Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Tuesday 4.3.2025 / 21:49
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > virus and other nasties -hijackthis log please help
Show topics
 
Forums
Forums
Virus and Other Nasties -hijackthis log please help
  Jump to:
 
Posted Message
Liez4Love
Senior Member
_ 		5. December 2008 @ 21:02 _ Link to this message    Send private message to this user   
Hey guys,

Got a pretty badly infected computer. Lots of adware and other junk. It actually wont let me install superanti spyware, due to "admin prevention" even though I am logged in as admin. Here is Hijack this log. Thanks in advanced!
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Logfile of HijackThis v1.99.1
Scan saved at 6:55:46 PM, on 12/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [PRONoMgrWired] c:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VirusRemover2008] C:\Program Files\VirusRemover2008\VRM2008.exe
O4 - HKLM\..\Run: [RegistryDoctor2008] C:\Program Files\RegistryDoctor2008\registrydoctor.exe
O4 - HKLM\..\Run: [PCPrivacyCleaner] C:\Program Files\PCPrivacyCleaner\pcpc.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Cognac] C:\DOCUME~1\Owner\LOCALS~1\Temp\~tmpb.exe
O4 - HKCU\..\Run: [MSFox] C:\DOCUME~1\Owner\LOCALS~1\Temp\yyy19239.exe
O4 - HKCU\..\Run: [QuickInstallPack] "C:\DOCUME~1\Owner\LOCALS~1\Temp\SecureExpertCleaner_Pandora_Installer_Qip_Dual_En.exe" /autorun
O4 - HKCU\..\Run: [FTweakFCleaner] "C:\Program Files\FCleaner\fcleaner.exe" -a
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: Wireless Configuration Utility HW.32.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsu...b?1226527154468
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com...obat/nos/gp.cab
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
[ + quote]

http://pspcrack.tk/
"Rarely is the question asked; is our childern learning?" - G.W.Bush
Advertisement
_ 		__
2oldGeek
AfterDawn Addict
_ 		8. December 2008 @ 10:16 _ Link to this message    Send private message to this user   
Hi Liez4Love,

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and before the Windows icon appears press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode with Networking".

Download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
? At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
? If an update is found, it will download and install the latest version.
? Once the program has loaded, select Perform full scan, then click Scan.
? When the scan is complete, click OK, then Show Results to view the results.
? Make sure that everything is checked, and click Remove Selected. <-- Don't forget this.
? When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt

Reboot into Normal Mode..

? Please post the MBAM Log and a fresh HJT log in your next reply.


After running MBAM you should be able to download and install the latest ver. Of HJT ->TrendMicro HijackThis.exe (HJT)


2OG
[ + quote]


There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
Liez4Love
Senior Member
_ 		10. December 2008 @ 17:45 _ Link to this message    Send private message to this user   
Sorry took so long to post this log. Here it is.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Malwarebytes' Anti-Malware 1.31
Database version: 1464
Windows 5.1.2600 Service Pack 3

12/5/2008 7:03:35 PM
mbam-log-2008-12-05 (19-03-35).txt

Scan type: Full Scan (C:\|)
Objects scanned: 104062
Time elapsed: 21 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 16
Registry Values Infected: 6
Registry Data Items Infected: 0
Folders Infected: 10
Files Infected: 32

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.VirusRemover) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.VirusRemover) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\{65de966d-11d1-4bb1-bf7e-b8a273514daf} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{9233c3c0-1472-4091-a505-5580a23bb4ac} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\PCPrivacyCleaner (Rogue.PCPrivacyCleaner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PCPrivacyCleaner (Rogue.PCPrivacyCleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCPrivacyCleaner (Rogue.PCPrivacyCleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\MSFox (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cognac (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msfox (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\registrydoctor2008 (Rogue.AntiSpywareExpert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pcprivacycleaner (Rogue.PCPrivacyCleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\QuickInstallPack (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\PCPrivacyCleaner (Rogue.PCPrivacyCleaner) -> Quarantined and deleted successfully.
C:\Program Files\VirusRemover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.
C:\Program Files\RegistryDoctor2008 (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Program Files\RegistryDoctor2008\Download (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\PCPrivacyCleaner (Rogue.PCPrivacyCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\VirusRemover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\RegistryDoctor2008 (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\qip (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VirusRemover2008 (Rogue.VirusRemover) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VirusRemover2008\Logs (Rogue.VirusRemover) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Owner\Local Settings\Temp\~tmpb.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\yyy19239.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\SecureExpertCleaner_Pandora_Installer_Qip_Dual_En.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\RegistryDoctor2008\registrydoctor.exe (Rogue.AntiSpywareExpert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msxml71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\RGD_FreeInstaller.exe (Rogue.AntiSpywareExpert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\~tmpc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\~tmpe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\AZDKBAVA\SecureExpertCleaner_Pandora_Installer_Qip_Dual_En[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\RDF8SLMO\video[1].cfg (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WN0228E5\RGD_FreeInstaller[1].exe (Rogue.AntiSpywareExpert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\78W1O2sV.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\PCPrivacyCleaner\pcpc.exe (Rogue.PCPrivacyCleaner) -> Quarantined and deleted successfully.
C:\Program Files\VirusRemover2008\Viruses.bdt (Rogue.VirusRemove) -> Quarantined and deleted successfully.
C:\Program Files\VirusRemover2008\VRM2008.exe (Rogue.VirusRemove) -> Quarantined and deleted successfully.
C:\Program Files\RegistryDoctor2008\FreeApp.exe (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Program Files\RegistryDoctor2008\PaidApp.exe (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Program Files\RegistryDoctor2008\registrydoctor.ini (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\PCPrivacyCleaner\PCPrivacyCleaner.lnk (Rogue.PCPrivacyCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\PCPrivacyCleaner\Uninstall PCPrivacyCleaner.lnk (Rogue.PCPrivacyCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\VirusRemover2008\VirusRemover2008.lnk (Rogue.VirusRemove) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\RegistryDoctor2008\RegistryDoctor2008.lnk (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\qip\data.ini (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\VirusRemover2008\Logs\scns.log (Rogue.VirusRemover) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\RegistryDoctor2008.lnk (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusRemover2008.lnk (Rogue.VirusRemove) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\PCPrivacyCleaner.lnk (Rogue.PCPrivacyCleaner) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\78W1O2sV.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Desktop\RegistryDoctor2008.lnk (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Desktop\VirusRemover2008.lnk (Rogue.VirusRemove) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\~tmpa.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\~tmpd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
[ + quote]
2oldGeek
AfterDawn Addict
_ 		11. December 2008 @ 02:56 _ Link to this message    Send private message to this user   
Liez4Love,

Look?s like you may have got it, but can?t tell for sure without a log.

Post a fresh HJT Log and tell me how you?re doing. Any problems?

2OG
[ + quote]


There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
Liez4Love
Senior Member
_ 		11. December 2008 @ 22:08 _ Link to this message    Send private message to this user   
I really appreciate your help. Sorry its over a weekly basis for replying. Yes, there are lots of problems. Apparently a user purchased a fake anti virus pop up. I told her to cancel transaction on her card. After running malware bytes and some others, its a little better. But still is a very sketchy and shady system. I will post hjt log as soon as i can.
[ + quote]
Liez4Love
Senior Member
_ 		13. December 2008 @ 00:12 _ Link to this message    Send private message to this user   
HJT log posted below after malware bytes scans.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:11:23 PM, on 12/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox 3.1 Beta 1\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [PRONoMgrWired] c:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsu...b?1226527154468
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com...obat/nos/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe

--
End of file - 4469 bytes
[ + quote]

This message has been edited since posting. Last time this message was edited on 13. December 2008 @ 00:13
Advertisement
_ 		__
 
_
2oldGeek
AfterDawn Addict
_ 		13. December 2008 @ 10:13 _ Link to this message    Send private message to this user   
Liez4Love,

Your Log is Clean?.

Any Problems??

2OG
[ + quote]


There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > virus and other nasties -hijackthis log please help
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2025 by AfterDawn Ltd.

  IDG TechNetwork