System Security -- Can't even install Hijack This to generat

View previous topic View next topic Go down

System Security -- Can't even install Hijack This to generate log

Post by Peewiglet on 28th June 2009, 3:37 pm

Hi,

I'd be enormously grateful for any help you can give.

My friends' computer is infected with System Security. I tried to download Malwarebytes onto it two days ago but the trojan blocked the download.

I've now got Hijack This and Malwarebytes on a memory stick (downloaded from my own PC) but the trojan won't even let me install Hijack This on Tim's PC, so I can't generate a log for you.

Can you please tell me what we can do about this?

Many thanks in advance for any help.

Peewiglet
Novice
Novice

Posts Posts : 28
Joined Joined : 2009-06-28
OS OS : XP
Points Points : 27244
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security -- Can't even install Hijack This to generat

Post by Belahzur on 28th June 2009, 3:43 pm

Lets try renaming the installer for Hijack This, do you know how to that?

If not, right click the installer file > Rename.
Rename it to winlogon.exe and see if it will run.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System Security -- Can't even install Hijack This to generat

Post by Peewiglet on 28th June 2009, 3:47 pm

Thanks for your speedy help, Belahzur.

I've renamed it, but unfortunately it still won't run. Each time I try to run anything except Internet Explorer (as far as I can tell) a small box comes up above the Systray and tells me the file can't be executed because it's infected.

Peewiglet
Novice
Novice

Posts Posts : 28
Joined Joined : 2009-06-28
OS OS : XP
Points Points : 27244
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security -- Can't even install Hijack This to generat

Post by Peewiglet on 28th June 2009, 4:19 pm

Hi again,

I managed to get into Safe Mode with Networking and generate a HiJackThis log that way. I've posted it below, in two parts

Many thanks again for your help -- it's very much appreciated.

PART 1
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:11:38 PM, on 6/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = [You must be registered and logged in to see this link.]
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: XBTP06568 - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - C:\Program Files\AOL Security Toolbar\tbuA4\AOL_security_toolbar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Program Files\AOL Security Toolbar\tbuA4\AOL_security_toolbar.dll
O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dldfmon.exe] "C:\Program Files\Dell AIO Printer 948\dldfmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell AIO Printer 948\memcard.exe"
O4 - HKLM\..\Run: [Dell AIO Printer 948 Fax Server] "C:\Program Files\Dell AIO Printer 948\fm3032.exe" /s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [10399214] C:\Documents and Settings\All Users\Application Data\10399214\10399214.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: bw+0 - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

Peewiglet
Novice
Novice

Posts Posts : 28
Joined Joined : 2009-06-28
OS OS : XP
Points Points : 27244
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security -- Can't even install Hijack This to generat

Post by Peewiglet on 28th June 2009, 4:20 pm

PART 2

O18 - Protocol: bw50 - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: dldfCATSCustConnectService - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldfserv.exe
O23 - Service: dldf_device - - C:\WINDOWS\system32\dldfcoms.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

--
End of file - 19014 bytes

Peewiglet
Novice
Novice

Posts Posts : 28
Joined Joined : 2009-06-28
OS OS : XP
Points Points : 27244
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security -- Can't even install Hijack This to generat

Post by Belahzur on 28th June 2009, 6:05 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O4 - HKLM\..\Run: [10399214] C:\Documents and Settings\All Users\Application Data\10399214\10399214.exe
    O18 - Protocol: bw+0 - {B91B3344-E057-40B4-A9E6-8674A2A2EAC4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    Fix ALL these O18 items


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System Security -- Can't even install Hijack This to generat

Post by Peewiglet on 28th June 2009, 6:14 pm

Thank you very much Smile

I'll be back at Tim and Kate's tomorrow evening and I'll do that then.

All three of us are extremely grateful to you for your help!

Peewiglet
Novice
Novice

Posts Posts : 28
Joined Joined : 2009-06-28
OS OS : XP
Points Points : 27244
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security -- Can't even install Hijack This to generat

Post by Peewiglet on 28th June 2009, 6:20 pm

Doh... apologies. I've just read through the instructions you gave and realised I've not fully understood. I'm very much a novice in this stuff.

When you've said to fix the "O18 - Protocol: bw+0" items, I can't see any that have a + sign. Underneath you said "Fix all these 018 items". Just to be clear... do I fix *every single* 018 item in the log?

Peewiglet
Novice
Novice

Posts Posts : 28
Joined Joined : 2009-06-28
OS OS : XP
Points Points : 27244
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security -- Can't even install Hijack This to generat

Post by Origin on 28th June 2009, 6:28 pm

Yes that is correct, and then can you please post a new HijackThis log for me Smile


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31513
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security -- Can't even install Hijack This to generat

Post by Peewiglet on 28th June 2009, 9:50 pm

Thanks, Origin. I'll do that and get back to you tomorrow evening Smile

Shirl

Peewiglet
Novice
Novice

Posts Posts : 28
Joined Joined : 2009-06-28
OS OS : XP
Points Points : 27244
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security -- Can't even install Hijack This to generat

Post by Peewiglet on 29th June 2009, 8:15 pm

Hello again!

I've followed the instructions, and here are both the MBAM log and a new HiJack This log. Thanks so much once again for your help!

MBAM LOG PART 1
Malwarebytes' Anti-Malware 1.38
Database version: 2297
Windows 5.1.2600 Service Pack 3

6/29/2009 7:49:31 PM
mbam-log-2009-06-29 (19-49-31).txt

Scan type: Quick Scan
Objects scanned: 97405
Time elapsed: 7 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 15
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 37
Files Infected: 282

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\uprppchk.uprppchk (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{f0e4888b-938d-43e9-8444-787e2ffc178b} (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{936301de-ed09-4540-9daf-0c8443a7f334} (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ebf4b37a-6262-40a8-aad6-3a36b08ae98b} (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\uprppchk.uprppchk.1 (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{df058c45-cd18-453e-8745-5a77f60722ab} (Adware.Gdown) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b5a33c35-7298-4d15-8753-a2e851e2eab3} (Adware.Gdown) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f0d2b812-752d-4af1-a2fb-968c4d8446db} (Adware.Gdown) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e856b973-45fd-4559-8f82-eab539144667} (Adware.Gdown) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\URLSearchHook.SoftomateURLSearchHook (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UWA7P_is1 (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\PrivacyProtector Free (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UPRP_is1 (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\drivecleaner freeware (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemSecurity2009 (Rogue.SystemSecurity) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
c:\program files\WinAntiVirus Pro 2007 (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
c:\program files\winantivirus pro 2007\AWBase (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
c:\program files\winantivirus pro 2007\Download (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
c:\program files\winantivirus pro 2007\plugins (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
c:\program files\winantivirus pro 2007\res (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\PrivacyProtector Free (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\common files\PrivacyProtector Free (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\PrivacyProtector Free (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Download (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\img (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\common files\DriveCleaner Freeware (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\DriveCleaner Freeware (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\img (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\DriveCleaner Freeware (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\documents and settings\All Users\Application Data\SalesMonitor (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\salesmonitor\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\program files\SystemDoctor 2006 Free (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
c:\program files\systemdoctor 2006 free\Download (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
c:\program files\systemdoctor 2006 free\Download\mlmfmxxm (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
c:\program files\systemdoctor 2006 free\Download\qbjvswob (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
c:\documents and settings\Tim Wood\application data\PrivacyProtector Free (Rogue.PrivacyProtector) -> Quarantined and deleted successfully.
c:\documents and settings\Tim Wood\application data\privacyprotector free\Logs (Rogue.PrivacyProtector) -> Quarantined and deleted successfully.
c:\documents and settings\Tim Wood\application data\DriveCleaner Freeware (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\documents and settings\Tim Wood\application data\drivecleaner freeware\Logs (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\Antivirus2008 (Rogue.AntiVirus2008) -> Quarantined and deleted successfully.
c:\documents and settings\Tim Wood\Application Data\ErrorKiller (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
c:\documents and settings\Tim Wood\application data\errorkiller\Log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
c:\documents and settings\Tim Wood\Start Menu\Programs\Pro AntiSpyware 2009 (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
c:\documents and settings\Tim Wood\Start Menu\Programs\System Security (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
c:\documents and settings\All Users\Application Data\Solt Lake Software (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\solt lake software\Pro Antispyware 2009 (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\solt lake software\pro antispyware 2009\BASE (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\solt lake software\pro antispyware 2009\DELETED (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\solt lake software\pro antispyware 2009\LOG (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\solt lake software\pro antispyware 2009\SAVED (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\PrivacyProtector Free\UPRPPChk.dll (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\GTDownDE_87.ocx (Adware.Gdown) -> Quarantined and deleted successfully.
c:\program files\winantivirus pro 2007\IEFWBHO.dll (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
c:\program files\winantivirus pro 2007\res\wa7p.gif (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\privacyprotector free\PrivacyProtector HomePage.lnk (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\privacyprotector free\PrivacyProtector Online Manual.lnk (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\privacyprotector free\PrivacyProtector Online Support.lnk (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\privacyprotector free\PrivacyProtector.lnk (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\privacyprotector free\Uninstall PrivacyProtector.lnk (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Activate.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\atl71.dll (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\bnlink.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\diagnosis.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\err.log (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\lapv.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\license.rtf (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\manual.url (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\mfc71.dll (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\msvcp71.dll (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\msvcr71.dll (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\pv.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\readme.rtf (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\ScanReport.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Schedule.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\sr.log (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\support.url (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\unins000.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\unins000.exe (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\uninstall.ico (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\UninstallPage.html (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\up.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\updater.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\UPRP.url (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\UPRP.xml (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\uprpcw.exe (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\vbpv.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\AE_CD_Cr.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\AReadr4.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\AReadr5.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\ASDSEEpv.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\ASPack.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\Babylon.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\BDelphi5.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\CatchUp.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\CBuildr5.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\CCGA.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\CManager.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\CuteFTP4.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.

Peewiglet
Novice
Novice

Posts Posts : 28
Joined Joined : 2009-06-28
OS OS : XP
Points Points : 27244
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security -- Can't even install Hijack This to generat

Post by Peewiglet on 29th June 2009, 8:16 pm

MBAM LOG Part 2
c:\program files\privacyprotector free\Appbase\CuteHTML.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\DAcceler.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\DiscJug.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\ECDCreat4.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\Far.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\FFTsks.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\FlashFXP.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\FrntPage.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\FrontPEx.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\FtpEXP.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\FtpVoya.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\GetRight.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\GoZilla.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\GravMRU.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\HomeSite.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\HotDogPr.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\H_TxtPad.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\IconExtr.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\iMesh.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\ImgReady3.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\InsShExp.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\JASC_P_P.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\KaZaA.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\LView.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\MacDir.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\MacDrWea.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\MicAng.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\MicDes.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\MMUnDisk.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\MM_CON.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\Morpheus.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\MPaint.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\MPicPub.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\MPImaGal.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\MSExplorer.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\MSoffice.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\MSRegEdit.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\MSWMP.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\MSWordPad.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\Nero.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\NetShow.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\NTBackup.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\pfilelst.xda (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\PhotShel.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\PHPCoder.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\PowerZIP.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\RapidBr.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\RealAuPl.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\RealDown.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\SecurCRT.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\SL_BlWin.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\SmartClr.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\Sonique.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\StuffIt.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\TelepPro.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\UGifAnim.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\UltraEd.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\UMedStud.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\UPhImpV.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\UPhotoEx.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\UVidStud.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\VNC.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\WebFeret.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\WebReap.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\WinACE.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\WinGate.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\WinRAR.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\WinZIP.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\WiseInst.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\wordslst.xda (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\YahooPl.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\Appbase\ZipMagic.dat (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\img\button.gif (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\img\button2.gif (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\img\header.gif (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\img\logo.gif (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\img\spacer.gif (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\img\top1.jpg (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\img\top2.jpg (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\privacyprotector free\img\top_line.gif (Rogue.Privacy.Protector) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Activate.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\atl71.dll (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\AV.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\bnlink.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\diagnosis.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\err.log (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\lapv.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\license.rtf (Rogue.DriveCleaner) -> Quarantined and deleted successfully.

Peewiglet
Novice
Novice

Posts Posts : 28
Joined Joined : 2009-06-28
OS OS : XP
Points Points : 27244
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security -- Can't even install Hijack This to generat

Post by Peewiglet on 29th June 2009, 8:19 pm

MBAM LOG Part 3
c:\program files\drivecleaner freeware\manual.url (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\mfc71.dll (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\msvcp71.dll (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\msvcr71.dll (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\pv.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\pv.exe (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\readme.rtf (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\remnag.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\ScanReport.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Schedule.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\softwaredetect.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\sr.log (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\support.url (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\UDC.xml (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\UDC6.url (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\unins000.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\unins000.exe (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\uninstall.ico (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\UninstallPage.html (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\up.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\updater.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\vbpv.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\AE_CD_Cr.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\AReadr4.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\AReadr5.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\ASDSEEpv.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\ASPack.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\Babylon.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\BDelphi5.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\CatchUp.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\CBuildr5.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\CCGA.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\CManager.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\CuteFTP4.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\CuteHTML.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\DAcceler.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\DiscJug.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\ECDCreat4.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\Far.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\FFTsks.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\FlashFXP.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\FrntPage.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\FrontPEx.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\FtpEXP.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\FtpVoya.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\GetRight.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\GoZilla.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\GravMRU.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\HomeSite.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\HotDogPr.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\H_TxtPad.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\IconExtr.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\iMesh.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\ImgReady3.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\InsShExp.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\JASC_P_P.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\KaZaA.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\LView.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\MacDir.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\MacDrWea.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\MicAng.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\MicDes.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\MMUnDisk.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\MM_CON.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\Morpheus.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\MPaint.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\MPicPub.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\MPImaGal.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\MSExplorer.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\MSoffice.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\MSRegEdit.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\MSWMP.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\MSWordPad.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\Nero.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\NetShow.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\NTBackup.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\pfilelst.xda (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\PhotShel.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\PHPCoder.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\PowerZIP.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\RapidBr.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\RealAuPl.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.

Peewiglet
Novice
Novice

Posts Posts : 28
Joined Joined : 2009-06-28
OS OS : XP
Points Points : 27244
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security -- Can't even install Hijack This to generat

Post by Peewiglet on 29th June 2009, 8:20 pm

MBAM LOG Part 4
c:\program files\drivecleaner freeware\Appbase\RealDown.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\SecurCRT.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\SL_BlWin.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\SmartClr.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\Sonique.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\StuffIt.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\TelepPro.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\UGifAnim.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\UltraEd.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\UMedStud.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\UPhImpV.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\UPhotoEx.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\UVidStud.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\VNC.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\WebFeret.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\WebReap.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\WinACE.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\WinGate.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\WinRAR.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\WinZIP.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\WiseInst.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\wordslst.xda (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\YahooPl.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\Appbase\ZipMagic.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\img\button.gif (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\img\button2.gif (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\img\header.gif (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\img\logo.gif (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\img\spacer.gif (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\img\top1.jpg (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\img\top2.jpg (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\drivecleaner freeware\img\top_line.gif (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\drivecleaner freeware\DriveCleaner Freeware.lnk (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\drivecleaner freeware\DriveCleaner HomePage.lnk (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\drivecleaner freeware\DriveCleaner Online Manual.lnk (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\drivecleaner freeware\DriveCleaner Online Support.lnk (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\drivecleaner freeware\Uninstall DriveCleaner.lnk (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\program files\systemdoctor 2006 free\atl71.dll (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
c:\program files\systemdoctor 2006 free\DataBase.sav (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
c:\program files\systemdoctor 2006 free\err.log (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
c:\program files\systemdoctor 2006 free\is-0QFGQ.tmp (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
c:\program files\systemdoctor 2006 free\is-4BV9O.tmp (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
c:\program files\systemdoctor 2006 free\is-9EJCC.tmp (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
c:\program files\systemdoctor 2006 free\License.rtf (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
c:\program files\systemdoctor 2006 free\mfc71.dll (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
c:\program files\systemdoctor 2006 free\mProp (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
c:\program files\systemdoctor 2006 free\msvcp71.dll (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
c:\program files\systemdoctor 2006 free\msvcr71.dll (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
c:\program files\systemdoctor 2006 free\propbh.xml (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
c:\program files\systemdoctor 2006 free\readme.rtf (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
c:\program files\systemdoctor 2006 free\ReportListFile.dat (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
c:\program files\systemdoctor 2006 free\sr.log (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
c:\program files\systemdoctor 2006 free\umain.xml (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
c:\program files\systemdoctor 2006 free\unins000.dat (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
c:\program files\systemdoctor 2006 free\unins000.exe (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
c:\documents and settings\Tim Wood\application data\privacyprotector free\Logs\update.log (Rogue.PrivacyProtector) -> Quarantined and deleted successfully.
c:\documents and settings\Tim Wood\application data\drivecleaner freeware\Logs\update.log (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\documents and settings\Tim Wood\application data\errorkiller\Errors.stg (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
c:\documents and settings\Tim Wood\application data\errorkiller\Results.stg (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
c:\documents and settings\Tim Wood\start menu\Programs\pro antispyware 2009\Pro Antispyware 2009.lnk (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
c:\documents and settings\Tim Wood\start menu\Programs\system security\System Security (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\solt lake software\pro antispyware 2009\proas2009.exe (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\solt lake software\pro antispyware 2009\LOG\20090409105353562.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
c:\documents and settings\Tim Wood\Desktop\System Security 2009.lnk (Rogue.SystemSecurity) -> Quarantined and deleted successfully.

Peewiglet
Novice
Novice

Posts Posts : 28
Joined Joined : 2009-06-28
OS OS : XP
Points Points : 27244
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security -- Can't even install Hijack This to generat

Post by Peewiglet on 29th June 2009, 8:21 pm

HIJACK THIS LOG (Pre re-boot after running MBAM)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:17:35 PM, on 6/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: XBTP06568 - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - C:\Program Files\AOL Security Toolbar\tbuA4\AOL_security_toolbar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Program Files\AOL Security Toolbar\tbuA4\AOL_security_toolbar.dll
O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dldfmon.exe] "C:\Program Files\Dell AIO Printer 948\dldfmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell AIO Printer 948\memcard.exe"
O4 - HKLM\..\Run: [Dell AIO Printer 948 Fax Server] "C:\Program Files\Dell AIO Printer 948\fm3032.exe" /s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: dldfCATSCustConnectService - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldfserv.exe
O23 - Service: dldf_device - - C:\WINDOWS\system32\dldfcoms.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

--
End of file - 7542 bytes

Peewiglet
Novice
Novice

Posts Posts : 28
Joined Joined : 2009-06-28
OS OS : XP
Points Points : 27244
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security -- Can't even install Hijack This to generat

Post by Peewiglet on 29th June 2009, 8:25 pm

HIJACK THIS LOG (Post reboot after running MBAM)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:23:57 PM, on 6/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: XBTP06568 - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - C:\Program Files\AOL Security Toolbar\tbuA4\AOL_security_toolbar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Program Files\AOL Security Toolbar\tbuA4\AOL_security_toolbar.dll
O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dldfmon.exe] "C:\Program Files\Dell AIO Printer 948\dldfmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell AIO Printer 948\memcard.exe"
O4 - HKLM\..\Run: [Dell AIO Printer 948 Fax Server] "C:\Program Files\Dell AIO Printer 948\fm3032.exe" /s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: dldfCATSCustConnectService - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldfserv.exe
O23 - Service: dldf_device - - C:\WINDOWS\system32\dldfcoms.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

--
End of file - 7507 bytes

Peewiglet
Novice
Novice

Posts Posts : 28
Joined Joined : 2009-06-28
OS OS : XP
Points Points : 27244
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security -- Can't even install Hijack This to generat

Post by Belahzur on 29th June 2009, 8:39 pm

Hello.
This looks much better, but still need the following two logs before I can say anything for sure.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste BOTH LOGS back here, use more than one post if needed.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System Security -- Can't even install Hijack This to generat

Post by Peewiglet on 29th June 2009, 10:08 pm

Many thanks again, Belahzur! I'll get back over to Tim's tomorrow and post the two further logs.

Those of you providing this help on here really are absolute stars!

Shirl

Peewiglet
Novice
Novice

Posts Posts : 28
Joined Joined : 2009-06-28
OS OS : XP
Points Points : 27244
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security -- Can't even install Hijack This to generat

Post by Peewiglet on 30th June 2009, 10:48 am

Me again!

Here are the two logs. Thanks again Smile

ATTACH.TXT Part 1
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 4/10/2007 12:43:34 PM
System Uptime: 6/30/2009 11:11:01 AM (0 hours ago)

Motherboard: Dell Computer Corp. | | 0CF458
Processor: Intel(R) Celeron(R) CPU 2.53GHz | Microprocessor | 2527/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 71 GiB total, 57.784 GiB free.
D: is CDROM (CDFS)

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP334: 4/2/2009 9:34:17 AM - System Checkpoint
RP335: 4/5/2009 10:44:33 AM - System Checkpoint
RP336: 4/8/2009 6:15:47 PM - System Checkpoint
RP337: 4/9/2009 8:51:29 PM - System Checkpoint
RP338: 4/11/2009 5:58:20 PM - System Checkpoint
RP339: 4/15/2009 12:00:58 PM - System Checkpoint
RP340: 4/15/2009 2:20:19 PM - Software Distribution Service 3.0
RP341: 4/19/2009 9:34:34 AM - System Checkpoint
RP342: 4/20/2009 9:40:39 AM - System Checkpoint
RP343: 4/22/2009 6:44:08 PM - System Checkpoint
RP344: 4/24/2009 8:37:17 AM - System Checkpoint
RP345: 4/25/2009 10:01:39 AM - System Checkpoint
RP346: 4/26/2009 6:31:48 PM - System Checkpoint
RP347: 5/1/2009 9:20:28 AM - System Checkpoint
RP348: 5/2/2009 10:14:13 AM - System Checkpoint
RP349: 5/3/2009 3:24:55 PM - System Checkpoint
RP350: 5/3/2009 7:29:15 PM - Installed Microsoft Office Word Viewer 2003
RP351: 5/7/2009 7:45:33 PM - System Checkpoint
RP352: 5/9/2009 2:01:46 PM - System Checkpoint
RP353: 5/11/2009 8:19:05 PM - System Checkpoint
RP354: 5/12/2009 8:26:39 PM - System Checkpoint
RP355: 5/14/2009 3:00:19 AM - Software Distribution Service 3.0
RP356: 5/20/2009 3:19:01 PM - System Checkpoint
RP357: 5/21/2009 12:22:59 PM - Removed Adobe Reader 8.1.2
RP358: 5/21/2009 12:24:30 PM - Installed Adobe Reader 9.1.
RP359: 5/24/2009 1:02:04 PM - System Checkpoint
RP360: 5/26/2009 12:59:29 PM - System Checkpoint
RP361: 5/28/2009 1:01:17 PM - System Checkpoint
RP362: 5/30/2009 12:09:59 PM - System Checkpoint
RP363: 5/31/2009 2:53:01 PM - System Checkpoint
RP364: 6/21/2009 4:44:27 PM - System Checkpoint
RP365: 6/22/2009 3:00:16 AM - Software Distribution Service 3.0
RP366: 6/23/2009 3:57:08 AM - System Checkpoint
RP367: 6/24/2009 7:23:48 AM - System Checkpoint
RP368: 6/25/2009 6:37:56 PM - System Checkpoint
RP369: 6/26/2009 7:05:27 PM - System Checkpoint
RP370: 6/28/2009 3:30:03 PM - System Checkpoint
RP371: 6/29/2009 10:00:16 PM - Removed ESET Smart Security
RP372: 6/29/2009 10:13:13 PM - Installed ESET NOD32 Antivirus

==== Installed Programs ======================

924PLC32
ABBYY FineReader 6.0 Sprint
Acrobat.com
Adobe AIR
Adobe Flash Player ActiveX
Adobe Reader 9.1
ALOT Toolbar
AOL Coach Version 1.0(Build:20040229.1 uk)
AOL Security Toolbar
AOL Spyware Protection
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
ARTEuro
CinepPlayer 30 Update
COMODO Firewall Pro
Corel Paint Shop Pro X
Corel Photo Album 6
Corel Snapfire Plus
Critical Update for Windows Media Player 11 (KB959772)
Dell AIO Printer 948
Dell CinePlayer
Dell Driver Reset Tool
Dell Media Experience
Dell Support 5.0.0 (630)
Dell System Restore
DriveCleaner Freeware 1.0.124.1
ESET NOD32 Antivirus
Google Desktop
Google Toolbar for Internet Explorer
Google Updater
GoToAssist 8.0.0.480
Harry Potter Print Studio
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hurtigruten
IncrediMail JunkFilter Plus
IncrediMail Xe
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
Learn2 Player (Uninstall Only)
Logitech Audio Echo Cancellation Component
Logitech Desktop Messenger
Logitech QuickCam
Logitech Video Enumerator
Logitech® Camera Driver
Malwarebytes' Anti-Malware
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Word Viewer 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works 7.0
Modem Event Monitor
Modem Helper
Modem On Hold
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MVision
Norton Security Scan
Norton Security Scan (Symantec Corporation)
PhotoJoy
Pro Antispyware 2009
QuickTime
RealPlayer
Roxio DLA
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Skype™ 4.0
Sonic Activation Module
Sonic Update Manager
Spybot - Search & Destroy
SpywareBlaster 4.1
UMVPLStandalone
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Viewpoint Media Player
Visual C++ 8.0 CRT (x86) WinSXS MSM
Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM
Visual C++ 8.0 MFC (x86) WinSXS MSM
Visual C++ 8.0 MFC.Policy (x86) WinSXS MSM
Wanadoo Europe Installer
Wanadoo UK
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3

Peewiglet
Novice
Novice

Posts Posts : 28
Joined Joined : 2009-06-28
OS OS : XP
Points Points : 27244
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security -- Can't even install Hijack This to generat

Post by Peewiglet on 30th June 2009, 10:49 am

ATTACH.TXT Part 2
==== Event Viewer Messages From Past Week ========

6/30/2009 9:31:06 AM, error: System Error [1003] - Error code 1000000a, parameter1 00000166, parameter2 00000002, parameter3 00000000, parameter4 804e5433.
6/29/2009 9:24:33 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cmdGuard easdrv Fips IntelIde intelppm
6/29/2009 9:23:05 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
6/29/2009 7:32:52 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
6/29/2009 7:19:23 PM, error: Service Control Manager [7031] - The Eset Service service terminated unexpectedly. It has done this 15 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
6/29/2009 7:19:22 PM, error: Service Control Manager [7031] - The Eset Service service terminated unexpectedly. It has done this 14 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
6/29/2009 7:19:21 PM, error: Service Control Manager [7031] - The Eset Service service terminated unexpectedly. It has done this 13 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
6/29/2009 7:19:21 PM, error: Service Control Manager [7031] - The Eset Service service terminated unexpectedly. It has done this 12 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
6/29/2009 7:19:20 PM, error: Service Control Manager [7031] - The Eset Service service terminated unexpectedly. It has done this 11 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
6/29/2009 7:19:20 PM, error: Service Control Manager [7031] - The Eset Service service terminated unexpectedly. It has done this 10 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
6/29/2009 7:19:19 PM, error: Service Control Manager [7031] - The Eset Service service terminated unexpectedly. It has done this 9 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
6/29/2009 7:19:19 PM, error: Service Control Manager [7031] - The Eset Service service terminated unexpectedly. It has done this 8 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
6/29/2009 7:19:18 PM, error: Service Control Manager [7031] - The Eset Service service terminated unexpectedly. It has done this 7 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
6/29/2009 10:03:33 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
6/28/2009 5:21:37 PM, error: Service Control Manager [7000] - The LVSrvLauncher service failed to start due to the following error: Access is denied.
6/28/2009 5:15:47 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cmdGuard easdrv Fips intelppm
6/28/2009 5:07:41 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD cmdGuard cmdHlp easdrv epfwtdi Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
6/28/2009 5:07:41 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
6/28/2009 5:07:41 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/28/2009 5:07:41 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/28/2009 5:07:41 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
6/28/2009 5:07:33 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
6/28/2009 5:07:19 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/28/2009 5:07:17 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
6/28/2009 2:39:17 PM, error: Service Control Manager [7034] - The SNMP Service service terminated unexpectedly. It has done this 1 time(s).
6/28/2009 2:39:17 PM, error: Service Control Manager [7034] - The ProtexisLicensing service terminated unexpectedly. It has done this 1 time(s).
6/28/2009 2:39:17 PM, error: Service Control Manager [7034] - The Process Monitor service terminated unexpectedly. It has done this 1 time(s).
6/28/2009 2:39:17 PM, error: Service Control Manager [7034] - The Indexing Service service terminated unexpectedly. It has done this 1 time(s).
6/28/2009 2:39:17 PM, error: Service Control Manager [7034] - The Fax service terminated unexpectedly. It has done this 1 time(s).
6/28/2009 2:39:17 PM, error: Service Control Manager [7034] - The dldf_device service terminated unexpectedly. It has done this 1 time(s).
6/28/2009 2:39:17 PM, error: Service Control Manager [7031] - The Eset Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
6/28/2009 2:39:17 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Eset Service service to connect.
6/28/2009 2:39:17 PM, error: Service Control Manager [7000] - The Eset Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/28/2009 2:39:16 PM, error: Service Control Manager [7022] - The Fax service hung on starting.
6/28/2009 2:38:16 PM, error: Service Control Manager [7022] - The Eset Service service hung on starting.
6/28/2009 2:36:54 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Updater Service service to connect.
6/28/2009 2:36:54 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the dldfCATSCustConnectService service to connect.
6/28/2009 2:36:54 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the COMODO Firewall Pro Helper Service service to connect.
6/28/2009 2:36:54 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AOL Connectivity Service service to connect.
6/28/2009 2:36:54 PM, error: Service Control Manager [7000] - The LVSrvLauncher service failed to start due to the following error: The pipe state is invalid.
6/28/2009 2:36:54 PM, error: Service Control Manager [7000] - The dldfCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/28/2009 2:36:54 PM, error: Service Control Manager [7000] - The COMODO Firewall Pro Helper Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/28/2009 2:36:54 PM, error: Service Control Manager [7000] - The AOL Connectivity Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/26/2009 9:18:28 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
6/26/2009 9:18:28 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/26/2009 9:18:24 PM, error: Service Control Manager [7022] - The SNMP Service service hung on starting.
6/26/2009 9:15:32 PM, error: Service Control Manager [7000] - The AOL Connectivity Service service failed to start due to the following error: Access is denied.
6/26/2009 8:34:30 AM, error: Service Control Manager [7000] - The ProtexisLicensing service failed to start due to the following error: The pipe state is invalid.
6/26/2009 6:33:15 PM, error: Service Control Manager [7034] - The Google Updater Service service terminated unexpectedly. It has done this 3 time(s).
6/26/2009 6:18:14 PM, error: Service Control Manager [7031] - The Google Updater Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 900000 milliseconds: Restart the service.
6/26/2009 6:03:14 PM, error: Service Control Manager [7034] - The AOL Connectivity Service service terminated unexpectedly. It has done this 1 time(s).
6/26/2009 6:03:14 PM, error: Service Control Manager [7031] - The Google Updater Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 900000 milliseconds: Restart the service.
6/26/2009 6:03:13 PM, error: Service Control Manager [7022] - The AOL Connectivity Service service hung on starting.
6/26/2009 6:01:53 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the ProtexisLicensing service to connect.
6/26/2009 6:01:53 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the LVSrvLauncher service to connect.
6/26/2009 6:01:53 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Fax service to connect.
6/26/2009 6:01:53 PM, error: Service Control Manager [7000] - The ProtexisLicensing service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/26/2009 6:01:53 PM, error: Service Control Manager [7000] - The LVSrvLauncher service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/26/2009 6:01:53 PM, error: Service Control Manager [7000] - The Fax service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/26/2009 5:56:55 PM, error: Service Control Manager [7000] - The Indexing Service service failed to start due to the following error: Access is denied.
6/26/2009 5:53:32 PM, error: Service Control Manager [7022] - The Indexing Service service hung on starting.
6/26/2009 5:52:10 PM, error: Service Control Manager [7000] - The SNMP Service service failed to start due to the following error: The pipe has been ended.
6/26/2009 5:52:10 PM, error: Service Control Manager [7000] - The COMODO Firewall Pro Helper Service service failed to start due to the following error: Access is denied.
6/26/2009 5:48:16 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Indexing Service service to connect.
6/26/2009 5:48:16 PM, error: Service Control Manager [7000] - The Indexing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/26/2009 5:48:16 PM, error: Service Control Manager [7000] - The COMODO Firewall Pro Helper Service service failed to start due to the following error: The pipe has been ended.
6/26/2009 5:21:56 PM, error: Service Control Manager [7031] - The Eset Service service terminated unexpectedly. It has done this 6 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
6/26/2009 5:21:55 PM, error: Service Control Manager [7031] - The Eset Service service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
6/26/2009 5:21:54 PM, error: Service Control Manager [7031] - The Eset Service service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
6/26/2009 5:21:54 PM, error: Service Control Manager [7031] - The Eset Service service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
6/26/2009 5:21:53 PM, error: Service Control Manager [7031] - The Eset Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
6/25/2009 9:43:25 AM, error: Service Control Manager [7034] - The IMAPI CD-Burning COM Service service terminated unexpectedly. It has done this 1 time(s).
6/25/2009 6:42:57 AM, error: Service Control Manager [7034] - The COMODO Firewall Pro Helper Service service terminated unexpectedly. It has done this 1 time(s).
6/25/2009 5:53:18 PM, error: Service Control Manager [7000] - The dldf_device service failed to start due to the following error: Access is denied.
6/24/2009 9:07:01 PM, error: Service Control Manager [7034] - The dldf_device service terminated unexpectedly. It has done this 2 time(s).
6/24/2009 7:11:41 AM, error: Service Control Manager [7034] - The LVSrvLauncher service terminated unexpectedly. It has done this 1 time(s).
6/24/2009 7:11:11 AM, error: Service Control Manager [7022] - The LVSrvLauncher service hung on starting.
6/23/2009 10:46:10 AM, error: Print [6161] - The document Booking Confirmation_ 0000464698.PDF owned by Tim Wood failed to print on printer Dell AIO Printer 948. Data type: LEMF. Size of the spool file in bytes: 508449. Number of bytes printed: 508449. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\D7FHZ32J. Win32 error code returned by the print processor: 0 (0x0).
6/23/2009 10:45:38 AM, error: Print [6161] - The document [You must be registered and logged in to see this link.] owned by Tim Wood failed to print on printer Dell AIO Printer 948. Data type: LEMF. Size of the spool file in bytes: 631281. Number of bytes printed: 631281. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\D7FHZ32J. Win32 error code returned by the print processor: 0 (0x0).
6/23/2009 10:44:48 AM, error: Print [6161] - The document [You must be registered and logged in to see this link.] owned by Tim Wood failed to print on printer Dell AIO Printer 948. Data type: LEMF. Size of the spool file in bytes: 416023. Number of bytes printed: 416023. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\D7FHZ32J. Win32 error code returned by the print processor: 0 (0x0).

==== End Of File ===========================

Peewiglet
Novice
Novice

Posts Posts : 28
Joined Joined : 2009-06-28
OS OS : XP
Points Points : 27244
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security -- Can't even install Hijack This to generat

Post by Peewiglet on 30th June 2009, 10:49 am

DDS.TXT
DDS (Ver_09-06-26.01) - NTFSx86
Run by Tim Wood at 11:44:52.70 on Tue 06/30/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.156 [GMT 1:00]

AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell AIO Printer 948\dldfmon.exe
C:\Program Files\Dell AIO Printer 948\memcard.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\PhotoJoy\bin\PjApp.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\dldfcoms.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tim Wood\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uSearch Page = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
mSearchAssistant = [You must be registered and logged in to see this link.]
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: XBTP06568 Class: {311f9de8-6126-4eee-b15f-65cbb3b4f9f6} - c:\program files\aol security toolbar\tbua4\AOL_security_toolbar.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: AOL Security Toolbar: {3bb63fd4-3c00-44d7-94a9-5de211900def} - c:\program files\aol security toolbar\tbua4\AOL_security_toolbar.dll
TB: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Antivirus] c:\program files\ms antivirus\MSA.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [PhotoJoy] c:\program files\photojoy\bin\PhotoJoy.exe /c
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [dldfmon.exe] "c:\program files\dell aio printer 948\dldfmon.exe"
mRun: [MemoryCardManager] "c:\program files\dell aio printer 948\memcard.exe"
mRun: [Dell AIO Printer 948 Fax Server] "c:\program files\dell aio printer 948\fm3032.exe" /s
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [COMODO Firewall Pro] "c:\program files\comodo\firewall\cfp.exe" -h
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Corel Photo Downloader] c:\program files\corel\corel snapfire plus\Corel Photo Downloader.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
dRunOnce: [IETI] c:\program files\skype\phone\ieplugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
Notify: GoToAssist - c:\program files\citrix\gotoassist\480\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~3\goec62~1.dll c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2008-11-11 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2008-11-11 24208]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-5-14 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-5-14 94360]
R2 cmdAgent;COMODO Firewall Pro Helper Service;c:\program files\comodo\firewall\cmdagent.exe [2008-11-11 519936]
R2 dldf_device;dldf_device;c:\windows\system32\dldfcoms.exe -service --> c:\windows\system32\dldfcoms.exe -service [?]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-5-14 731840]
S2 dldfCATSCustConnectService;dldfCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldfserv.exe [2007-6-26 98952]

=============== Created Last 30 ================

2009-06-29 22:13 --d----- c:\program files\ESET
2009-06-29 21:27 --d----- c:\docume~1\timwoo~1\applic~1\Malwarebytes
2009-06-29 19:34 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-29 19:34 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-29 19:34 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-29 19:29 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-28 17:10 --d----- c:\program files\Trend Micro
2009-06-24 06:55 --d----- c:\docume~1\alluse~1\applic~1\10399214

==================== Find3M ====================

2009-06-30 11:11 0 a------- c:\windows\system32\drivers\lvuvc.hs
2009-06-30 07:24 5,852 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-05-14 15:49 94,360 a------- c:\windows\system32\drivers\epfwtdir.sys
2009-05-14 15:47 107,256 a------- c:\windows\system32\drivers\ehdrv.sys
2009-05-14 15:41 114,472 a------- c:\windows\system32\drivers\eamon.sys
2009-05-07 16:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 16:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-04-29 05:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-29 05:56 827,392 -------- c:\windows\system32\dllcache\wininet.dll
2009-04-29 05:56 233,472 -------- c:\windows\system32\dllcache\webcheck.dll
2009-04-29 05:56 44,544 a------- c:\windows\system32\dllcache\pngfilt.dll
2009-04-29 05:56 1,159,680 -------- c:\windows\system32\dllcache\urlmon.dll
2009-04-29 05:56 671,232 -------- c:\windows\system32\dllcache\mstime.dll
2009-04-29 05:56 105,984 -------- c:\windows\system32\dllcache\url.dll
2009-04-29 05:56 102,912 -------- c:\windows\system32\dllcache\occache.dll
2009-04-29 05:56 3,596,288 -------- c:\windows\system32\dllcache\mshtml.dll
2009-04-29 05:56 477,696 -------- c:\windows\system32\dllcache\mshtmled.dll
2009-04-29 05:56 193,024 -------- c:\windows\system32\dllcache\msrating.dll
2009-04-28 10:05 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-28 10:05 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-04-25 06:27 636,088 -------- c:\windows\system32\dllcache\iexplore.exe
2009-04-25 06:26 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-04-17 13:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-17 13:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys
2009-04-15 15:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-15 15:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll
2008-10-01 15:59 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2008-03-10 10:32 60,968 a------- c:\documents and settings\tim wood\GoToAssistDownloadHelper.exe
2008-11-21 22:19 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008112120081122\index.dat

============= FINISH: 11:46:05.09 ===============

Peewiglet
Novice
Novice

Posts Posts : 28
Joined Joined : 2009-06-28
OS OS : XP
Points Points : 27244
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security -- Can't even install Hijack This to generat

Post by Belahzur on 30th June 2009, 12:28 pm

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    ALOT Toolbar
    Java 2 Runtime Environment, SE v1.4.2_03
    Norton Security Scan
    Norton Security Scan (Symantec Corporation)
    Pro Antispyware 2009
    Viewpoint Media Player

1. Please download The Avenger by Swandog46 to your Desktop
Link: [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+CCrying


Folders to delete:
c:\docume~1\alluse~1\applic~1\10399214
c:\program files\ms antivirus

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Input script here:", paste in the script from the quote box above.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
4. Please copy/paste the content of c:\avenger.txt into your reply.


Last edited by Belahzur on 30th June 2009, 3:49 pm; edited 1 time in total


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System Security -- Can't even install Hijack This to generat

Post by Peewiglet on 30th June 2009, 2:20 pm

Gosh, Belahzur: I'd assumed it must all be gone! Many thanks for your continuing help.

Rather stupidly, and expecting that all would be well now, I went ahead and installed (i) Adaware AE (ii) Spywareblaster (iii) Spybot Search & Destroy and (iv) NOD32 earlier this morning, in the expectation of getting the all clear. Should I remove those too before I download and run the Avenger?

Thank you once again!

Shirl

Peewiglet
Novice
Novice

Posts Posts : 28
Joined Joined : 2009-06-28
OS OS : XP
Points Points : 27244
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security -- Can't even install Hijack This to generat

Post by Belahzur on 30th June 2009, 3:50 pm

Hello.
I've edited my above post, missed a few things. I've only made two slight changes, not enough to notice anything, but read carefully.

Keep those programs for now, they are good for protection, but were still not done, need you to run my avenger script.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System Security -- Can't even install Hijack This to generat

Post by Peewiglet on 30th June 2009, 3:58 pm

Okay thanks, Belahzur Smile

I hope to be back at Tim's tomorrow. Will report back ASAP.

Peewiglet
Novice
Novice

Posts Posts : 28
Joined Joined : 2009-06-28
OS OS : XP
Points Points : 27244
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security -- Can't even install Hijack This to generat

Post by Peewiglet on 2nd July 2009, 8:52 am

Hello there!

I've deleted the programs you identified, and run the Avenger script. Here's the log. Many thanks yet again Smile

AVENGER LOG
Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Folder "c:\docume~1\alluse~1\applic~1\10399214" deleted successfully.

Error: folder "c:\program files\ms antivirus" not found!
Deletion of folder "c:\program files\ms antivirus" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.

Peewiglet
Novice
Novice

Posts Posts : 28
Joined Joined : 2009-06-28
OS OS : XP
Points Points : 27244
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security -- Can't even install Hijack This to generat

Post by Belahzur on 2nd July 2009, 9:36 am

Hello.
Good, just one final thing to do and then I think we are done.
Post a new Hijack This log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System Security -- Can't even install Hijack This to generat

Post by Peewiglet on 2nd July 2009, 1:20 pm

Many thank, Belahzur Smile I'll get over to Tim's tomorrow and send the Hijack log.

Peewiglet
Novice
Novice

Posts Posts : 28
Joined Joined : 2009-06-28
OS OS : XP
Points Points : 27244
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security -- Can't even install Hijack This to generat

Post by Peewiglet on 4th July 2009, 4:31 pm

Hello there!

Here's the latest Hijack This log. Many thanks Smile

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:30:34 PM, on 7/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell AIO Printer 948\dldfmon.exe
C:\Program Files\Dell AIO Printer 948\memcard.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\PhotoJoy\bin\PjApp.exe
C:\WINDOWS\system32\dldfcoms.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: XBTP06568 - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - C:\Program Files\AOL Security Toolbar\tbuA4\AOL_security_toolbar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Program Files\AOL Security Toolbar\tbuA4\AOL_security_toolbar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dldfmon.exe] "C:\Program Files\Dell AIO Printer 948\dldfmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell AIO Printer 948\memcard.exe"
O4 - HKLM\..\Run: [Dell AIO Printer 948 Fax Server] "C:\Program Files\Dell AIO Printer 948\fm3032.exe" /s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Antivirus] C:\Program Files\MS Antivirus\MSA.exe
O4 - HKCU\..\Run: [PhotoJoy] C:\Program Files\PhotoJoy\bin\PhotoJoy.exe /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL C:\WINDOWS\system32\cssdll32.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: dldfCATSCustConnectService - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldfserv.exe
O23 - Service: dldf_device - - C:\WINDOWS\system32\dldfcoms.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O24 - Desktop Component 0: (no name) - [You must be registered and logged in to see this link.]

--
End of file - 8670 bytes

Peewiglet
Novice
Novice

Posts Posts : 28
Joined Joined : 2009-06-28
OS OS : XP
Points Points : 27244
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security -- Can't even install Hijack This to generat

Post by Belahzur on 4th July 2009, 4:38 pm

Hello.

I strongly recommend you to remove Ask from your computer because it's:

  • Promoting its toolbars on sites targeted to kids.
  • Promoting its toolbars through ads that appear to be part of other companies' sites.
  • Promoting its toolbars through other companies' spyware.
  • Installing without any disclosure whatsoever and without any consent whatsoever.
  • Soliciting installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
  • Making confusing changes to users' browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.
See [You must be registered and logged in to see this link.] for more info.

If you choose to follow my recommendation then please go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

  • Ask Toolbar
Then please find and delete this folder in bold (if present):
C:\Program Files\AskBarDis

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
You can reenable TeaTimer once your system is clean.

Please make sure Teatimer is disable before we do this, otherwise this fix will fail.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [Antivirus] C:\Program Files\MS Antivirus\MSA.exe


  • Press "Fix Checked"
  • Close Hijack This.

This should be fine now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System Security -- Can't even install Hijack This to generat

Post by Peewiglet on 4th July 2009, 4:51 pm

Hello there,

Many thanks for the info re: the Ask toolbar. I've just tried to remove it via Add/Remove Prog's but got the following message:

"Error: Unable to execute file in the temporary directory. Setup aborted. Error 5: access is denied."

How can we go about getting it off? I'll hold fire on the rest of the instructions pending further advice, as it sounded as though they should be sequential.

Many thanks for your continuing help!

Peewiglet
Novice
Novice

Posts Posts : 28
Joined Joined : 2009-06-28
OS OS : XP
Points Points : 27244
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security -- Can't even install Hijack This to generat

Post by Origin on 4th July 2009, 5:05 pm

Did you have your browser open when you were uninstalling Ask Toolbar? That may have stopped it from uninstalling it, close ALL browsers and try to remove it now.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31513
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum