|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| HijackThis Log Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help. |
 |
|
|
Thread Tools |
01-27-2008, 05:24 PM
|
#1 (permalink) |
|
Registered User
Join Date: Jan 2008
Posts: 5
OS: winXP
|
Adware problems
Hijcakthis log file..
Logfile of HijackThis v1.99.1 Scan saved at 7:12:18 PM, on 1/27/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\acs.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\WINDOWS\explorer.exe C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Kevin\Desktop\hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe |
|
     
|
|
01-27-2008, 06:54 PM
|
#2 (permalink) |
|
Registered User
Join Date: Jan 2008
Posts: 5
OS: winXP
|
Re: Adware problems
not bumping.. for some reason it didn't have all my pastes in the post...
---------------------------------------- Panda Scanner: Incident Status Location Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Elizabeth\Application Data\Mozilla\Firefox\Profiles\mpbjvngn.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Elizabeth\Application Data\Mozilla\Firefox\Profiles\mpbjvngn.default\cookies.txt[.questionmarket.com/] Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Elizabeth\Application Data\Mozilla\Firefox\Profiles\mpbjvngn.default\cookies.txt[.adrevolver.com/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Elizabeth\Application Data\Mozilla\Firefox\Profiles\mpbjvngn.default\cookies.txt[.atdmt.com/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Elizabeth\Application Data\Mozilla\Firefox\Profiles\mpbjvngn.default\cookies.txt[.advertising.com/] Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Elizabeth\Application Data\Mozilla\Firefox\Profiles\mpbjvngn.default\cookies.txt[.ads.pointroll.com/] Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Elizabeth\Application Data\Mozilla\Firefox\Profiles\mpbjvngn.default\cookies.txt[server.iad.liveperson.net/] Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Elizabeth\Application Data\Mozilla\Firefox\Profiles\mpbjvngn.default\cookies.txt[.perf.overture.com/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Elizabeth\Application Data\Mozilla\Firefox\Profiles\mpbjvngn.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Elizabeth\Application Data\Mozilla\Firefox\Profiles\mpbjvngn.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Elizabeth\Application Data\Mozilla\Firefox\Profiles\mpbjvngn.default\cookies.txt[.fastclick.net/] Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Elizabeth\Application Data\Mozilla\Firefox\Profiles\mpbjvngn.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\id8ov6zv.default\cookies.txt[.ads.pointroll.com/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\id8ov6zv.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\id8ov6zv.default\cookies.txt[.atdmt.com/] Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\id8ov6zv.default\cookies.txt[.ads.pointroll.com/] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\id8ov6zv.default\cookies.txt[.com.com/] Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\id8ov6zv.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\id8ov6zv.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\id8ov6zv.default\cookies.txt[.adultfriendfinder.com/] Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\id8ov6zv.default\cookies.txt[.burstnet.com/] Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\id8ov6zv.default\cookies.txt[.toplist.cz/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\id8ov6zv.default\cookies.txt[.go.com/] Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\id8ov6zv.default\cookies.txt[www.burstbeacon.com/] Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\id8ov6zv.default\cookies.txt[.xiti.com/] Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\id8ov6zv.default\cookies.txt[.yadro.ru/] Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\id8ov6zv.default\cookies.txt[.azjmp.com/] Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\id8ov6zv.default\cookies.txt[.atwola.com/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Kevin\Cookies\kevin@ad.yieldmanager[1].txt Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Kevin\Cookies\kevin@adrevolver[1].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Kevin\Cookies\kevin@advertising[2].txt Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Kevin\Cookies\kevin@apmebf[1].txt Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Kevin\Cookies\kevin@burstnet[1].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Kevin\Cookies\kevin@doubleclick[1].txt Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Kevin\Cookies\kevin@questionmarket[1].txt Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Kevin\Cookies\kevin@realmedia[1].txt Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Kevin\Cookies\kevin@trafficmp[1].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Kevin\Cookies\kevin@zedo[1].txt Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NirCmd.exe ---------------------------------------------------------------------------------------------------- Deckard's System Scanner: Deckard's System Scanner v20071014.68 Run by Kevin on 2008-01-27 20:34:12 Computer is in Normal Mode. -------------------------------------------------------------------------------- Total Physical Memory: 446 MiB (512 MiB recommended). -- HijackThis (run as Kevin.exe) ----------------------------------------------- Unable to find log (file not found); running clone. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2008-01-27 20:34:15 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\acs.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Documents and Settings\Kevin\Desktop\dss.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get.../ultrashim.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe -- End of file - 4484 bytes -- Files created between 2007-12-27 and 2008-01-27 ----------------------------- 2008-01-27 19:51:42 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus> 2008-01-27 19:41:54 0 d-------- C:\ZonedOut 2008-01-27 19:38:46 0 d-------- C:\ie-spyad_zo 2008-01-27 19:38:33 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library> 2008-01-27 19:38:32 0 d-------- C:\Program Files\SpywareBlaster 2008-01-27 19:31:18 0 d-------- C:\WINDOWS\system32\ActiveScan 2008-01-27 19:31:15 0 d-------- C:\WINDOWS\LastGood 2008-01-23 20:39:40 0 d--hs---- C:\Program Files\outlook 2008-01-23 16:50:14 216064 --a------ C:\WINDOWS\iun3405.exe <Not Verified; Indigo Rose Corporation; Indigo Rose Corporation unin32> 2008-01-22 09:24:49 262144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll 2008-01-22 09:24:49 395776 --a------ C:\WINDOWS\system32\libmplayer.dll 2008-01-22 09:24:49 112640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll 2008-01-22 09:24:49 2255360 --a------ C:\WINDOWS\system32\libavcodec.dll 2008-01-22 09:22:20 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ> 2008-01-22 08:02:54 0 d-------- C:\Program Files\WinAVI Video Converter 2008-01-21 20:13:20 0 d-------- C:\Documents and Settings\All Users\Application Data\1Click DVD Copy Pro 2008-01-21 18:58:34 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine> 2008-01-21 18:58:34 47360 --a------ C:\Documents and Settings\Kevin\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine> 2008-01-21 18:58:33 0 d-------- C:\Documents and Settings\Kevin\Application Data\Vso 2008-01-20 23:02:28 164352 --a------ C:\WINDOWS\system32\unrar.dll 2008-01-20 23:02:26 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec> 2008-01-20 23:02:26 282624 --a------ C:\WINDOWS\system32\xvidvfw.dll 2008-01-20 23:02:26 1559040 --a------ C:\WINDOWS\system32\xvidcore.dll 2008-01-20 23:02:25 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2008-01-20 23:02:25 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100> 2008-01-20 23:02:25 682496 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®> 2008-01-20 23:02:24 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll 2008-01-20 23:02:23 0 d-------- C:\Program Files\K-Lite Codec Pack 2008-01-15 15:56:58 0 d-------- C:\WINDOWS\pss -- Find3M Report --------------------------------------------------------------- 2008-01-27 20:18:24 0 d-------- C:\Program Files\Windows Defender 2008-01-27 20:17:54 0 d-------- C:\Program Files\TuneUp Utilities 2007 2008-01-27 13:17:52 0 d-------- C:\Documents and Settings\Kevin\Application Data\uTorrent 2008-01-25 23:30:07 0 d-------- C:\Documents and Settings\Kevin\Application Data\LimeWire 2008-01-25 23:19:47 0 d-------- C:\Program Files\Common Files\Adobe 2008-01-25 23:17:29 55 --a------ C:\Documents and Settings\Kevin\Application Data\pcouffin.log 2008-01-25 23:17:29 1144 --a------ C:\Documents and Settings\Kevin\Application Data\pcouffin.inf 2008-01-25 23:17:29 7887 --a------ C:\Documents and Settings\Kevin\Application Data\pcouffin.cat 2008-01-25 12:40:42 0 d-------- C:\Program Files\Conquer 2.0 2008-01-23 20:28:26 0 d-------- C:\Program Files\LimeWire 2008-01-15 19:24:28 0 d-------- C:\Documents and Settings\Kevin\Application Data\Winamp 2008-01-15 15:50:12 0 d-------- C:\Program Files\RealArcade 2008-01-15 15:42:25 0 d-------- C:\Program Files\Winamp 2007-12-14 14:29:57 0 --a------ C:\WINDOWS\ativpsrm.bin 2007-12-12 07:24:42 0 d-------- C:\Program Files\Eudemons Online 2007-12-05 22:02:54 0 d-------- C:\Program Files\Yahoo! 2007-12-02 13:01:49 0 d-------- C:\Documents and Settings\Kevin\Application Data\Comodo 2007-12-02 13:01:46 0 d-------- C:\Program Files\COMODO 2007-11-30 14:31:57 0 d-------- C:\Documents and Settings\Kevin\Application Data\Help 2007-11-29 13:36:01 0 d-------- C:\Documents and Settings\Kevin\Application Data\Adobe 2007-11-29 10:46:55 0 d-------- C:\Program Files\Common Files 2007-11-29 10:46:55 0 d-------- C:\Program Files\Common Files\Macrovision Shared 2007-11-20 16:55:59 4 --a------ C:\WINDOWS\system32\11E684 -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [12/04/2007 07:00 AM] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "MaxRecentDocs"=6 (0x6) "NoRecentDocsNetHood"=1 (0x1) "ClearRecentDocsOnExit"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"= C:\WINDOWS\system32\guard32.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Host Process] C:\WINDOWS\Fonts\svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Ati HotKey Poller"=2 (0x2) "mnmsrvc"=3 (0x3) "lanmanworkstation"=2 (0x2) "helpsvc"=2 (0x2) "Eventlog"=2 (0x2) "dmadmin"=3 (0x3) "CryptSvc"=3 (0x3) "cmdAgent"=2 (0x2) "CiSvc"=3 (0x3) "Bonjour Service"=2 (0x2) "BITS"=2 (0x2) "WMPNetworkSvc"=3 (0x3) "WmiApSrv"=3 (0x3) "TrkWks"=2 (0x2) "TapiSrv"=3 (0x3) "SwPrv"=3 (0x3) "Spooler"=2 (0x2) "Schedule"=2 (0x2) "RDSessMgr"=3 (0x3) "RasMan"=3 (0x3) "RasAuto"=3 (0x3) "Nero BackItUp Scheduler 3"=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "AAWTray"=C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe "SkyTel"=SkyTel.EXE "Alcmtr"=ALCMTR.EXE "RTHDCPL"=RTHDCPL.EXE "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime "MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp *Newly Created Service* - BKVKXJJYNYFK *Newly Created Service* - RKPAVPROC *Newly Created Service* - SDTHOOK -- End of Deckard's System Scanner: finished at 2008-01-27 20:38:49 No Extra.txt ------------------------------------------------------------------ HiJackthis log file: Logfile of HijackThis v1.99.1 Scan saved at 8:45:11 PM, on 1/27/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\acs.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Documents and Settings\Kevin\Desktop\hijackthis\Kevin.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe |
|
|
|
|
| Thread Tools | |
|
|
