90626934-EDE2-4AA3-8996-52145EE4F0C6} - C:\WINDOWS\system32\hgGvtSmm.dll (file missing)
O2 - BHO: (no name) - {E1BC0AAB-2C35-40DF-8F1D-4FD437DF432E} - C:\WINDOWS\system32\ddcYPgDu.dll (file missing)
O3 - Toolbar: (no name) - {0a452a47-c5a8-4854-a237-4b9b06b376f0} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [imekrmig] C:\IME\IMKR\imekrmig.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scan ... ProExe.cab
O16 - DPF: {36A4B20A-2B75-4101-86CE-F9B03CA4B91C} (DownStarter Control) - http://bgweb.clubbox.co.kr/bin/DownStarter.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: ddcYPgDu - ddcYPgDu.dll (file missing)
O20 - Winlogon Notify: ljJbbCtR - C:\WINDOWS\
O20 - Winlogon Notify: opnkliGw - C:\WINDOWS\
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--

Once again, thank you for all this free help =D
kevin320
Active Member
 
Posts: 6
Joined: June 1st, 2008, 10:10 pm

Re: Please help... this is my hijackthis log

Unread postby dan12 » June 2nd, 2008, 5:31 pm

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Did you disable your antivirus during the scan?
If cf ran you will find the report here C:\ComboFix.txt post me the report.
If however the scan never ran can you disable antivirus and all antimalware programs whilst scan is in progress.
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Please help... this is my hijackthis log

Unread postby kevin320 » June 2nd, 2008, 9:07 pm

I was finally able to run ComboFix, despite the fact that my antivirus kept popping up at times. I exited it, but it somehow kept popping up.

Here is my ComboFix log,


ComboFix 08-06-01.6 - kix 2008-06-02 20:20:49.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.544 [GMT -4:00]
Running from: C:\Documents and Settings\kix\Desktop\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\kix\Favorites\Online Security Test.url
C:\Documents and Settings\kix\Local Settings\Temporary Internet Files\ijjistarter2FxB.exe
C:\Documents and Settings\kix\Local Settings\Temporary Internet Files\SKBGM.cfg
C:\Documents and Settings\kix\Local Settings\Temporary Internet Files\SKBGM0.che
C:\Documents and Settings\kix\Local Settings\Temporary Internet Files\SKBGM1.che
C:\Documents and Settings\kix\Local Settings\Temporary Internet Files\SKBGM2.che
C:\Documents and Settings\kix\Local Settings\Temporary Internet Files\SKBGM3.che
C:\Documents and Settings\kix\Local Settings\Temporary Internet Files\SKBGM4.che
C:\Documents and Settings\kix\Local Settings\Temporary Internet Files\SKBGM5.che
C:\Documents and Settings\kix\Local Settings\Temporary Internet Files\SKBGM6.che
C:\Documents and Settings\kix\Local Settings\Temporary Internet Files\SKBGM7.che
C:\Documents and Settings\kix\Local Settings\Temporary Internet Files\SKBGM8.che
C:\Documents and Settings\kix\Local Settings\Temporary Internet Files\SKBGM9.che
C:\WINDOWS\system32\hgGvtSmm.dll
C:\WINDOWS\system32\wun32.dll
.
---- Previous Run -------
.
C:\WINDOWS\BMbfd29693.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\ajqlvgxg.dll
C:\WINDOWS\system32\awtqqrqP.dll
C:\WINDOWS\system32\ddcbBrOI.dll
C:\WINDOWS\system32\ddcYPgDu.dll
C:\WINDOWS\system32\dgpribnd.ini
C:\WINDOWS\system32\duepltdv.ini
C:\WINDOWS\system32\efcCUkhF.dll
C:\WINDOWS\system32\geBtUnmJ.dll
C:\WINDOWS\system32\ghflubdr.dll
C:\WINDOWS\system32\iifgHWPF.dll
C:\WINDOWS\system32\iifgHyAt.dll
C:\WINDOWS\system32\jqjkqper.dll
C:\WINDOWS\system32\jvvumgyy.dll
C:\WINDOWS\system32\lflyellr.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mlJDttUO.dll
C:\WINDOWS\system32\mmStvGgh.ini
C:\WINDOWS\system32\mmStvGgh.ini2
C:\WINDOWS\system32\mvlypjcj.ini
C:\WINDOWS\system32\neqpctxt.dll
C:\WINDOWS\system32\nlcllyek.dll
C:\WINDOWS\system32\nnnljgEU.dll
C:\WINDOWS\system32\nwhbtphb.ini
C:\WINDOWS\system32\pmnMEvSi.dll
C:\WINDOWS\system32\pmnmjIXO.dll
C:\WINDOWS\system32\qoMfdeEX.dll
C:\WINDOWS\system32\qoqhpdow.dll
C:\WINDOWS\system32\sgmrvqkm.ini
C:\WINDOWS\system32\tikylvxq.ini
C:\WINDOWS\system32\vtUklmjg.dll
C:\WINDOWS\system32\vxqvsaba.dll
C:\WINDOWS\system32\wyefqwqn.ini

.
((((((((((((((((((((((((( Files Created from 2008-05-03 to 2008-06-03 )))))))))))))))))))))))))))))))
.

2008-05-31 22:13 . 2008-05-31 22:13 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-31 17:21 . 2008-05-31 21:58 2,034 --ahs---- C:\WINDOWS\system32\csdaxpay.ini
2008-05-30 08:16 . 2008-05-30 08:16 <DIR> d-------- C:\Program Files\BitDefender
2008-05-30 08:16 . 2008-05-30 17:01 <DIR> d-------- C:\Documents and Settings\kix\Application Data\BitDefender
2008-05-30 08:16 . 2008-05-30 17:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-05-29 22:32 . 2008-06-02 20:27 121 --a------ C:\WINDOWS\bdagent.INI
2008-05-29 22:24 . 2008-05-30 08:09 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-05-14 21:21 . 2008-05-14 21:21 <DIR> d--hs---- C:\found.000
2008-05-09 20:25 . 2008-05-09 20:30 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-05-09 20:25 . 2008-05-09 20:25 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-05-09 20:25 . 2008-05-09 20:30 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-09 17:23 . 2008-05-28 22:43 <DIR> d-------- C:\Program Files\WarRock

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-03 00:46 --------- d-----w C:\Program Files\dl_cats
2008-06-03 00:20 --------- d-----w C:\Documents and Settings\kix\Application Data\Azureus
2008-06-02 22:36 --------- d-----w C:\Program Files\Zoom Player
2008-06-02 01:56 --------- d-----w C:\Documents and Settings\kix\Application Data\foobar2000
2008-06-01 15:15 --------- d-----w C:\Program Files\Steam
2008-05-30 02:20 --------- d-----w C:\Program Files\Kaspersky Lab
2008-05-30 02:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-29 19:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-29 02:45 --------- d-----w C:\Program Files\MagicISO
2008-05-29 02:44 --------- d-----w C:\Program Files\Ultra Azureus Accelerator
2008-05-17 17:04 --------- d-----w C:\Documents and Settings\kix\Application Data\LimeWire
2008-05-14 07:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-18 21:43 --------- d-----w C:\Program Files\Apple Software Update
2008-04-18 21:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-04-18 19:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-17 11:12 --------- d-----w C:\Program Files\Azureus
2008-04-15 12:32 --------- d-----w C:\Program Files\Wake up mp3
2008-04-12 01:11 --------- d-----w C:\Program Files\gossiper
2008-04-12 01:11 --------- d-----w C:\Program Files\Conduit
2008-04-12 01:11 --------- d-----w C:\Program Files\Azureus Ultra Accelerator
2008-04-09 02:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-12-17 02:21 2,214 ----a-w C:\Documents and Settings\kix\Application Data\wklnhst.dat
2006-10-31 16:58 2,522 ----a-w C:\Program Files\netwait.odl
2006-09-03 02:45 2,706 ----a-w C:\Program Files\aim.odl
2005-09-23 10:56 479,232 ----a-w C:\Program Files\msvcm80.dll
2005-09-23 03:22 522 ----a-w C:\Program Files\Microsoft.VC80.CRT.manifest
2005-09-23 03:05 626,688 ----a-w C:\Program Files\msvcr80.dll
2005-09-23 03:05 548,864 ----a-w C:\Program Files\msvcp80.dll
2007-10-24 20:54 56 --sh--r C:\WINDOWS\system32\2882CF3F4F.sys
2006-05-03 09:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2007-10-24 20:54 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"Aim6"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 18:41 45056]
"CTSVolFE.exe"="C:\Program Files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 16:57 57344]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 17:00 282624 C:\WINDOWS\stsystra.exe]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 15:46 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-02-16 17:45 360448]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56 64512]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [ ]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44 81920]
"dlcxmon.exe"="C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe" [2006-06-14 08:51 286720]
"MemoryCardManager"="C:\Program Files\Dell Photo AIO Printer 926\memcard.exe" [2006-06-27 07:34 299008]
"DLCXCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-06-07 12:17 106496]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 07:15 151552]
"imekrmig"="C:\IME\IMKR\imekrmig.exe" [2001-01-09 12:01 44544]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-11-06 04:27 200704]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljJbbCtR]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnkliGw]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"msacm.divxa32"= msaud32_divx.acm
"vidc.yv12"= yv12vfw.dll
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bce1a50f]
C:\WINDOWS\system32\nqwqfeyw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMbfd29693]
C:\WINDOWS\system32\jqjkqper.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Steam\\steamapps\\eviluckyducky\\counter-strike\\hl.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\system32\\dlcxcoms.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\skcbgm.exe"=
"C:\\WINDOWS\\system32\\FSCAgent.exe"=
"C:\\Program Files\\Steam\\steamapps\\eviluckyducky\\half-life\\hl.exe"=
"C:\\Program Files\\Steam\\steamapps\\eviluckyducky\\day of defeat\\hl.exe"=
"C:\\Program Files\\Steam\\steamapps\\eviluckyducky\\half-life blue shift\\hl.exe"=
"C:\\Program Files\\Steam\\steamapps\\eviluckyducky\\half-life 2 deathmatch\\hl2.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\ijji\\ENGLISH\\u_sf\\soldierfront.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Participatory Culture Foundation\\Miro\\Miro_Downloader.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\English\\setup.exe"=

R0 SSFS041A;Spy Sweeper File System Filer Driver: 041A;C:\WINDOWS\system32\Drivers\SSFS041A.SYS [2006-07-12 12:10]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2007-11-15 22:38]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-01-25 15:40]
R3 dlcx_device;dlcx_device;C:\WINDOWS\system32\dlcxcoms.exe [2006-05-18 16:36]
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2006-06-05 03:39]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

.
Contents of the 'Scheduled Tasks' folder
"2008-05-27 16:32:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-02 20:46:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\ELService.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2008-06-02 21:03:34 - machine was rebooted [kix]
ComboFix-quarantined-files.txt 2008-06-03 01:03:20

Pre-Run: 58,725,101,568 bytes free
Post-Run: 58,712,035,328 bytes free

229 --- E O F --- 2008-05-16 07:02:20

thanks
kevin320
Active Member
 
Posts: 6
Joined: June 1st, 2008, 10:10 pm

Re: Please help... this is my hijackthis log

Unread postby dan12 » June 3rd, 2008, 1:45 am

Thanks for the returned log I will go through it soon,however the next time you run cf for me can you disable your a\v it is still active that is why you are getting the popup during the scan.It could also affect the results of the returned log.
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Please help... this is my hijackthis log

Unread postby dan12 » June 3rd, 2008, 5:19 am

P2P Warning!

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

LimeWire and Azureus

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation

I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

References for the risk of these programs can be found in these links: http://www.microsoft.com/windows/ie/community/columns/protection.mspx
http://www.techweb.com/wire/160500554
http://www.internetworldstats.com/articles/art053.htm

I would recommend that you uninstall LimeWire and Azureus, however that choice is up to you.
If you wish to keep it, please do not use it until your computer is cleaned.


___________________

Optional - VIEWPOINT MANAGER
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546
Additional info:Here
I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.
  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player
  • Viewpoint Toolbar
Your call.

___________________

To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint.
Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player.
The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information.
CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously.'




Code: Select all
Your log shows that [b]MSConfig[/b] is running at startup. This indicates that you may be using "diagnostic startup" rather than "normal startup" to stop something from running. While this is normally OK, it is possible that you have disabled something that will affect how we fix your malware problem.  While disabled, it will not show up in the HijackThis log.
 
Go to [b]Start[/b] > [b]Run[/b] and type [b]Notepad[/b] 
Copy/paste the following quote box into a new notepad (not wordpad) document. Make sure that wordwrap is unchecked. 
[quote]regedit /a /e %systemdrive%\regkey.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig" 
notepad %systemdrive%\regkey.txt 
del /q %systemdrive%\regkey.txt[/quote] 
Go to the menu at the top of the Notepad [b]File[/b] and [b]Save as[/b]
Save it to your Desktop as [b]"mslook.bat"[/b] (you MUST include the quotes) 
Locate [b]mslook.bat[/b] on your Desktop and double-click it. When notepad opens, copy/paste the content in your reply. When you close Notepad the CMD window will close automatically and the text file will be deleted.



let me have the mslook.txt
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Please help... this is my hijackthis log

Unread postby kevin320 » June 4th, 2008, 3:59 pm

i got this:


REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bce1a50f]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nqwqfeyw"
"hkey"="HKLM"
"command"="rundll32.exe \"C:\\WINDOWS\\system32\\nqwqfeyw.dll\",b"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BMbfd29693]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jqjkqper"
"hkey"="HKLM"
"command"="Rundll32.exe \"C:\\WINDOWS\\system32\\jqjkqper.dll\",s"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
"system.ini"=dword:00000000
"win.ini"=dword:00000000
"bootini"=dword:00000000
"services"=dword:00000000
"startup"=dword:00000002
kevin320
Active Member
 
Posts: 6
Joined: June 1st, 2008, 10:10 pm

Re: Please help... this is my hijackthis log

Unread postby dan12 » June 4th, 2008, 6:04 pm

You know what this program is C:\Program Files\dl_cats?


Submit a File For Analysis
We need to have the files below Scanned by Uploading them/it to Jotti

Please visit Jotti
Copy/paste the the following file path into the window
C:\WINDOWS\system32\2882CF3F4F.sys
Click Submit/Send File
Please post back, to let me know the results.



If Jotti is too busy please try Virustotal

____________


1. Close any open browsers.

2. Open notepad and copy/paste the text in the codebox below into it:

Code: Select all
File::
C:\WINDOWS\system32\nqwqfeyw.dll
C:\WINDOWS\system32\jqjkqper.dll
Folder::
C:\found.000
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljJbbCtR]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnkliGw]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bce1a50f]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMbfd29693]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bce1a50f]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"=-
FileLook::
C:\WINDOWS\system32\2882CF3F4F.sys


   


Save this as CFScript.txt, in the same location as ComboFix.exe


Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Please help... this is my hijackthis log

Unread postby kevin320 » June 5th, 2008, 12:13 am

after the run this was my log:


ComboFix 08-06-04.3 - kix 2008-06-05 0:05:05.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.549 [GMT -4:00]
Running from: C:\Documents and Settings\kix\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\kix\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\system32\jqjkqper.dll
C:\WINDOWS\system32\nqwqfeyw.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\found.000
C:\found.000\file0000.chk

.
((((((((((((((((((((((((( Files Created from 2008-05-05 to 2008-06-05 )))))))))))))))))))))))))))))))
.

2008-06-03 15:50 . 2008-06-04 15:51 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-03 15:50 . 2008-06-04 15:51 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-03 15:49 . 2008-06-05 00:09 1,437,216 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-03 15:49 . 2008-06-04 16:02 13,268 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-03 15:49 . 2008-06-05 00:09 9,248 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-03 15:49 . 2008-06-04 16:02 1,508 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-05-31 22:13 . 2008-05-31 22:13 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-31 17:21 . 2008-05-31 21:58 2,034 --ahs---- C:\WINDOWS\system32\csdaxpay.ini
2008-05-30 08:16 . 2008-05-30 08:16 <DIR> d-------- C:\Program Files\BitDefender
2008-05-29 22:32 . 2008-06-03 07:47 121 --a------ C:\WINDOWS\bdagent.INI
2008-05-29 22:24 . 2008-05-30 08:09 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-05-09 20:25 . 2008-05-09 20:30 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-05-09 20:25 . 2008-05-09 20:25 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-05-09 20:25 . 2008-05-09 20:30 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-09 17:23 . 2008-05-28 22:43 <DIR> d-------- C:\Program Files\WarRock

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-05 02:37 --------- d-----w C:\Program Files\Steam
2008-06-05 02:15 --------- d-----w C:\Program Files\dl_cats
2008-06-04 20:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-04 19:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-06-04 19:51 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-06-03 19:49 --------- d-----w C:\Program Files\Kaspersky Lab
2008-06-03 11:46 --------- d-----w C:\Documents and Settings\kix\Application Data\Azureus
2008-06-02 22:36 --------- d-----w C:\Program Files\Zoom Player
2008-06-02 01:56 --------- d-----w C:\Documents and Settings\kix\Application Data\foobar2000
2008-05-29 19:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-29 02:45 --------- d-----w C:\Program Files\MagicISO
2008-05-29 02:44 --------- d-----w C:\Program Files\Ultra Azureus Accelerator
2008-05-17 17:04 --------- d-----w C:\Documents and Settings\kix\Application Data\LimeWire
2008-05-14 07:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-18 21:43 --------- d-----w C:\Program Files\Apple Software Update
2008-04-18 21:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-04-18 19:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-17 11:12 --------- d-----w C:\Program Files\Azureus
2008-04-15 12:32 --------- d-----w C:\Program Files\Wake up mp3
2008-04-12 01:11 --------- d-----w C:\Program Files\gossiper
2008-04-12 01:11 --------- d-----w C:\Program Files\Conduit
2008-04-12 01:11 --------- d-----w C:\Program Files\Azureus Ultra Accelerator
2008-04-09 02:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2007-12-17 02:21 2,214 ----a-w C:\Documents and Settings\kix\Application Data\wklnhst.dat
2006-10-31 16:58 2,522 ----a-w C:\Program Files\netwait.odl
2006-09-03 02:45 2,706 ----a-w C:\Program Files\aim.odl
2005-09-23 10:56 479,232 ----a-w C:\Program Files\msvcm80.dll
2005-09-23 03:22 522 ----a-w C:\Program Files\Microsoft.VC80.CRT.manifest
2005-09-23 03:05 626,688 ----a-w C:\Program Files\msvcr80.dll
2005-09-23 03:05 548,864 ----a-w C:\Program Files\msvcp80.dll
2007-10-24 20:54 56 --sh--r C:\WINDOWS\system32\2882CF3F4F.sys
2006-05-03 09:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2007-10-24 20:54 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\2882CF3F4F.sys -- Not a PE file.
MD5: e5a3d58fd07602b88ad5233d9a824b4f


((((((((((((((((((((((((((((( snapshot@2008-06-02_21.03.01.90 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-03 00:30:39 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-04 20:03:14 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-02-25 04:34:52 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-06-04 20:04:05 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-02-25 04:34:52 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-06-04 20:04:05 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-12-28 23:51:04 195,344 ----a-w C:\WINDOWS\system32\drivers\klif.sys
+ 2007-12-13 17:28:40 24,592 ----a-w C:\WINDOWS\system32\drivers\klim5.sys
+ 2008-02-08 22:35:42 23,604 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
+ 2008-02-08 22:37:44 219,664 ----a-w C:\WINDOWS\system32\klogon.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 18:41 45056]
"CTSVolFE.exe"="C:\Program Files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 16:57 57344]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 17:00 282624 C:\WINDOWS\stsystra.exe]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56 64512]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [ ]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44 81920]
"dlcxmon.exe"="C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe" [2006-06-14 08:51 286720]
"MemoryCardManager"="C:\Program Files\Dell Photo AIO Printer 926\memcard.exe" [2006-06-27 07:34 299008]
"DLCXCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-06-07 12:17 106496]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 07:15 151552]
"imekrmig"="C:\IME\IMKR\imekrmig.exe" [2001-01-09 12:01 44544]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-11-06 04:27 200704]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll,C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"msacm.divxa32"= msaud32_divx.acm
"vidc.yv12"= yv12vfw.dll
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Steam\\steamapps\\eviluckyducky\\counter-strike\\hl.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\system32\\dlcxcoms.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\skcbgm.exe"=
"C:\\WINDOWS\\system32\\FSCAgent.exe"=
"C:\\Program Files\\Steam\\steamapps\\eviluckyducky\\half-life\\hl.exe"=
"C:\\Program Files\\Steam\\steamapps\\eviluckyducky\\day of defeat\\hl.exe"=
"C:\\Program Files\\Steam\\steamapps\\eviluckyducky\\half-life blue shift\\hl.exe"=
"C:\\Program Files\\Steam\\steamapps\\eviluckyducky\\half-life 2 deathmatch\\hl2.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\ijji\\ENGLISH\\u_sf\\soldierfront.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Participatory Culture Foundation\\Miro\\Miro_Downloader.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\English\\setup.exe"=

R0 SSFS041A;Spy Sweeper File System Filer Driver: 041A;C:\WINDOWS\system32\Drivers\SSFS041A.SYS [2006-07-12 12:10]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2007-11-15 22:38]
R3 dlcx_device;dlcx_device;C:\WINDOWS\system32\dlcxcoms.exe [2006-05-18 16:36]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2006-06-05 03:39]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-03 16:32:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-05 00:09:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-05 0:11:02
ComboFix-quarantined-files.txt 2008-06-05 04:10:41
ComboFix2.txt 2008-06-03 01:03:35

Pre-Run: 62,024,069,120 bytes free
Post-Run: 62,052,773,888 bytes free

179 --- E O F --- 2008-05-16 07:02:20
kevin320
Active Member
 
Posts: 6
Joined: June 1st, 2008, 10:10 pm

Re: Please help... this is my hijackthis log

Unread postby dan12 » June 6th, 2008, 7:14 am

Submit a File For Analysis
We need to have the files below Scanned by Uploading them/it to Jotti

Please visit Jotti
Copy/paste the the following file path into the window
C:\WINDOWS\system32\2882CF3F4F.sys
Click Submit/Send File
Please post back, to let me know the results.


If Jotti is too busy please try Virustotal


: Malwarebytes' Anti-Malware :

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\\Documents and Settings\\Username\\Application Data\\Malwarebytes\\Malwarebytes' Anti-Malware\\Logs\\mbam-log-date (time).txt



1 - Kaspersky Online Scan
With the exception of Internet Explorer, which must be used for this scan, keep ALL programs closed
Please do an online scan with >Kaspersky Online Scanner<. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75%. Once the licence accepted, reset to 100%.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    o Scan using the following Anti-Virus database:
    + Extended (If available otherwise Standard)
    o Scan Options:
    + Scan Archives
    + Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run.
  • Please do not use your computer while the scan is running. Once the scan is complete it will display if your system has been infected.
  • Click the Save Report As... button (see red arrow below)

    Image

  • In the Save as... prompt, select Desktop
  • In the File name box, name the file KasScan-ddmmyy (or similar)
  • In the Save as type prompt, select Text file (see below)

    Image

  • Copy and paste the report in your next post.
Note: It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and to speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware application you use.
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Please help... this is my hijackthis log

Unread postby kevin320 » June 7th, 2008, 5:14 pm

I could not use jotti and virustotal, because they would not load.

From malwarebytes, I got:


Malwarebytes' Anti-Malware 1.15
Database version: 837

1:30:25 AM 6/7/2008
mbam-log-6-7-2008 (01-30-25).txt

Scan type: Full Scan (C:\|)
Objects scanned: 159190
Time elapsed: 1 hour(s), 8 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 25
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 32

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{40722371-e24c-4b36-8e76-010bb6c7185b} (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{825c19d3-35ce-428f-876b-88e080466689} (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{0409743c-e5e3-4bdd-9ec7-eff622530282} (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6f553c18-15e6-4e5e-8f44-add50de754ed} (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{072039ab-2117-4ed5-a85f-9b9eb903e021} (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\nowstarter.nowstarterctrl.1 (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2f223fdc-164a-492c-82d0-055fd8ce349c} (Rogue.Spylocked) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4d3bc08f-3c13-4cd1-80f4-f5a7b7d0388f} (Rogue.Spylocked) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5ba3ee9b-a96e-4301-b839-388afefcd9f4} (Rogue.Spylocked) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{85292bee-65ff-41ad-8e72-b385d1c93c89} (Rogue.Spylocked) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{861adda2-0216-49ac-aa5b-62f64f1d91d1} (Rogue.Spylocked) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8d3014ae-0854-4222-a733-d9dd0149d9fa} (Rogue.Spylocked) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9a9e938c-4a18-4b36-a973-dadcd8a1c268} (Rogue.Spylocked) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9c4d0d3f-f36e-42a3-9b35-a43c08ab1866} (Rogue.Spylocked) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{abd41a08-5c4d-4cdb-8310-a681e73755bf} (Rogue.Spylocked) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b151b421-a97b-4c1d-b555-eed8a35ba5c8} (Rogue.Spylocked) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b3d80493-3013-4e93-a878-4cefc401f4a6} (Rogue.Spylocked) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bdc7bb72-6c19-415d-86c3-76cc46ec00a9} (Rogue.Spylocked) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ce351b84-f0d6-4fa0-aad7-3c0616ea647e} (Rogue.Spylocked) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d64dcdae-38cd-488c-a85c-00a0b5c03ae8} (Rogue.Spylocked) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d9f4d801-2431-465a-b754-ab9e3b649e8c} (Rogue.Spylocked) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e0dbb136-fcd7-4180-9207-d4a9e822002e} (Rogue.Spylocked) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\NowStarter.ocx (Adware.CWS) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\ajqlvgxg.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\awtqqrqP.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\ddcbBrOI.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\ddcYPgDu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\efcCUkhF.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\geBtUnmJ.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\iifgHyAt.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\mlJDttUO.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\neqpctxt.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\nnnljgEU.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\pmnMEvSi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\pmnmjIXO.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\qoMfdeEX.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\vtUklmjg.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CB872E42-8F7A-4FB6-83B9-DCC03DBB98BA}\RP473\A0043210.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CB872E42-8F7A-4FB6-83B9-DCC03DBB98BA}\RP473\A0043213.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CB872E42-8F7A-4FB6-83B9-DCC03DBB98BA}\RP474\A0043393.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CB872E42-8F7A-4FB6-83B9-DCC03DBB98BA}\RP474\A0043394.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CB872E42-8F7A-4FB6-83B9-DCC03DBB98BA}\RP474\A0043395.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CB872E42-8F7A-4FB6-83B9-DCC03DBB98BA}\RP474\A0043396.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CB872E42-8F7A-4FB6-83B9-DCC03DBB98BA}\RP474\A0043397.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CB872E42-8F7A-4FB6-83B9-DCC03DBB98BA}\RP474\A0043398.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CB872E42-8F7A-4FB6-83B9-DCC03DBB98BA}\RP474\A0043401.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CB872E42-8F7A-4FB6-83B9-DCC03DBB98BA}\RP474\A0043405.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CB872E42-8F7A-4FB6-83B9-DCC03DBB98BA}\RP474\A0043406.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CB872E42-8F7A-4FB6-83B9-DCC03DBB98BA}\RP474\A0043408.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CB872E42-8F7A-4FB6-83B9-DCC03DBB98BA}\RP474\A0043409.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CB872E42-8F7A-4FB6-83B9-DCC03DBB98BA}\RP474\A0043410.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CB872E42-8F7A-4FB6-83B9-DCC03DBB98BA}\RP474\A0043411.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CB872E42-8F7A-4FB6-83B9-DCC03DBB98BA}\RP474\A0043413.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.



From Kaspersky online scan,


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, June 07, 2008 3:47:10 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 7/06/2008
Kaspersky Anti-Virus database records: 837393
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 120221
Number of viruses found: 9
Number of infected objects: 30
Number of suspicious objects: 0
Duration of the scan process: 01:25:31

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\kix\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\kix\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini.inuse Object is locked skipped
C:\Documents and Settings\kix\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\kix\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\kix\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\kix\Local Settings\Temp\Perflib_Perfdata_2c8.dat Object is locked skipped
C:\Documents and Settings\kix\Local Settings\Temp\Perflib_Perfdata_c94.dat Object is locked skipped
C:\Documents and Settings\kix\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\kix\ntuser.dat Object is locked skipped
C:\Documents and Settings\kix\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ghflubdr.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\iifgHWPF.dll.vir Infected: Trojan-Downloader.Win32.Agent.rfg skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\jqjkqper.dll.vir Infected: Trojan.Win32.Monder.mj skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\jvvumgyy.dll.vir Infected: Trojan.Win32.Monder.lh skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\lflyellr.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\nlcllyek.dll.vir Infected: Trojan.Win32.Monder.lh skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qoqhpdow.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vxqvsaba.dll.vir Infected: Trojan.Win32.Monder.ma skipped
C:\QooBox\Quarantine\catchme2008-06-02_164256.93.zip/hgGvtSmm.dll Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\catchme2008-06-02_164256.93.zip ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{CB872E42-8F7A-4FB6-83B9-DCC03DBB98BA}\RP463\A0040874.dll Infected: Trojan.Win32.Monder.lb skipped
C:\System Volume Information\_restore{CB872E42-8F7A-4FB6-83B9-DCC03DBB98BA}\RP463\A0040931.dll Infected: Trojan.Win32.Monder.li skipped
C:\System Volume Information\_restore{CB872E42-8F7A-4FB6-83B9-DCC03DBB98BA}\RP465\A0041197.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.vpc skipped
C:\System Volume Information\_restore{CB872E42-8F7A-4FB6-83B9-DCC03DBB98BA}\RP470\A0042077.dll Infected: Trojan.Win32.Monder.lo skipped
C:\System Volume Information\_restore{CB872E42-8F7A-4FB6-83B9-DCC03DBB98BA}\RP470\A0042597.dll Infected: Trojan.Win32.Monder.li skipped
C:\System Volume Information\_restore{CB872E42-8F7A-4FB6-83B9-DCC03DBB98BA}\RP471\A0042620.dll Infected: Trojan.Win32.Monder.lo skipped
C:\System Volume Information\_restore{CB872E42-8F7A-4FB6-83B9-DCC03DBB98BA}\RP471\A0042622.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{CB872E42-8F7A-4FB6-83B9-DCC03DBB98BA}\RP471\A0042702.dll Infected: Trojan.Win32.Monder.ma skipped
C:\System Volume Information\_restore{CB872E42-8F7A-4FB6-83B9-DCC03DBB98BA}\RP471\A0042742.dll Infected: Trojan.Win32.Monder.li skipped
C:\System Volume Information\_restore{CB872E42-8F7A-4FB6-83B9-DCC03DBB98BA}\RP471\A0042849.dll Infected: Trojan.Win32.Monder.lo skipped
C:\System Volume Information\_restore{CB872E42-8F7A-4FB6-83B9-DCC03DBB98BA}\RP472\A0042940.dll Infected: Trojan.Win32.Monder.lo skipped
C:\System Volume Information\_restore{CB872E42-8F7A-4FB6-83B9-DCC03DBB98BA}\RP473\A0043211.dll Infected: Trojan.Win32.Monder.mj skipped
C:\System Volume Information\_restore{CB872E42-8F7A-4FB6-83B9-DCC03DBB98BA}\RP474\A0043399.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{CB872E42-8F7A-4FB6-83B9-DCC03DBB98BA}\RP474\A0043400.dll Infected: Trojan-Downloader.Win32.Agent.rfg skipped
C:\System Volume Information\_restore{CB872E42-8F7A-4FB6-83B9-DCC03DBB98BA}\RP474\A0043402.dll Infected: Trojan.Win32.Monder.mj skipped
C:\System Volume Information\_restore{CB872E42-8F7A-4FB6-83B9-DCC03DBB98BA}\RP474\A0043403.dll Infected: Trojan.Win32.Monder.lh skipped
C:\System Volume Information\_restore{CB872E42-8F7A-4FB6-83B9-DCC03DBB98BA}\RP474\A0043404.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{CB872E42-8F7A-4FB6-83B9-DCC03DBB98BA}\RP474\A0043407.dll Infected: Trojan.Win32.Monder.lh skipped
C:\System Volume Information\_restore{CB872E42-8F7A-4FB6-83B9-DCC03DBB98BA}\RP474\A0043412.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{CB872E42-8F7A-4FB6-83B9-DCC03DBB98BA}\RP474\A0043414.dll Infected: Trojan.Win32.Monder.ma skipped
C:\System Volume Information\_restore{CB872E42-8F7A-4FB6-83B9-DCC03DBB98BA}\RP480\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{ED7E3454-B8B0-4B16-B391-C6BA5395CD8D}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{BBE318B7-9FCB-4134-B243-D9E429874B50}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\IntelDH.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
kevin320
Active Member
 
Posts: 6
Joined: June 1st, 2008, 10:10 pm

Re: Please help... this is my hijackthis log

Unread postby dan12 » June 8th, 2008, 3:31 am

Hi most of what kaspersky flagged is safe and I will deal with it when I have you remove combofix, system restore I will address in my final post to you.
Ok, can you let me know how things are?

Can you try jotti's again and be patient as it can be very busy at times, to get the information I need.
Thanks dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Please help... this is my hijackthis log

Unread postby Shaba » June 14th, 2008, 7:51 am

Due to Lack of Response this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 288 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware