Infected With iSpyware Please Help Me! (HijackThis Log and U

View previous topic View next topic Go down

Solved Infected With iSpyware Please Help Me! (HijackThis Log and U

Post by spiqy on 30th November 2008, 1:29 am

My computer has been infected with this strange ( well seeing from this forum a very common one ). Everytime I opened firefox or any other browser the message "Insecure Internet Activity .......... We recommend you to protect your PC now and continue safe browsing...." kept coming up on my browser. I actually clicked on it without thinking about it and now my computer is useless. I downloaded SuperAntiSpyware and what it do was further damaged it. Now My skype cannot even stay online for more than a minute, other messengers wont even open. I have bitdefender as my anti virus but while this is open, my browser will not start, I have to disable bitdefender to open and use my browser. I am running XP right now. I think I have come to the right place to get help.

PS: I read a couple of post and I was wondering how do I use HijackThis and post my log like a lot of people here did. It seems to assist you guys in solving our problem. Thanks alot.. I really appreciate any feedbacks.


Last edited by spiqy on 30th November 2008, 4:44 am; edited 1 time in total

spiqy
Novice
Novice

Posts Posts : 21
Joined Joined : 2008-11-30
OS OS : window xp 32bit
Points Points : 29320
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Infected With iSpyware Please Help Me! (HijackThis Log and U

Post by Belahzur on 30th November 2008, 1:31 am

Hello.
Please read this thread:
[You must be registered and logged in to see this link.]
And post a Hijack This log here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Infected With iSpyware Please Help Me! (HijackThis Log and U

Post by spiqy on 30th November 2008, 2:55 am

**Edited**

spiqy
Novice
Novice

Posts Posts : 21
Joined Joined : 2008-11-30
OS OS : window xp 32bit
Points Points : 29320
# Likes # Likes : 0

View user profile

Back to top Go down

Solved HijackThis Log Poster

Post by spiqy on 30th November 2008, 4:43 am

HijackThis.Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:33:11, on 29/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Kaspersky Lab\NetworkAgent\klnagent.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\thpsrv.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\system32\RDSHOST.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\219737\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.les-roches.ch:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*;*.ROCHESNET.LOCAL;*.local;
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: D-i-v-X AV Codec Pack Toolbar Helper - {8854ED42-85F6-4F34-8C6E-249F75AD6952} - C:\Program Files\D-i-v-X AV Codec Pack Toolbar\v3.2.0.0\D-i-v-X_AV_Codec_Pack_Toolbar.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: D-i-v-X AV Codec Pack Toolbar - {097E7337-311D-44FF-A853-3F454FE1A682} - C:\Program Files\D-i-v-X AV Codec Pack Toolbar\v3.2.0.0\D-i-v-X_AV_Codec_Pack_Toolbar.dll (file missing)
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM\..\Run: [ThpSrv] thpsrv /logon
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TOSDCR] TOSDCR.EXE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://srv-roch-int01/intranet
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - [You must be registered and logged in to see this link.]
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {BADA82CB-BF48-4D76-9611-78E2C6F49F03} (BolDownloader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ROCHESNET.LOCAL
O17 - HKLM\Software\..\Telephony: DomainName = ROCHESNET.LOCAL
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ROCHESNET.LOCAL
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kaspersky Network Agent (klnagent) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\NetworkAgent\klnagent.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe

--
End of file - 13201 bytes

spiqy
Novice
Novice

Posts Posts : 21
Joined Joined : 2008-11-30
OS OS : window xp 32bit
Points Points : 29320
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Infected With iSpyware Please Help Me! (HijackThis Log and U

Post by spiqy on 30th November 2008, 4:44 am

Uninstall_list

7-Zip 4.42
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.3
Adobe Shockwave Player
ALPS Touch Pad Driver
Apple Software Update
Bluetooth Stack for Windows by Toshiba
Bonjour
CALCMENU
CD/DVD Drive Acoustic Silencer
Dell Printer Software Uninstall
D-i-v-X - AV Codec Pack (Pro) 1.1.0
D-i-v-X AV Codec Pack Toolbar
DVD-RAM Driver
Encyclopaedia Britannica 2007 Ultimate Reference Suite
Free YouTube Download 1.3
Furl Toolbar
Google Desktop
Google Talk (remove only)
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB917332)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB928388)
Hotfix for Windows XP (KB929120)
Hotfix for Windows XP (KB935448)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet/Wireless Software
InterVideo WinDVD for TOSHIBA
IrfanView (remove only)
iTunes
Java(TM) 6 Update 2
Java(TM) 6 Update 7
Kaspersky Network Agent
K-Lite Mega Codec Pack 3.8.5
LimeWire 4.16.6
Logitech Desktop Messenger
Logitech QuickCam
mCore
mDrWiFi
Messenger MUI Package
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0 French Language Pack
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office OneNote 2003
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
mIRC
mIWA
mLogView
mMHouse
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0
Mozilla Firefox (3.0.4)
mPfMgr
mPfWiz
mProSafe
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
mWlsSafe
mXML
mZConfig
PDFCreator
Picasa 2
PrimoPDF
QuickTime
Realtek High Definition Audio Driver
SD Secure Module
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB943460)
Skype™ 3.8
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
Super TextTwist
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Controls
TOSHIBA Display Devices Change Utility
TOSHIBA HDD Protection
TOSHIBA Hotkey Utility for Display Devices
TOSHIBA Mobile Extension3 for Windows XP V3.81.00.XP
TOSHIBA Password Utility
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
TOSHIBA SD Memory Boot Utility
TOSHIBA SD Memory Card Format
TOSHIBA Security Assist
TOSHIBA Software Modem
TOSHIBA TouchPad On/Off Utility V2.05.01
TOSHIBA Utilities
TOSHIBA Zooming Utility
UltraISO Premium V9.31
UMVPLStandalone
Uninstall 1.0.0.0
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB916846)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
VLC media player 0.9.4
VLS
VobSub v2.23 (Remove Only)
Winamp (remove only)
Windows Communication Foundation
Windows Imaging Component
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Presentation Foundation Language Pack (FRA)
Windows Workflow Foundation
Windows Workflow Foundation FR Language Pack
WinRAR archiver
Wireless Hotkey
XML Paper Specification Shared Components Language Pack 1.0
Yahoo! Internet Mail
Yahoo! Messenger

spiqy
Novice
Novice

Posts Posts : 21
Joined Joined : 2008-11-30
OS OS : window xp 32bit
Points Points : 29320
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Infected With iSpyware Please Help Me! (HijackThis Log and U

Post by Jerry Parnell on 30th November 2008, 6:22 am

Hi spiqy, Honored
My name is Jerry Parnell, and I will be taking over for Belahzur(Our main tech) while he gets a little R&R.


It would appear that you have a minor infection, so lets get started right away!

I WOULD HIGHLY RECOMMEND THAT YOU PRINT OUT THESE INSTRUCTIONS, BECAUSE WE WILL BE REBOOTING INTO SAFEMODE.


1. Please download ComboFix from [You must be registered and logged in to see this link.] and save it to your desktop.
DO NOT RUN IT YET!

2. Please reboot into safe mode. You can find out how to do this [You must be registered and logged in to see this link.].

3. Now, please rename the file that you placed on your desktop from "Combofix" to "Combo_fix_GP".

4. Please double click the newly renamed file to run it.

5. Combofix may ask you if you want to install the Windows Recovery Center. If it does, please click no.

6. While it is running, please make sure that you dont touch your computer. It shouldnt take too long to run and reboot your computer own its own.

7. After your system has rebooted, combofix will open its log file in notepad automaticly. Please copy and paste that log file to your next post, along with another Hijack This log.

How is your computer now?


Last edited by Jerry Parnell on 30th November 2008, 7:59 am; edited 1 time in total

Jerry Parnell
Leader
Leader

Posts Posts : 670
Joined Joined : 2008-08-04
Gender Gender : Male
OS OS : Windows Vista Home Basic
Points Points : 30764
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Infected With iSpyware Please Help Me! (HijackThis Log and U

Post by spiqy on 30th November 2008, 7:42 am

Hi Jerry thanks for the feedback but in safe mode when I rename it to Combo_fix_GP it gave me an error saying " You cannot use ComboFix as Combo_fix_GP. Please use another name preferably made up of alphanumeric characters.

What should I do?

spiqy
Novice
Novice

Posts Posts : 21
Joined Joined : 2008-11-30
OS OS : window xp 32bit
Points Points : 29320
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Infected With iSpyware Please Help Me! (HijackThis Log and U

Post by Jerry Parnell on 30th November 2008, 7:50 am

Ok, please try renaming it to CombofixGp.

If it works, please follow all of the instructions above starting from number 4.

If it does not work, please reply here saying that it didnt work.

Jerry Parnell
Leader
Leader

Posts Posts : 670
Joined Joined : 2008-08-04
Gender Gender : Male
OS OS : Windows Vista Home Basic
Points Points : 30764
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Infected With iSpyware Please Help Me! (HijackThis Log and U

Post by spiqy on 30th November 2008, 8:17 am

Hi Jerry, I think its good now..thank u very much Thank You! I think its good firefox and skype everything works normal now. Hooray! However, the log did not open up for somre reason and I can't seem to know where it might have been saved at. I hope its it wont harm my computer because of that.

spiqy
Novice
Novice

Posts Posts : 21
Joined Joined : 2008-11-30
OS OS : window xp 32bit
Points Points : 29320
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Infected With iSpyware Please Help Me! (HijackThis Log and U

Post by Belahzur on 30th November 2008, 1:34 pm

Hello.
Thank you Jerry. Smile
CF will usually save imcomplete log here:
C:\combofix\combofix.txt

If it's there, please post it. Smile


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Infected With iSpyware Please Help Me! (HijackThis Log and U

Post by spiqy on 30th November 2008, 6:46 pm

Hi Belahzur, this is all i could find. i dont think its the right one but here goes.

ComboFix 08-11-29.03 - Administrator 2008-11-30 2:57:54.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.378 [GMT -7:00]
Running from: C:\Documents and Settings\219737\Desktop\CombofixGP.exe.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

is that all??
.

spiqy
Novice
Novice

Posts Posts : 21
Joined Joined : 2008-11-30
OS OS : window xp 32bit
Points Points : 29320
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Infected With iSpyware Please Help Me! (HijackThis Log and U

Post by Belahzur on 30th November 2008, 7:02 pm

Hello.
No, it should be alot longer, but it looks like it hung and stopped.

Download [You must be registered and logged in to see this link.] to your desktop.

  • Close all windows and open it
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up called OTViewIt.txt, the other will be saved on your desktop and called Extras. Post both those logs here.
  • You may need to use two posts to get it all on the forum


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Infected With iSpyware Please Help Me! (HijackThis Log and U

Post by spiqy on 30th November 2008, 7:46 pm

OverViewit.txt (a)

OTViewIt logfile created on: 2008-11-30 14:37:20 - Run
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: yyyy-MM-dd

503.17 Mb Total Physical Memory | 81.47 Mb Available Physical Memory | 16.19% Memory free
1.20 Gb Paging File | 0.47 Gb Available in Paging File | 38.97% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.49 Gb Total Space | 1.95 Gb Free Space | 3.71% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ST219737
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2005-11-27 22:59:00 | 00,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
[2005-11-27 23:01:32 | 00,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
[2007-10-19 12:19:22 | 00,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
[2007-07-24 13:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2005-01-17 01:38:38 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
[2004-08-28 01:33:00 | 00,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
[2007-03-09 09:12:14 | 00,091,265 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\NetworkAgent\klnagent.exe
[2008-08-13 19:06:28 | 00,393,216 | ---- | M] (BitDefender SRL) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
[2007-10-19 12:17:28 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
[2005-11-27 22:58:14 | 00,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
[2005-12-20 12:46:20 | 00,176,128 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\ThpSrv.exe
[2008-08-15 11:03:08 | 01,523,712 | ---- | M] (BitDefender S. R. L.) -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
[2007-10-19 12:17:28 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
[2006-04-24 18:09:22 | 00,253,952 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\00THotkey.exe
[2004-03-23 07:40:42 | 00,196,608 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Apoint.exe
[2006-04-24 19:54:12 | 00,315,392 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
[2005-12-20 12:46:20 | 00,176,128 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\ThpSrv.exe
[2006-04-10 03:14:52 | 00,622,592 | ---- | M] (TOSHIBA Corp.) -- C:\WINDOWS\system32\TFNF5.exe
[2005-04-26 16:13:20 | 00,122,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe
[2006-03-22 22:17:42 | 00,094,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe
[2006-03-22 22:13:30 | 00,163,840 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
[2005-11-02 01:41:04 | 00,978,944 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
[2005-05-17 11:42:02 | 00,049,152 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Wireless Hotkey\TosHKCW.exe
[2006-03-22 22:17:50 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
[2006-06-29 14:32:14 | 00,089,541 | ---- | M] (Agere Systems) -- C:\WINDOWS\agrsmmsg.exe
[2006-09-06 11:44:20 | 16,262,656 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
[2006-04-24 19:54:04 | 00,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
[2005-12-05 00:07:40 | 00,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
[2005-11-27 23:11:50 | 00,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
[2003-02-25 20:08:42 | 00,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\ApntEx.exe
[2006-04-26 05:05:02 | 00,090,112 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TME3\TMERzCtl.exe
[2005-11-29 08:15:36 | 00,188,416 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
[2005-06-28 08:13:00 | 00,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TouchED\TouchED.exe
[2008-10-15 01:56:54 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[2007-11-02 16:36:42 | 00,267,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2007-10-25 15:33:22 | 00,563,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
[2007-10-25 15:37:32 | 02,178,832 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
[2008-06-10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2008-08-14 20:14:28 | 00,716,800 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
[2005-11-27 23:07:52 | 00,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
[2004-12-30 00:32:20 | 00,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
[2008-02-22 20:15:56 | 00,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
[2007-11-02 16:36:32 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008-08-13 19:13:36 | 00,405,504 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
[2007-10-25 15:32:58 | 00,407,824 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
[2008-11-07 14:31:38 | 21,633,320 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
[2008-08-14 20:13:14 | 00,593,920 | ---- | M] (BitDefender S.R.L) -- C:\Program Files\BitDefender\BitDefender 2009\uiscan.exe
[2008-05-30 15:54:16 | 00,076,744 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
[2008-10-15 01:56:54 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[2008-11-14 16:19:38 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2008-08-14 20:13:14 | 00,593,920 | ---- | M] (BitDefender S.R.L) -- C:\Program Files\BitDefender\BitDefender 2009\uiscan.exe
[2007-07-30 10:19:16 | 00,053,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2004-08-04 05:00:00 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2008-11-30 14:36:25 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTViewIt.exe

spiqy
Novice
Novice

Posts Posts : 21
Joined Joined : 2008-11-30
OS OS : window xp 32bit
Points Points : 29320
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Infected With iSpyware Please Help Me! (HijackThis Log and U

Post by spiqy on 30th November 2008, 7:48 pm

OverViewIT.txt (b)

========== (O23) Win32 Services ==========

[2008-07-17 13:06:56 | 00,118,784 | ---- | M] (BitDefender S.R.L. [You must be registered and logged in to see this link.] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe -- (Arrakis3 [On_Demand | Stopped])
[2007-04-12 18:20:52 | 00,033,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2007-07-24 13:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2005-01-17 01:38:38 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs [Auto | Running])
[2007-04-12 18:21:18 | 00,068,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2004-08-28 01:33:00 | 00,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service [Auto | Running])
[2005-11-27 22:59:00 | 00,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])
[2006-10-20 13:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2008-10-15 01:56:54 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-061008-081103 [On_Demand | Stopped])
[2007-03-01 08:55:01 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2005-11-13 17:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [Disabled | Stopped])
[2006-10-29 19:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2007-11-02 16:36:32 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2007-03-09 09:12:14 | 00,091,265 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\NetworkAgent\klnagent.exe -- (klnagent [Auto | Running])
[2008-08-13 19:06:28 | 00,393,216 | ---- | M] (BitDefender SRL) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV [Auto | Running])
[2007-10-19 12:17:28 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer [Auto | Running])
[2007-10-19 12:19:22 | 00,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv [Auto | Running])
[2007-10-19 12:21:16 | 00,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher [Auto | Stopped])
[2006-10-29 19:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2003-07-28 04:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [Disabled | Stopped])
[2005-11-27 22:58:14 | 00,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])
[2005-11-27 23:01:32 | 00,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
[2005-12-20 12:46:20 | 00,176,128 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\ThpSrv.exe -- (Thpsrv [Auto | Running])
[2005-12-13 23:30:32 | 00,126,976 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TME3\TMESRV31.exe -- (Tmesrv [Disabled | Stopped])
[2007-10-18 08:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2008-08-15 11:03:08 | 01,523,712 | ---- | M] (BitDefender S. R. L.) -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe -- (VSSERV [Auto | Running])
[2007-10-25 12:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
[2006-10-18 12:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2007-01-30 19:24:27 | 00,021,275 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running])
[2006-06-29 14:13:08 | 01,160,320 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
[2004-05-08 05:38:06 | 00,101,833 | ---- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
[2008-08-12 18:40:32 | 00,108,864 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\system32\drivers\bdfm.sys -- (bdfm [On_Demand | Running])
[2008-08-12 18:40:52 | 00,228,672 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr [On_Demand | Running])
[2008-08-14 18:55:04 | 00,132,800 | ---- | M] (BitDefender LLC) -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif [System | Running])
[2001-08-17 05:13:14 | 00,046,108 | ---- | M] (Xircom, Inc.) -- C:\WINDOWS\system32\drivers\cben5.sys -- (CBEN5 [On_Demand | Stopped])
[2006-05-22 05:20:00 | 00,025,724 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM [Auto | Running])
[2005-08-25 12:16:52 | 00,005,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM [System | Running])
[2006-05-22 05:20:00 | 00,002,496 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN [Auto | Running])
[2006-05-22 05:20:00 | 00,086,844 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running])
[2006-05-22 05:20:00 | 00,014,716 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running])
[2006-05-22 05:20:00 | 00,006,364 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM [Auto | Running])
[2005-08-25 12:16:16 | 00,022,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N [System | Running])
[2006-05-22 05:20:00 | 00,094,460 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running])
[2006-05-22 05:20:00 | 00,088,444 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running])
[2005-09-12 03:30:00 | 00,089,264 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
[2005-08-12 05:20:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Running])
[2005-09-14 03:24:00 | 00,179,200 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express [On_Demand | Running])
[2006-05-05 05:30:02 | 00,013,568 | ---- | M] (UPEK Inc.) -- C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys -- (FdRedir [Auto | Running])
[2006-05-05 05:29:52 | 00,033,024 | ---- | M] (UPEK Inc.) -- C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys -- (FileDisk2 [Auto | Running])
[2006-09-19 12:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2005-01-07 17:07:18 | 00,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006-03-22 22:47:06 | 01,166,972 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Running])
[2005-06-09 22:26:00 | 00,035,968 | ---- | M] (Infineon Technologies AG) -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM [On_Demand | Running])
[2006-09-06 16:04:12 | 04,377,600 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService [On_Demand | Running])
[2007-10-19 12:16:30 | 02,109,976 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap [On_Demand | Running])
[2007-10-11 17:59:02 | 02,142,488 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv [On_Demand | Stopped])
[2007-10-11 17:59:24 | 00,025,624 | ---- | M] () -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon [On_Demand | Running])
[2007-10-12 02:00:44 | 00,041,752 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta [On_Demand | Running])
[2005-06-02 04:33:00 | 00,102,384 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf [System | Running])
[2003-01-28 23:35:00 | 00,012,032 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio [Auto | Running])
[2007-10-12 01:56:00 | 01,279,000 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI [On_Demand | Running])
[2007-07-12 01:32:44 | 00,012,800 | ---- | M] () -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos [On_Demand | Running])
[2004-08-04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008-02-22 19:38:33 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2004-08-04 05:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM [On_Demand | Stopped])
[2005-11-27 23:39:26 | 00,013,568 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans [Auto | Running])
[2006-01-13 04:04:21 | 00,076,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus [On_Demand | Running])
[2006-11-30 06:58:18 | 00,061,536 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\se44bus.sys -- (se44bus [On_Demand | Stopped])
[2006-11-30 06:58:24 | 00,009,360 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\se44mdfl.sys -- (se44mdfl [On_Demand | Stopped])
[2006-11-30 06:58:26 | 00,097,088 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\se44mdm.sys -- (se44mdm [On_Demand | Stopped])
[2006-11-30 06:58:30 | 00,088,624 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\se44mgmt.sys -- (se44mgmt [On_Demand | Stopped])
[2006-11-30 06:58:32 | 00,018,704 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\se44nd5.sys -- (se44nd5 [On_Demand | Stopped])
[2006-11-30 06:58:34 | 00,086,432 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\se44obex.sys -- (se44obex [On_Demand | Stopped])
[2006-11-30 06:58:42 | 00,090,800 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\se44unic.sys -- (se44unic [On_Demand | Stopped])
[2004-08-04 05:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2006-01-13 04:21:46 | 00,011,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sffdisk.sys -- (sffdisk [On_Demand | Stopped])
[2006-01-13 04:21:46 | 00,009,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sffp_mmc.sys -- (sffp_mmc [On_Demand | Stopped])
[2006-05-05 05:03:04 | 00,003,456 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\smihlp.sys -- (smihlp [Auto | Running])
[2006-05-05 05:13:38 | 00,028,800 | ---- | M] (UPEK Inc.) -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb [On_Demand | Running])
[2004-12-27 23:31:50 | 00,016,384 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\drivers\thpdrv.sys -- (Thpdrv [Boot | Running])
[2004-11-13 12:24:52 | 00,006,144 | R--- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\drivers\Thpevm.sys -- (Thpevm [Boot | Running])
[2004-06-15 22:38:48 | 00,005,888 | ---- | M] (Toshiba Corporation) -- C:\WINDOWS\system32\drivers\TMEI3E.sys -- (TMEI3E [System | Running])
[2005-07-11 18:58:56 | 00,003,712 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt [On_Demand | Stopped])
[2006-02-10 11:17:46 | 00,047,488 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte [On_Demand | Running])
[2006-04-13 20:00:28 | 00,108,928 | ---- | M] (TOSHIBA CORPORATION) -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd [On_Demand | Running])
[2006-03-16 10:45:12 | 00,037,632 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp [On_Demand | Running])
[2005-08-01 16:45:08 | 00,064,896 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom [System | Running])
[2005-09-09 14:47:10 | 00,009,344 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec [On_Demand | Running])
[2006-02-08 17:33:34 | 00,062,848 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid [On_Demand | Running])
[2005-01-06 13:42:42 | 00,018,612 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds [On_Demand | Running])
[2006-03-15 10:52:40 | 00,052,864 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd [On_Demand | Stopped])
[2006-02-24 01:37:00 | 00,040,192 | ---- | M] (TOSHIBA CORPORATION) -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb [On_Demand | Running])
[2007-07-10 08:00:42 | 00,036,736 | ---- | M] () -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos [On_Demand | Running])
[2005-12-26 14:33:26 | 00,016,768 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\drivers\TVALZ.SYS -- (TVALZ [Boot | Running])
[2004-08-03 21:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio [On_Demand | Running])
[2005-12-04 10:55:30 | 01,428,096 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51 [On_Demand | Running])
[2008-02-26 17:12:40 | 00,008,448 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys -- (BDSelfPr [On_Demand | Running])

spiqy
Novice
Novice

Posts Posts : 21
Joined Joined : 2008-11-30
OS OS : window xp 32bit
Points Points : 29320
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Infected With iSpyware Please Help Me! (HijackThis Log and U

Post by spiqy on 30th November 2008, 7:49 pm

OverViewIt.txt (c)

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"Start Page"=http://www.google.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/keyword/%s
"provider"=gogl

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (774 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 update.bitdefender.com

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- C:\Program Files\AVG\AVG8\avgssie.dll File not found
{5CA3D70E-1895-11CF-8E15-001234567890} (HKLM) -- C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{8854ED42-85F6-4F34-8C6E-249F75AD6952} (HKLM) -- C:\Program Files\D-i-v-X AV Codec Pack Toolbar\v3.2.0.0\D-i-v-X_AV_Codec_Pack_Toolbar.dll File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{097E7337-311D-44FF-A853-3F454FE1A682}" (HKLM) -- C:\Program Files\D-i-v-X AV Codec Pack Toolbar\v3.2.0.0\D-i-v-X_AV_Codec_Pack_Toolbar.dll File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{381FFDE8-2394-4f90-B10D-FC6124A40F8C}" (HKLM) -- C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll (Bitdefender)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"000StTHK"=000StTHK.exe ()
"00THotkey"=C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corporation)
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"AGRSMMSG"=AGRSMMSG.exe (Agere Systems)
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" (BitDefender S.R.L.)
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" (BitDefender)
"combofix"=C:\WINDOWS\system32\CF12238.exe /c C:\CombofixGP.exe\Combobatch.bat (Microsoft Corporation)
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless (Intel Corporation)
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" (Intel Corporation)
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" ()
"MSConfig"=C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto (Microsoft Corporation)
"NDSTray.exe"=NDSTray.exe File not found
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"RTHDCPL"=RTHDCPL.EXE (Realtek Semiconductor Corp.)
"SkyTel"=SkyTel.EXE (Realtek Semiconductor Corp.)
"SmoothView"=C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
"TFncKy"=TFncKy.exe File not found
"TFNF5"=TFNF5.exe (TOSHIBA Corp.)
"ThpSrv"=thpsrv /logon (TOSHIBA Corporation)
"TMERzCtl.EXE"=C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service (TOSHIBA)
"TMESRV.EXE"=C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon (TOSHIBA)
"TOSDCR"=TOSDCR.EXE (TOSHIBA Corporation)
"TosHKCW.exe"="C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" (TOSHIBA CORPORATION)
"TouchED"=C:\Program Files\TOSHIBA\TouchED\TouchED.Exe (TOSHIBA Corporation)
"TPSMain"=TPSMain.exe (TOSHIBA Corporation)
"TPSODDCtl"=TPSODDCtl.exe (TOSHIBA Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA)

spiqy
Novice
Novice

Posts Posts : 21
Joined Joined : 2008-11-30
OS OS : window xp 32bit
Points Points : 29320
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Infected With iSpyware Please Help Me! (HijackThis Log and U

Post by spiqy on 30th November 2008, 7:51 pm

OverViewIt.txt (d)

========== (O4) Startup Folders ==========


========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=227
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008-06-10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2003-07-14 22:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2006-10-10 05:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004-10-13 09:24:37 | 01,694,208 | -HS- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004-10-13 09:24:37 | 01,694,208 | -HS- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = [You must be registered and logged in to see this link.]
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{17492023-C23A-453E-A040-C7C580BBF700}: [You must be registered and logged in to see this link.] -- Windows Genuine Advantage Validation Tool
{3BFFE033-BF43-11D5-A271-00A024A51325}: [You must be registered and logged in to see this link.] -- iNotes6 Class
{493ACF15-5CD9-4474-82A6-91670C3DD66E}: [You must be registered and logged in to see this link.] -- LinkedIn ContactFinderControl
{4F1E5B1A-2A80-42CA-8532-2D05CB959537}: [You must be registered and logged in to see this link.] -- MSN Photo Upload Tool
{5F8469B4-B055-49DD-83F7-62B522420ECC}: [You must be registered and logged in to see this link.] -- Facebook Photo Uploader Control
{6414512B-B978-451D-A0D8-FCFDF33E833C}: [You must be registered and logged in to see this link.] -- WUWebControl Class
{67DABFBF-D0AB-41FA-9C46-CC0F21721616}: [You must be registered and logged in to see this link.] -- DivXBrowserPlugin Object
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: [You must be registered and logged in to see this link.] -- MUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: [You must be registered and logged in to see this link.] -- Java Plug-in 1.6.0_07
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: [You must be registered and logged in to see this link.] -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: [You must be registered and logged in to see this link.] -- Java Plug-in 1.6.0_02
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: [You must be registered and logged in to see this link.] -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: [You must be registered and logged in to see this link.] -- Java Plug-in 1.6.0_07
{D27CDB6E-AE6D-11CF-96B8-444553540000}: [You must be registered and logged in to see this link.] -- Shockwave Flash Object
Microsoft XML Parser for Java: [You must be registered and logged in to see this link.] -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{1E4AC4B8-6839-49D4-B5EC-4BFAA013FEE3} (Servers: | Description: Xircom CardBus Ethernet II 10/100)
{3086CE29-848F-4F0C-9153-92DD068E9514} (Servers: | Description: )
{42322F56-5CC3-4DB5-850F-B429A3132727} (Servers: | Description: 1394 Net Adapter)
{46CD5E7C-801A-464A-BAB3-DB8D1107EF9D} (Servers: | Description: Sony Ericsson Device 068 USB Ethernet Emulation (NDIS 5))
{57079064-0C41-431C-B01F-7F94EB9934F8} (Servers: | Description: Intel(R) PRO/Wireless 3945ABG Network Connection)
{C6520290-4B14-4763-9497-6F3502A2245F} (Servers: | Description: Intel(R) PRO/1000 PL Network Connection)
{DF155D66-962C-4C16-A9DF-5F3EA76883C6} (Servers: | Description: )

========== (O20) HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"GinaDLL"=vrlogon.dll
>[2006-05-05 05:18:58 | 00,451,584 | ---- | M] (UPEK Inc.) -- C:\WINDOWS\system32\vrlogon.dll


========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
igfxcui: "DllName" = igfxdev.dll -- C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
psfus: "DllName" = psqlpwd.dll -- C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT [c:\WINDOWS\SYSTEM32\SHARE.EXE /L:512 /F:8192 | ]
[2007-02-03 02:12:42 | 00,000,047 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

spiqy
Novice
Novice

Posts Posts : 21
Joined Joined : 2008-11-30
OS OS : window xp 32bit
Points Points : 29320
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Infected With iSpyware Please Help Me! (HijackThis Log and U

Post by spiqy on 30th November 2008, 7:51 pm

OverViewIt.txt (e)

========== Files/Folders - Created Within 30 Days ==========

[2008-11-30 14:36:21 | 00,422,400 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTViewIt.exe
[2008-11-30 05:58:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\vlc
[2008-11-30 05:54:38 | 00,011,264 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-11-30 04:39:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\WinRAR
[2008-11-30 04:19:49 | 00,044,904 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008-11-30 04:00:43 | 00,000,822 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to HiJackThis.lnk
[2008-11-30 03:44:23 | 00,001,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BitDefender Antivirus 2009.lnk
[2008-11-30 03:44:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\BitDefender
[2008-11-30 03:43:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2008-11-30 03:43:20 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2008-11-30 03:33:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\skypePM
[2008-11-30 03:33:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Skype
[2008-11-30 03:31:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2008-11-30 03:31:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2008-11-30 03:29:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple Computer
[2008-11-30 03:29:25 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[2008-11-30 03:29:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2008-11-30 03:29:15 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Windows Media Player.lnk
[2008-11-30 03:05:53 | 52,768,3584 | -HS- | C] () -- C:\hiberfil.sys
[2008-11-30 03:02:55 | 00,053,248 | ---- | C] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2008-11-30 03:00:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2008-11-30 02:55:12 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2008-11-30 02:55:12 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2008-11-30 02:55:12 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2008-11-30 02:55:12 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2008-11-30 02:55:12 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2008-11-30 02:55:12 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2008-11-30 02:55:12 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008-11-30 02:55:12 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2008-11-30 02:55:12 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2008-11-30 02:55:09 | 00,388,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF12238.exe
[2008-11-30 02:55:09 | 00,000,000 | ---D | C] -- C:\CombofixGP.exe
[2008-11-30 02:53:53 | 00,388,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF11983.exe
[2008-11-30 02:38:44 | 00,388,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF9018.exe
[2008-11-30 02:36:43 | 00,388,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF8626.exe
[2008-11-30 02:15:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2008-11-30 02:15:27 | 00,000,000 | ---D | C] -- C:\Qoobox
[2008-11-30 02:15:27 | 00,000,000 | ---D | C] -- C:\ComboFix
[2008-11-29 07:07:57 | 00,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2008-11-29 07:07:26 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2008-11-29 02:37:46 | 00,000,850 | ---- | C] () -- C:\WINDOWS\System32\ProductTweaks.xml
[2008-11-29 02:37:42 | 00,000,385 | ---- | C] () -- C:\WINDOWS\System32\user_gensett.xml
[2008-11-29 02:34:13 | 00,000,000 | ---D | C] -- C:\Program Files\BitDefender
[2008-11-29 02:32:49 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\BitDefender
[2008-11-29 00:34:09 | 00,002,257 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2008-11-29 00:34:05 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2008-11-29 00:10:18 | 00,000,000 | ---D | C] -- C:\Program Files\Skype
[2008-11-28 21:27:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2008-11-28 21:27:28 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2008-11-08 17:36:54 | 00,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2008-11-30 14:36:25 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTViewIt.exe
[2008-11-30 14:13:21 | 00,011,264 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-11-30 13:36:36 | 00,000,038 | ---- | M] () -- C:\WINDOWS\avisplitter.INI
[2008-11-30 04:19:49 | 00,044,904 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008-11-30 04:18:13 | 00,000,648 | ---- | M] () -- C:\WINDOWS\win.ini
[2008-11-30 04:18:13 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008-11-30 04:18:13 | 00,000,226 | RHS- | M] () -- C:\boot.ini
[2008-11-30 04:04:16 | 00,002,257 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2008-11-30 04:01:53 | 00,000,774 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008-11-30 04:00:43 | 00,000,822 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to HiJackThis.lnk
[2008-11-30 03:55:52 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2008-11-30 03:55:29 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008-11-30 03:54:55 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008-11-30 03:54:53 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008-11-30 03:54:51 | 52,768,3584 | -HS- | M] () -- C:\hiberfil.sys
[2008-11-30 03:44:23 | 00,001,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BitDefender Antivirus 2009.lnk
[2008-11-30 03:29:41 | 00,001,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Logitech QuickCam.lnk
[2008-11-30 03:29:15 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Windows Media Player.lnk
[2008-11-30 03:29:11 | 00,000,084 | -HS- | M] () -- C:\Documents and Settings\Administrator\My Documents\desktop.ini
[2008-11-30 03:02:55 | 00,053,248 | ---- | M] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2008-11-30 02:55:06 | 00,388,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF12238.exe
[2008-11-30 02:53:48 | 00,388,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF11983.exe
[2008-11-30 02:38:40 | 00,388,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF9018.exe
[2008-11-30 02:36:40 | 00,388,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF8626.exe
[2008-11-30 02:02:57 | 01,930,896 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2008-11-29 07:07:59 | 00,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2008-11-29 06:21:41 | 00,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2008-11-29 06:21:41 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2008-11-29 02:37:46 | 00,000,850 | ---- | M] () -- C:\WINDOWS\System32\ProductTweaks.xml
[2008-11-29 02:37:42 | 00,000,385 | ---- | M] () -- C:\WINDOWS\System32\user_gensett.xml
[2008-11-29 02:35:57 | 00,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2008-11-29 02:35:57 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2008-11-29 00:22:11 | 00,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2008-11-29 00:22:11 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2008-11-29 00:18:27 | 00,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2008-11-29 00:18:27 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2008-11-28 22:32:48 | 00,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2008-11-28 22:32:48 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2008-11-28 22:12:02 | 00,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2008-11-28 22:12:02 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2008-11-28 21:59:15 | 00,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2008-11-28 21:59:15 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2008-11-28 20:23:07 | 00,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2008-11-28 20:23:07 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2008-11-28 20:18:46 | 00,502,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\winlogon.exe
[2008-11-28 20:18:46 | 00,295,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\termsrv.dll
[2008-11-28 02:55:44 | 00,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2008-11-28 02:55:44 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2008-11-24 13:06:20 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008-11-13 17:26:08 | 00,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2008-11-13 17:26:08 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2008-11-08 17:36:55 | 00,000,730 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2008-11-08 00:42:15 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008-11-03 10:17:25 | 00,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2008-11-03 10:17:25 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2008-11-02 23:54:58 | 00,520,014 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008-11-02 23:54:58 | 00,439,832 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008-11-02 23:54:58 | 00,071,370 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008-11-02 23:54:41 | 00,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2008-11-02 23:54:40 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2008-11-02 23:50:13 | 00,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2008-11-02 23:50:13 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
< End of report >

spiqy
Novice
Novice

Posts Posts : 21
Joined Joined : 2008-11-30
OS OS : window xp 32bit
Points Points : 29320
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Infected With iSpyware Please Help Me! (HijackThis Log and U

Post by spiqy on 30th November 2008, 7:53 pm

Extras.txt (a)

OTViewIt Extras logfile created on: 2008-11-30 14:37:21 - Run
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: yyyy-MM-dd

503.17 Mb Total Physical Memory | 81.47 Mb Available Physical Memory | 16.19% Memory free
1.20 Gb Paging File | 0.47 Gb Available in Paging File | 38.97% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.49 Gb Total Space | 1.95 Gb Free Space | 3.71% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ST219737
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DisableNotifications"=0
"DoNotAllowExceptions"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2004-08-04 05:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\CA\eTrust Antivirus\InoRpc.exe:*:Enabled:eTrust Antivirus - RPC Server
File not found -- C:\Program Files\CA\eTrust Antivirus\InocIT.exe:*:Enabled:eTrust Antivirus - Local Scanner
File not found -- C:\Program Files\CA\eTrust Antivirus\Realmon.exe:*:Enabled:eTrust Antivirus - Realtime monitor
[2004-09-16 03:42:54 | 00,356,624 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\eTrust Antivirus\InoNmSrv.exe:*:Enabled:eTrust Antivirus - Admin Server
File not found -- C:\WINDOWS\system32\ppRemoteService.exe:*:Enabled:eTrust PestPatrol Anti-Spyware Corporate Edition - Agent
[2006-10-10 05:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007-01-01 14:22:02 | 03,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk
[2007-08-30 08:43:18 | 04,670,704 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
[2007-08-30 08:43:18 | 00,091,376 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
[2006-11-23 08:45:34 | 02,076,672 | ---- | M] (mIRC Co. Ltd.) -- C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC
[2008-11-07 14:31:38 | 21,633,320 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
[2008-02-08 14:32:57 | 00,147,456 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
[2008-02-22 20:15:56 | 00,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger
[2007-10-18 08:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007-10-02 14:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004-08-04 05:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2004-10-13 09:24:37 | 01,694,208 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2006-10-10 05:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\Rediff Bol\RediffMessenger.exe:*:Enabled:Rediff Bol 8.0
[2007-08-30 08:43:18 | 04,670,704 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
[2007-08-30 08:43:18 | 00,091,376 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
[2007-01-01 14:22:02 | 03,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk
[2006-11-23 08:45:34 | 02,076,672 | ---- | M] (mIRC Co. Ltd.) -- C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC
[2008-02-08 14:32:57 | 00,147,456 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
[2008-02-22 20:15:56 | 00,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger
[2007-07-24 13:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2007-11-02 16:36:34 | 17,152,808 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2007-10-18 08:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007-10-02 14:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
File not found -- C:\Program Files\Vongo\VongoTray.exe:*:Enabled:StarzTray
File not found -- C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost
[2008-11-07 14:31:38 | 21,633,320 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008-02-22 20:15:56 | 00,028,711 | ---- | M] (Logitech Inc.) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (bwfile-8876480:{9462A756-7B47-47BC-8C80-C34B9B80B32B} (HKLM) [BackWeb GA Pluggable Protocol])
ipp: [HKLM - No CLSID value]
[2003-07-11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2007-10-18 08:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
msdaipp: [HKLM - No CLSID value]
[2003-07-11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2003-07-11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2000-04-19 10:47:36 | 00,520,117 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])
[2007-10-18 08:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
[2005-06-02 15:36:20 | 07,252,672 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])
[2005-04-25 04:29:56 | 08,071,360 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])
[2008-05-30 15:54:14 | 01,942,864 | R--- | M] (Skype Technologies) C:\Program Files\Common Files\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2003-07-14 22:45:12 | 00,039,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

spiqy
Novice
Novice

Posts Posts : 21
Joined Joined : 2008-11-30
OS OS : window xp 32bit
Points Points : 29320
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Infected With iSpyware Please Help Me! (HijackThis Log and U

Post by spiqy on 30th November 2008, 7:54 pm

Extras.txt (b)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}"=PDFCreator
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}"=Sonic Update Manager
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}"=mLogView
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}"=Sonic DLA
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}"=TOSHIBA Assist
"{15095BF3-A3D7-4DDF-B193-3A496881E003}"=Microsoft .NET Framework 3.0
"{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}"=TOSHIBA Security Assist
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk"=Google Talk (remove only)
"{23170F69-40C1-2701-0442-000001000000}"=7-Zip 4.42
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}"=mProSafe
"{24300A63-DD78-4AA5-A914-4D582C41D33A}"=TOSHIBA TouchPad On/Off Utility V2.05.01
"{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}"=mIWA
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}"=Microsoft Windows Journal Viewer
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}"=Bonjour
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}"=TOSHIBA SD Memory Card Format
"{491DD792-AD81-429C-9EB4-86DD3D22E333}"=Windows Communication Foundation
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}"=Windows Live Messenger
"{56190F69-01D3-46CA-9861-43377C5E9B87}"=TOSHIBA Utilities
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}"=Skype™ 3.8
"{5DF86878-462F-41F2-96E0-E82EE57EC7D3}"=BitDefender Antivirus 2009
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}"=TOSHIBA Zooming Utility
"{6901DD22-527A-41EF-9059-E81FEDE9E494}"=Windows Presentation Foundation Language Pack (FRA)
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}"=Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{737629F4-4111-4FD4-9071-29873B7C6426}"=Protector Suite 5.4
"{7862BAD8-A379-4128-8AA1-EFD5A9603C53}"=Wireless Hotkey
"{7C72AAB5-8A7D-4882-950C-A1F26A949DA3}"=Kaspersky Network Agent
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}"=Windows Workflow Foundation
"{8A708DD8-A5E6-11D4-A706-000629E95E20}"=Intel(R) Graphics Media Accelerator Driver
"{8AC049F7-1383-45C3-9E7D-F93CA667F9E1}"=UMVPLStandalone
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}"=mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}"=mHelp
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}"=Logitech Desktop Messenger
"{90110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{90B0D222-8C21-4B35-9262-53B042F18AF9}"=mPfWiz
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}"=InterVideo WinDVD for TOSHIBA
"{91A10409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office OneNote 2003
"{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}"=Logitech QuickCam
"{94658027-9F16-4509-BBD7-A59FE57C3023}"=mZConfig
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}"=TOSHIBA HDD Protection
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}"=Sonic RecordNow!
"{9CC89556-3578-48DD-8408-04E66EBEF401}"=mXML
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}"=DVD-RAM Driver
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}"=ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}"=CD/DVD Drive Acoustic Silencer
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}"=TOSHIBA Controls
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}"=Windows Live installer
"{AC76BA86-7AD7-1033-7B44-A81300000003}"=Adobe Reader 8.1.3
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}"=Windows Live Sign-in Assistant
"{B168C59D-5FCF-4EEC-B464-BFA7A8266150}"=Windows Communication Foundation Language Pack - FRA
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}"=Apple Software Update
"{B84C141C-9A13-44BE-9A69-301D7B11D836}"=Windows Workflow Foundation FR Language Pack
"{BAF78226-3200-4DB4-BE33-4D922A799840}"=Windows Presentation Foundation
"{BBF5493A-05FB-4449-90DE-84A61EB78154}"=TOSHIBA SD Memory Boot Utility
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}"=TOSHIBA ConfigFree
"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}"=QuickTime
"{C0FC3B56-E345-40CD-A5CB-7EB791CE3E74}"=TOSHIBA Password Utility
"{C45F4811-31D5-4786-801D-F79CD06EDD85}"=SD Secure Module
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}"=Bluetooth Stack for Windows by Toshiba
"{D4E99017-45CF-4C3D-AB02-4205939D604D}"=VLS
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}"=Google Toolbar for Internet Explorer
"{E3C080B0-23F5-49AF-89F8-8E8DBC89E659}"=Microsoft .NET Framework 3.0 French Language Pack
"{E3FEE4E7-4488-4A3F-A6BD-13745936EADB}"=iTunes
"{E81667C6-2856-46D6-ABEA-6A2F42166779}"=mCore
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}"=mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver
"{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}"=Microsoft .NET Framework 2.0 Language Pack - FRA
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}"=mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}"=mWlsSafe
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Adobe Shockwave Player"=Adobe Shockwave Player
"CALCMENU "=CALCMENU
"Dell Printer Software Uninstall"=Dell Printer Software Uninstall
"D-i-v-X - AV Codec Pack"=D-i-v-X - AV Codec Pack (Pro) 1.1.0
"D-i-v-X AV Codec Pack Toolbar"=D-i-v-X AV Codec Pack Toolbar
"Encyclopaedia Britannica 2007 Ultimate Reference Suite"=Encyclopaedia Britannica 2007 Ultimate Reference Suite
"Free YouTube Download_is1"=Free YouTube Download 1.3
"Google Desktop"=Google Desktop
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{56190F69-01D3-46CA-9861-43377C5E9B87}"=TOSHIBA Utilities
"InstallShield_{7C72AAB5-8A7D-4882-950C-A1F26A949DA3}"=Kaspersky Network Agent
"InstallShield_{C0FC3B56-E345-40CD-A5CB-7EB791CE3E74}"=TOSHIBA Password Utility
"IrfanView"=IrfanView (remove only)
"KLiteCodecPack_is1"=K-Lite Mega Codec Pack 3.8.5
"LimeWire"=LimeWire 4.16.6
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0"=Microsoft .NET Framework 2.0
"Microsoft .NET Framework 2.0 Language Pack - FRA"=Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
"Microsoft .NET Framework 3.0"=Microsoft .NET Framework 3.0
"Microsoft .NET Framework 3.0 French Language Pack"=Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0
"mIRC"=mIRC
"mmuipackage"=Messenger MUI Package
"Mozilla Firefox (3.0.4)"=Mozilla Firefox (3.0.4)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"PC Diagnostic Tool"=TOSHIBA PC Diagnostic Tool
"Picasa2"=Picasa 2
"Power Saver"=TOSHIBA Power Saver
"PrimoPDF3.1"=PrimoPDF
"ProInst"=Intel(R) PROSet/Wireless Software
"PROSet"=Intel(R) PRO Network Connections Drivers
"Super TextTwist"=Super TextTwist
"TDspBtn"=TOSHIBA Display Devices Change Utility
"TFNF5"=TOSHIBA Hotkey Utility for Display Devices
"TME3"=TOSHIBA Mobile Extension3 for Windows XP V3.81.00.XP
"TOSHIBA Software Modem"=TOSHIBA Software Modem
"UltraISO_is1"=UltraISO Premium V9.31
"Uninstall_is1"=Uninstall 1.0.0.0
"VLC media player"=VLC media player 0.9.4
"VobSub"=VobSub v2.23 (Remove Only)
"WIC"=Windows Imaging Component
"Winamp"=Winamp (remove only)
"Windows Live OneCare safety scanner"=Windows Live OneCare safety scanner
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"WinRAR archiver"=WinRAR archiver
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"XBTB05988.XBTB05988Toolbar"=Furl Toolbar
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP"=XML Paper Specification Shared Components Language Pack 1.0
"Yahoo! Mail"=Yahoo! Internet Mail
"Yahoo! Messenger"=Yahoo! Messenger

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2008-11-30 05:04:56 | Computer Name = ST219737 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 2008-11-30 05:40:50 | Computer Name = ST219737 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 2008-11-30 05:41:50 | Computer Name = ST219737 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 2008-11-30 05:42:06 | Computer Name = ST219737 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 2008-11-30 05:42:20 | Computer Name = ST219737 | Source = UserInit | ID = 1000
Description = Could not execute the following script Printers Students.wsf. The
system cannot find the file specified. .

Error - 2008-11-30 05:42:20 | Computer Name = ST219737 | Source = UserInit | ID = 1000
Description = Could not execute the following script Printers Students MBA.wsf.
The system cannot find the file specified. .

Error - 2008-11-30 06:05:57 | Computer Name = ST219737 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 2008-11-30 06:06:12 | Computer Name = ST219737 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 2008-11-30 06:06:28 | Computer Name = ST219737 | Source = UserInit | ID = 1000
Description = Could not execute the following script Printers Students.wsf. The
system cannot find the file specified. .

Error - 2008-11-30 06:06:28 | Computer Name = ST219737 | Source = UserInit | ID = 1000
Description = Could not execute the following script Printers Students MBA.wsf.
The system cannot find the file specified. .

[ System Events ]
Error - 2008-11-30 05:55:05 | Computer Name = ST219737 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 2008-11-30 06:04:55 | Computer Name = ST219737 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2008-11-30 06:05:57 | Computer Name = ST219737 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain ROCHESNET due to the
following: %%1311. Make sure that the computer is connected to the network and try
again.
If the problem persists, please contact your domain administrator.

Error - 2008-11-30 06:28:18 | Computer Name = ST219737 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain ROCHESNET due to the
following: %%1311. Make sure that the computer is connected to the network and try
again.
If the problem persists, please contact your domain administrator.

Error - 2008-11-30 06:28:24 | Computer Name = ST219737 | Source = Dhcp | ID = 1002
Description = The IP address lease 10.1.10.106 for the Network Card with network
address 0018DE6A863D has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 2008-11-30 06:54:56 | Computer Name = ST219737 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain ROCHESNET due to the
following: %%1311. Make sure that the computer is connected to the network and try
again.
If the problem persists, please contact your domain administrator.

Error - 2008-11-30 06:58:03 | Computer Name = ST219737 | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 2008-11-30 10:42:36 | Computer Name = ST219737 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 2008-11-30 10:54:58 | Computer Name = ST219737 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain ROCHESNET due to the
following: %%1311. Make sure that the computer is connected to the network and try
again.
If the problem persists, please contact your domain administrator.

Error - 2008-11-30 16:34:58 | Computer Name = ST219737 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain ROCHESNET due to the
following: %%1311. Make sure that the computer is connected to the network and try
again.
If the problem persists, please contact your domain administrator.


< End of report >

spiqy
Novice
Novice

Posts Posts : 21
Joined Joined : 2008-11-30
OS OS : window xp 32bit
Points Points : 29320
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Infected With iSpyware Please Help Me! (HijackThis Log and U

Post by Belahzur on 30th November 2008, 8:01 pm

Hello.
I don't see any serious threats in there.

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
You can reenable TeaTimer once your system is clean.

Please make sure Teatimer is disable before we do this, otherwise this fix will fail.
===

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :processes
    explorer.exe

    :files
    C:\sqmdata18.sqm
    C:\sqmnoopt18.sqm
    C:\sqmdata17.sqm
    C:\sqmnoopt17.sqm
    C:\sqmdata16.sqm
    C:\sqmnoopt16.sqm
    C:\sqmdata15.sqm
    C:\sqmnoopt15.sqm
    C:\sqmdata14.sqm
    C:\sqmnoopt14.sqm
    C:\sqmdata13.sqm
    C:\sqmnoopt13.sqm
    C:\sqmdata12.sqm
    C:\sqmnoopt12.sqm
    C:\sqmdata11.sqm
    C:\sqmnoopt11.sqm
    C:\sqmdata10.sqm
    C:\sqmnoopt10.sqm
    C:\sqmdata09.sqm
    C:\sqmnoopt09.sqm
    C:\sqmdata08.sqm
    C:\sqmnoopt08.sqm
    C:\sqmdata07.sqm
    C:\sqmnoopt07.sqm
    C:\sqmdata06.sqm
    C:\sqmnoopt06.sqm
    C:\sqmdata05.sqm
    C:\sqmnoopt05.sqm
    C:\sqmdata04.sqm
    C:\sqmnoopt04.sqm
    C:\sqmdata03.sqm
    C:\sqmnoopt03.sqm
    C:\sqmdata02.sqm
    C:\sqmnoopt02.sqm
    C:\sqmdata01.sqm
    C:\sqmnoopt01.sqm
    C:\sqmdata00.sqm
    C:\sqmnoopt00.sqm


    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]



  • Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Infected With iSpyware Please Help Me! (HijackThis Log and U

Post by spiqy on 30th November 2008, 8:17 pm

Hi Do I have to download Run Spybot-S&D? I have never install spybot before according to my knowledge. What I had installed is SuperAntiVirus which I have already uninstalled and currently I am using BitDefender as my antivirus. So what lost me is where can I see Spybot teatimer?

spiqy
Novice
Novice

Posts Posts : 21
Joined Joined : 2008-11-30
OS OS : window xp 32bit
Points Points : 29320
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Infected With iSpyware Please Help Me! (HijackThis Log and U

Post by Belahzur on 30th November 2008, 9:04 pm

My bad, nevermind about that.
Carry on with OTMoveIt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Infected With iSpyware Please Help Me! (HijackThis Log and U

Post by spiqy on 30th November 2008, 10:08 pm

Hi Belahzur, here is the log:

��=

spiqy
Novice
Novice

Posts Posts : 21
Joined Joined : 2008-11-30
OS OS : window xp 32bit
Points Points : 29320
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Infected With iSpyware Please Help Me! (HijackThis Log and U

Post by spiqy on 30th November 2008, 10:12 pm

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\sqmdata18.sqm moved successfully.
C:\sqmnoopt18.sqm moved successfully.
C:\sqmdata17.sqm moved successfully.
C:\sqmnoopt17.sqm moved successfully.
C:\sqmdata16.sqm moved successfully.
C:\sqmnoopt16.sqm moved successfully.
C:\sqmdata15.sqm moved successfully.
C:\sqmnoopt15.sqm moved successfully.
C:\sqmdata14.sqm moved successfully.
C:\sqmnoopt14.sqm moved successfully.
C:\sqmdata13.sqm moved successfully.
C:\sqmnoopt13.sqm moved successfully.
C:\sqmdata12.sqm moved successfully.
C:\sqmnoopt12.sqm moved successfully.
C:\sqmdata11.sqm moved successfully.
C:\sqmnoopt11.sqm moved successfully.
C:\sqmdata10.sqm moved successfully.
C:\sqmnoopt10.sqm moved successfully.
C:\sqmdata09.sqm moved successfully.
C:\sqmnoopt09.sqm moved successfully.
C:\sqmdata08.sqm moved successfully.
C:\sqmnoopt08.sqm moved successfully.
C:\sqmdata07.sqm moved successfully.
C:\sqmnoopt07.sqm moved successfully.
C:\sqmdata06.sqm moved successfully.
C:\sqmnoopt06.sqm moved successfully.
C:\sqmdata05.sqm moved successfully.
C:\sqmnoopt05.sqm moved successfully.
C:\sqmdata04.sqm moved successfully.
C:\sqmnoopt04.sqm moved successfully.
C:\sqmdata03.sqm moved successfully.
C:\sqmnoopt03.sqm moved successfully.
C:\sqmdata02.sqm moved successfully.
C:\sqmnoopt02.sqm moved successfully.
C:\sqmdata01.sqm moved successfully.
C:\sqmnoopt01.sqm moved successfully.
C:\sqmdata00.sqm moved successfully.
C:\sqmnoopt00.sqm moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_tniMjNqToFieUttO5TFr scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFCE1E.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\tmp00005dad\tmp00000000 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\LVCOMSX.LOG scheduled to be deleted on reboot.
Windows Temp folder emptied.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\s3ywdfnr.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\s3ywdfnr.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\s3ywdfnr.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\s3ywdfnr.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\s3ywdfnr.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\s3ywdfnr.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11302008_165944

Files moved on Reboot...
File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_tniMjNqToFieUttO5TFr not found!
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFCE1E.tmp moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
C:\WINDOWS\temp\tmp00005dad\tmp00000000 moved successfully.
C:\WINDOWS\temp\LVCOMSX.LOG moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\s3ywdfnr.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\s3ywdfnr.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\s3ywdfnr.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\s3ywdfnr.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\s3ywdfnr.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\s3ywdfnr.default\XUL.mfl moved successfully.

spiqy
Novice
Novice

Posts Posts : 21
Joined Joined : 2008-11-30
OS OS : window xp 32bit
Points Points : 29320
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Infected With iSpyware Please Help Me! (HijackThis Log and U

Post by Belahzur on 30th November 2008, 10:40 pm

Hello.
What problems remain?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Infected With iSpyware Please Help Me! (HijackThis Log and U

Post by spiqy on 30th November 2008, 10:41 pm

Everything is great now Smile Thank you all so much for all your help!!

spiqy
Novice
Novice

Posts Posts : 21
Joined Joined : 2008-11-30
OS OS : window xp 32bit
Points Points : 29320
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Infected With iSpyware Please Help Me! (HijackThis Log and U

Post by Belahzur on 30th November 2008, 10:43 pm

Glad to hear that. Smile
But we aren't done just yet, we need to get you cleaned up.

Delete this folder in bold:
C:\_OTMoveIt

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:

  • Download the latest version of [You must be registered and logged in to see this link.].
  • Select the first option where it says "Java SE Runtime Environment (JRE) 6 Update 10".
  • Click the "Download" button to the right.
  • In the Window that opens, select your platform and language, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add or Remove Programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    - Java 2 Runtime Environment, SE v1.4.2
    - J2SE Runtime Environment 5.0
    - J2SE Runtime Environment 5.0 Update 2
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u10-windows-i586-p.exe that you downloaded to install the newest version.
Please make sure the new version of Java is installed before you run JavaRa.

Please download JavaRa from [You must be registered and logged in to see this link.]

  • First, unzip it.
  • Then run JavaRa.
  • Select English from the drop down menu and press Select.
  • This will open JavaRa.
  • Press Remove older versions
  • Press yes to the prompt.
  • It will make a log file of what it's removed.
  • Copy and paste the log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Infected With iSpyware Please Help Me! (HijackThis Log and U

Post by spiqy on 30th November 2008, 11:41 pm

Here is the log. For some reason my firefox kept crashing again now after I uninstalled the old java and restarted my computer.

JavaRa 1.11 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sun Nov 30 18:36:00 2008

Found and removed: C:\Program Files\Java\jre1.6.0_02

Found and removed: Software\JavaSoft\Java2D\1.5.0_06

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

------------------------------------

Finished reporting.

spiqy
Novice
Novice

Posts Posts : 21
Joined Joined : 2008-11-30
OS OS : window xp 32bit
Points Points : 29320
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Infected With iSpyware Please Help Me! (HijackThis Log and U

Post by Belahzur on 30th November 2008, 11:45 pm

Is it still crashing?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Infected With iSpyware Please Help Me! (HijackThis Log and U

Post by spiqy on 1st December 2008, 12:00 am

I think its my bitdefender antivirus.. when I uninstalled it ( like right now ) its working but my buddy computer is using both bitdefender and firefox works toghether. I am pretty lost but I guess I can always get another antivirus.

spiqy
Novice
Novice

Posts Posts : 21
Joined Joined : 2008-11-30
OS OS : window xp 32bit
Points Points : 29320
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Infected With iSpyware Please Help Me! (HijackThis Log and U

Post by Belahzur on 1st December 2008, 12:02 am

You aren't running Anti Virus Software

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network.
Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software (for personal use), from one these excellent vendors NOW:

1) [You must be registered and logged in to see this link.]
-Free anti-virus software for Windows.
-Detects and removes more than 50,000 viruses. Free support.
2) [You must be registered and logged in to see this link.]
-Anti-virus program for Windows.
-The home edition is freeware for noncommercial user.
3) [You must be registered and logged in to see this link.]
- Free edition of the AVG anti-virus program for Windows.
- Available for single computer use for home and non commercial use.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Infected With iSpyware Please Help Me! (HijackThis Log and U

Post by Jerry Parnell on 1st December 2008, 12:56 am

I must ask, where did you get the idea that you where running Bit-Defender? If it is in fact installed on your system, then we may have missed it. Can we get a screen shot to confirm that it is in fact there on your system?
If you need any help taking a screen shot, please go [You must be registered and logged in to see this link.].
Thank you.

Jerry Parnell
Leader
Leader

Posts Posts : 670
Joined Joined : 2008-08-04
Gender Gender : Male
OS OS : Windows Vista Home Basic
Points Points : 30764
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Infected With iSpyware Please Help Me! (HijackThis Log and U

Post by spiqy on 1st December 2008, 1:11 am

I just installed it a few moment before I was inform that I had to update my Java but right now I have already uninstalled it again. Now I cannot install AVG as this error msg kept appearing:
"Local machine: installation failed
Installation:
Error: Action failed for registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows: creating registry key....
Error 0x80070005"
I saw Kaspersky (Kaspersky network agent) on my computer which I believed was installed from my school last year and I tried uninstalling this but I need a password yet again and I dont know that. Could this be blocking my installation of AVG but then I had installed and used AVG before like 2 months ago.

spiqy
Novice
Novice

Posts Posts : 21
Joined Joined : 2008-11-30
OS OS : window xp 32bit
Points Points : 29320
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Infected With iSpyware Please Help Me! (HijackThis Log and U

Post by Belahzur on 1st December 2008, 1:13 am

Hello.
Try Avast! or Avira. Smile


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Infected With iSpyware Please Help Me! (HijackThis Log and U

Post by Doctor Inferno on 7th December 2008, 12:21 pm

Since this issue is resolved, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 11976
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104640
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum