Member Panel

Remember me ?

Forgot password?   

Sponsors and Ads

Live Tag Cloud
PC Forum PC Help Forum » Security & Safety » [Fixed] Hijackthis! Logs » [Fixed] can someone help me, hijackthis log

[Fixed] Hijackthis! Logs - [Fixed] can someone help me, hijackthis log posted in the Security & Safety forums; Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:20:40 AM, on 8/5/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe ...

JOIN US NOW to remove these Ads

Post New Thread  Reply
Page 1 of 3 1 2 3 >
  #1  
Old 08-05-2007
nomad55's Avatar
Bronze Member
  
Join Date: Aug 2007
Posts: 27
nomad55 - See this Members User comments on their Profile page
Default [Fixed] can someone help me, hijackthis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:20:40 AM, on 8/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\PeDevice\PeDev.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - URLSearchHook: (no name) - _{0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
R3 - URLSearchHook: (no name) - _{965A592F-8EFA-4250-8630-7960230792F1} - (no file)
R3 - URLSearchHook: (no name) - _{4FC95EDD-4796-4966-9049-29649C80111D} - (no file)
R3 - URLSearchHook: (no name) - _{1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - (no file)
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: VoiceIPObj Class - {00000250-0320-4DD4-BE4F-7566D2314352} - C:\WINDOWS\VoiceIP.dll
O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-92C6-CE7EB590A94D} - (no file)
O2 - BHO: SDWin32 Class - {5FA6752A-C4A0-4222-88C2-928AE5AB4966} - C:\WINDOWS\System32\SWin32.dll
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll
O2 - BHO: WinPage Affiliate - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Maloney\Local Settings\Temp\R.dll
O3 - Toolbar: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-92C6-CE7EB590A94D} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [Adstartup] C:\WINDOWS\system32\automove.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab
O16 - DPF: {FDDCE9FF-1FC6-413C-80B1-37B101FDA1D4} - http://download.buddylinks.net/ShellInstaller.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A7AF564-A357-4425-8FCF-44D92BB6C333}: NameServer = 65.26.189.171,65.26.189.169
O23 - Service: .NET Framework Service (.NET Connection Service) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
--
End of file - 6446 bytes
  #2  
Old 08-05-2007
Hengis's Avatar
PCHF Founder & Owner
My PC
 
Join Date: Jan 2004
Location: Berkshire, England
Posts: 10,856
PC Experience: Always learning
Hengis - See this Members User comments on their Profile page Hengis - See this Members User comments on their Profile page Hengis - See this Members User comments on their Profile page Hengis - See this Members User comments on their Profile page Hengis - See this Members User comments on their Profile page Hengis - See this Members User comments on their Profile page Hengis - See this Members User comments on their Profile page Hengis - See this Members User comments on their Profile page Hengis - See this Members User comments on their Profile page Hengis - See this Members User comments on their Profile page Hengis - See this Members User comments on their Profile page
Send a message via Skype™ to Hengis
Default Re: can someone help me, hijackthis log
Welcome to the site Nomad55

You have some pretty bad infections there. We will have to wait for a Security Team member to give you feedback on this - hang tight.


__________________
> Pre-Work > System File Checker
> Did we help you? If we did, please consider A Donation
  #3  
Old 08-05-2007
valis's Avatar
Senior Security Analyst
My PC
 
Join Date: Jan 2007
Location: texas, USA
Posts: 2,585
PC Experience: PC Illiterate
valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page
Default Re: can someone help me, hijackthis log
hello nomad, welcome to the forums...yes, as hengis says, you are rather infected. First, boot into safe mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter. Go to start > run > appwiz.cpl and remove everything that says mywebsearch. Then navigate to c:\program files and delete, again, anything that says mywebsearch or any variation thereof.

Next, boot back into normal mode, and download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program. After the trial period, the scanner will continue to work, and you will still be able to receive updates; however, certain advanced setting will no longer be available unless purchsased
  1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  3. On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  4. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  6. Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
  1. Boot back intoSafeMode.
    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  2. Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  4. AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  5. If you have any infections you will prompted, then select "Apply all actions"
  6. Next select the "Reports" icon at the top.
  7. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  8. Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan as well as a new hjt log.


Thanks,

v


__________________

M.C.S.A.
M.C.P. - MS Server 2k3, Network Architecture

"Ask Bill why the string in function 9 is terminated by a dollar sign. Ask him, because he can't answer. Only I know that."
- Gary Kildall
  #4  
Old 08-06-2007
nomad55's Avatar
Bronze Member
  
Join Date: Aug 2007
Posts: 27
nomad55 - See this Members User comments on their Profile page
Default Re: can someone help me, hijackthis log
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 12:05:39 PM 8/6/2007
+ Scan result:

C:\Documents and Settings\Maloney\Local Settings\Temp\Del2.tmp -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Documents and Settings\Maloney\Local Settings\Temp\DelA.tmp -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Program Files\OfferApp\FLEOK\msbb.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\msbbhook.dll -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\ncmyb.dll -> Adware.180Solutions : Cleaned with backup (quarantined).
HKLM\SOFTWARE\msbb -> Adware.180Solutions : Cleaned with backup (quarantined).
HKU\S-1-5-21-2025429265-813497703-1202660629-1003\Software\msbb -> Adware.180Solutions : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\SWin32.SDWin32.1 -> Adware.Adlogix : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\SWin32.SDWin32.1\CLSID -> Adware.Adlogix : Cleaned with backup (quarantined).
C:\Documents and Settings\Maloney\Local Settings\Temp\adlinstallwin32.exe -> Adware.Adstart : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6147F37D-8127-44B2-80CE-F00CE87A3497}\RP3\A0001020.exe -> Adware.Adstart : Cleaned with backup (quarantined).
C:\WINDOWS\system32\SWin32.dll -> Adware.Adstart : Cleaned with backup (quarantined).
C:\Program Files\Common Files\OfferApp\OfferApp.exe -> Adware.AdTraffic : Cleaned with backup (quarantined).
C:\WINDOWS\system32\OfferApp.exe -> Adware.AdTraffic : Cleaned with backup (quarantined).
C:\Documents and Settings\Maloney\Local Settings\Temp\__unin__.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Maloney\Local Settings\Temp\asmfiles.cab/asm.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\Altnet -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\Altnet\My Altnet Shares -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\cab.xmd.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\cevakrnl.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\cevakrnl.ivd.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\cevakrnl.rvd.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\cran.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\cran.cvd.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\emalware.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\emalware.ivd.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\html.xmd.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\java.cvd.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\mdx_97.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\mdx_97.ivd.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\nelf.cvd.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\pdf.xmd.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\plugins.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\plugins.cab.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\sdx.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\sdx.ivd.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\sfx.xmd.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\update.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\update.txt.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\ve.cvd.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\ve.xmd.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\wise.xmd.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\Atl.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\DMinfo2.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\Setup.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\Setup.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\adm.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\adm25.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\adm4.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\admdata.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\admdloader.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\admfdi.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\admprog.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\dmfiles.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\dminstall3.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\msvcirt.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\mysearch.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\pmexe.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\pmfiles.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Altnet\pminstall.cab -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ADM25.ADM25 -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ADM25.ADM25\CurVer -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ADM4.ADM4 -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ADM4.ADM4\CurVer -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\CxtPls -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\CxtPls\AI_07-07-2007.log -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\CxtPls\ProxyStub.dll -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\CxtPls\ace.dll -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\CxtPls\atl.dll -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\CxtPls\data.bin -> Adware.Apropos : Cleaned with backup (quarantined).
C:\Program Files\CxtPls\libexpat.dll -> Adware.Apropos : Cleaned with backup (quarantined).
HKU\S-1-5-21-2025429265-813497703-1202660629-1003\Software\Apropos -> Adware.Apropos : Cleaned with backup (quarantined).
HKU\S-1-5-21-2025429265-813497703-1202660629-1003\Software\Apropos\Client -> Adware.Apropos : Cleaned with backup (quarantined).
HKU\S-1-5-21-2025429265-813497703-1202660629-1003\Software\Apropos\Client\Cookies -> Adware.Apropos : Cleaned with backup (quarantined).
HKU\S-1-5-21-2025429265-813497703-1202660629-1003\Software\Apropos\Client\Cookies\Data -> Adware.Apropos : Cleaned with backup (quarantined).
HKU\S-1-5-21-2025429265-813497703-1202660629-1003\Software\Apropos\Client\Cookies\Data\net -> Adware.Apropos : Cleaned with backup (quarantined).
HKU\S-1-5-21-2025429265-813497703-1202660629-1003\Software\Apropos\Client\Cookies\Data\net\adin telligence -> Adware.Apropos : Cleaned with backup (quarantined).
HKU\S-1-5-21-2025429265-813497703-1202660629-1003\Software\Apropos\Client\Cookies\Data\net\adin telligence\acc.adintelligence.net/ -> Adware.Apropos : Cleaned with backup (quarantined).
HKU\S-1-5-21-2025429265-813497703-1202660629-1003\Software\Apropos\Client\Cookies\Data\net\adin telligence\adchannel.adintelligence.net/services/AdChannelServer -> Adware.Apropos : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\cdt_bbi8016.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\SHAgentNew.dll -> Adware.BargainBuddy : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\VoiceIPDll.VoiceIPDllObj.1 -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKU\S-1-5-21-2025429265-813497703-1202660629-1003\Software\MxTarget -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKU\S-1-5-21-2025429265-813497703-1202660629-1003\Software\VoiceIP -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Maloney\Local Settings\Temp\THI1825.tmp\VoiceIP.cab/VoiceIp.dll -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\Documents and Settings\Maloney\Local Settings\Temp\THI1825.tmp\VoiceIp.dll -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\Documents and Settings\Maloney\Local Settings\Temp\THI23D8.tmp\preInsTT.exe -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\Documents and Settings\Maloney\Local Settings\Temp\THI23D8.tmp\twaintec.dll -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\Documents and Settings\Maloney\Local Settings\Temp\THI35B5.tmp\mxTarget.cab/mxTarget.dll -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\Documents and Settings\Maloney\Local Settings\Temp\THI35B5.tmp\mxTarget.cab/preInsMt.exe -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\Documents and Settings\Maloney\Local Settings\Temp\THI35B5.tmp\mxTarget.dll -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\Documents and Settings\Maloney\Local Settings\Temp\THI35B5.tmp\preInsMt.exe -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\Documents and Settings\Maloney\Local Settings\Temp\THI49B2.tmp\VoiceIP.cab/VoiceIp.dll -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\Documents and Settings\Maloney\Local Settings\Temp\THI49B2.tmp\VoiceIp.dll -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\Documents and Settings\Maloney\Local Settings\Temp\THI646F.tmp\preInsTT.exe -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\Documents and Settings\Maloney\Local Settings\Temp\THI646F.tmp\twaintec.cab/preInsTT.exe -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\Documents and Settings\Maloney\Local Settings\Temp\THI646F.tmp\twaintec.cab/twaintec.dll -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\Documents and Settings\Maloney\Local Settings\Temp\THI646F.tmp\twaintec.dll -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\Documents and Settings\Maloney\Local Settings\Temp\mxTarget.cab/mxTarget.dll -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\Documents and Settings\Maloney\Local Settings\Temp\mxTarget.cab/preInsMt.exe -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\Documents and Settings\Maloney\Local Settings\Temp\mxTarget.dll -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\Documents and Settings\Maloney\Local Settings\Temp\preInsMt.exe -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6147F37D-8127-44B2-80CE-F00CE87A3497}\RP3\A0001018.dll -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6147F37D-8127-44B2-80CE-F00CE87A3497}\RP3\A0001019.dll -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\WINDOWS\preInsMt.exe -> Adware.BiSpy : Cleaned with backup (quarantined).
HKU\S-1-5-21-2025429265-813497703-1202660629-1003\Software\buddylinks.net -> Adware.BuddyLinks : Cleaned with backup (quarantined).
HKU\S-1-5-21-2025429265-813497703-1202660629-1003\Software\buddylinks.net\Messaging -> Adware.BuddyLinks : Cleaned with backup (quarantined).
HKU\S-1-5-21-2025429265-813497703-1202660629-1003\Software\buddylinks.net\Messaging\8f3b626221d 0 -> Adware.BuddyLinks : Cleaned with backup (quarantined).
HKU\S-1-5-21-2025429265-813497703-1202660629-1003\Software\buddylinks.net\Messaging\dff09368ac4 e -> Adware.BuddyLinks : Cleaned with backup (quarantined).
HKU\S-1-5-21-2025429265-813497703-1202660629-1003\Software\buddylinks.net\Messaging\maloney4118 7@aim -> Adware.BuddyLinks : Cleaned with backup (quarantined).
HKU\S-1-5-21-2025429265-813497703-1202660629-1003\Software\buddylinks.net\Messaging\peter648421 @aim -> Adware.BuddyLinks : Cleaned with backup (quarantined).
C:\Documents and Settings\Maloney\Local Settings\Temp\app343.tmp -> Adware.DelphinMediaViewer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E1412445-4FF8-410e-8D24-F2CF86B171A4} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{E1412445-4FF8-410e-8D24-F2CF86B171A4} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-2025429265-813497703-1202660629-1003\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{E1412445-4FF8-410E-8D24-F2CF86B171A4} -> Adware.Generic : Cleaned with backup (quarantined).
C:\Program Files\Internet Optimizer -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\S-1-5-21-2025429265-813497703-1202660629-1003\Software\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
C:\Documents and Settings\Maloney\Local Settings\Temp\ICD7.tmp\toolbar.dll -> Adware.ISearch : Cleaned with backup (quarantined).
C:\Documents and Settings\Maloney\Local Settings\Temp\ICD8.tmp\toolbar.dll -> Adware.ISearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{1C78AB3F-A857-482e-80C0-3A1E5238A565} -> Adware.Isearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2025429265-813497703-1202660629-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1C78AB3F-A857-482E-80C0-3A1E5238A565} -> Adware.Isearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2025429265-813497703-1202660629-1003\Software\iSearch -> Adware.iSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2025429265-813497703-1202660629-1003\Software\iSearch\SiteAllow -> Adware.iSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2025429265-813497703-1202660629-1003\Software\iSearch\iSearch Toolbar -> Adware.iSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2025429265-813497703-1202660629-1003\Software\iSearch\iSearch Toolbar\Historycombo1 -> Adware.iSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2025429265-813497703-1202660629-1003\Software\iSearch\iSearch Toolbar\tb_items -> Adware.iSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Mod uleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll -> Adware.ISTBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\PerfectNav -> Adware.KeenValue : Cleaned with backup (quarantined).
C:\Documents and Settings\Maloney\Local Settings\Temp\eLeD.exe -> Adware.Midaddle : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WinAffiliateBHO.WinAffiliate IEExtensi.1 -> Adware.MidAddle : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WinAffiliateBHO.WinAffiliate IEExtension -> Adware.MidAddle : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WinAffiliateBHO.WinAffiliate IEExtension\CLSID -> Adware.MidAddle : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WinAffiliateBHO.WinAffiliate IEExtension\CurVer -> Adware.MidAddle : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\midADdle -> Adware.MidAddle : Cleaned with backup (quarantined).
HKLM\SOFTWARE\WildMedia -> Adware.MidAddle : Cleaned with backup (quarantined).
HKLM\SOFTWARE\WildMedia\LicenseStores -> Adware.MidAddle : Cleaned with backup (quarantined).
HKLM\SOFTWARE\midADdle -> Adware.MidAddle : Cleaned with backup (quarantined).
C:\Documents and Settings\Maloney\Local Settings\Temp\1RbxEB.exe -> Adware.Midadle : Cleaned with backup (quarantined).
C:\Documents and Settings\Maloney\Local Settings\Temp\R.dll -> Adware.Midadle : Cleaned with backup (quarantined).
C:\Documents and Settings\Maloney\Local Settings\Temporary Internet Files\Content.IE5\GPIBS5AZ\midaddle[1].dll -> Adware.Midadle : Cleaned with backup (quarantined).
C:\Program Files\Common Files\midaddle\clicks.dll -> Adware.Midadle : Cleaned with backup (quarantined).
C:\Program Files\Common Files\midaddle\midaddle.dll -> Adware.Midadle : Cleaned with backup (quarantined).
C:\Documents and Settings\Maloney\Local Settings\Temp\p2psetup.exe -> Adware.P2PNet : Cleaned with backup (quarantined).
C:\Documents and Settings\Maloney\2020setup.exe -> Adware.PowerSearch : Cleaned with backup (quarantined).
C:\Documents and Settings\Maloney\Local Settings\Temp\game_install.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Documents and Settings\Maloney\Local Settings\Temp\sdexe.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\unimt.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\SWRT01.RT -> Adware.SecondThought : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\SWRT01.RT\Clsid -> Adware.SecondThought : Cleaned with backup (quarantined).
HKU\S-1-5-21-2025429265-813497703-1202660629-1003\Software\2nd -> Adware.SecondThought : Cleaned with backup (quarantined).
HKU\S-1-5-21-2025429265-813497703-1202660629-1003\Software\2nd\Client -> Adware.SecondThought : Cleaned with backup (quarantined).
C:\WINDOWS\system32\SWRT01.dll -> Adware.VirtualBouncer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\MxTargetDll.MxTargetDllObj.1 -> Adware.VX2 : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup (quarantined).
HKLM\SOFTWARE\ToolBar -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2025429265-813497703-1202660629-1003\Software\ToolBar -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\Documents and Settings\Maloney\Local Settings\Temp\BDA.exe -> Adware.WinFetcher : Cleaned with backup (quarantined).
C:\Documents and Settings\Maloney\Local Settings\Temp\WinWildApp.exe -> Adware.WinFetcher : Cleaned with backup (quarantined).
C:\Documents and Settings\Maloney\Local Settings\Temp\update_1.exe -> Adware.WinFetcher : Cleaned with backup (quarantined).
C:\WINDOWS\system32\silent.exe -> Adware.WinFetcher : Cleaned with backup (quarantined).
C:\Documents and Settings\Maloney\Local Settings\Temp\game_dl.exe -> Downloader.Agent.e : Cleaned with backup (quarantined).
C:\Documents and Settings\Maloney\Local Settings\Temp\remove.exe -> Downloader.Keenval.f : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\ATPartners.inf -> Downloader.Rameh.c : Cleaned with backup (quarantined).
C:\WINDOWS\system32\0021-bdl94126.EXE -> Downloader.VB.ca : Cleaned with backup (quarantined).
C:\WINDOWS\2_0_1browserhelper2.dll -> Hijacker.Delf.r : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Dpi\dpi.exe -> Not-A-Virus.NetTool.Win32.Dpi : Cleaned with backup (quarantined).
C:\Documents and Settings\Maloney\Cookies\maloney@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Maloney\Cookies\maloney@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Maloney\Cookies\maloney@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Maloney\Cookies\maloney@clickbank[2].txt -> TrackingCookie.Clickbank : Cleaned.
C:\Documents and Settings\Maloney\Cookies\maloney@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Maloney\Cookies\maloney@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Maloney\Cookies\maloney@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Maloney\Cookies\maloney@ehg-dig.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Maloney\Cookies\maloney@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Maloney\Cookies\maloney@server.iad.livepe rson[1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Maloney\Cookies\maloney@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Maloney\Cookies\maloney@master.mx-targeting[1].txt -> TrackingCookie.Mx-targeting : Cleaned.
C:\Documents and Settings\Maloney\Cookies\maloney@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Maloney\Cookies\maloney@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Maloney\Cookies\maloney@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Maloney\Cookies\maloney@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Maloney\Cookies\maloney@statse.webtrendsl ive[3].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Maloney\Local Settings\Temp\SEPinst.exe -> Trojan.Septic.a : Cleaned with backup (quarantined).

::Report end
  #5  
Old 08-06-2007
valis's Avatar
Senior Security Analyst
My PC
 
Join Date: Jan 2007
Location: texas, USA
Posts: 2,585
PC Experience: PC Illiterate
valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page
Default Re: can someone help me, hijackthis log
avg cleaned loads....got that hjt for me?

thanks,

v


__________________

M.C.S.A.
M.C.P. - MS Server 2k3, Network Architecture

"Ask Bill why the string in function 9 is terminated by a dollar sign. Ask him, because he can't answer. Only I know that."
- Gary Kildall
  #6  
Old 08-08-2007
nomad55's Avatar
Bronze Member
  
Join Date: Aug 2007
Posts: 27
nomad55 - See this Members User comments on their Profile page
Default Re: can someone help me, hijackthis log
sorry about that i missed that part hjt..i get it on soon thanks for all the help my computer is works 100% better

Reply
New! Norton Internet Security 2008 – Download Now Click Here
Page 1 of 3 1 2 3 >

Bookmarks

« [Fixed] Internet Connection Problem | [Resolved] please help me to fix my pc prob »
Thread Tools
Display Modes
Linear Mode Linear Mode