[Closed] been hijacked

Computer forums for help with removing malicious software (malware) and improving computer security

Welcome Guest to What the Tech! ( Log In | Register ) We specialize in the removal of malicious software (malware), but here you'll find free help and support for all your tech questions. We invite you to ask questions, share experiences, and learn. Explore our message boards, or register now to post messages of your own. Please Start Here. Register today (registration removes advertising)

What the Tech > Spyware / Malware / Virus Removal > HijackThis™ Logs and Infections Removal

[Closed] been hijacked

Options

sicklife View Member Profile	Jul 21 2008, 09:43 PM Post #1
New Member Group: New Member Posts: 4 Joined: 21-July 08 Member No.: 80,429 Operating System: windows xp	Logfile of HijackThis v1.99.1 Scan saved at 20:42: VIRUS ALERT!, on 7/21/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\agrsmsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local O2 - BHO: (no name) - {03BB1EF4-4FC3-4B2E-AB6C-B976781B3AAE} - C:\WINDOWS\system32\fccDsTlJ.dll (file missing) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll O2 - BHO: (no name) - {6A10732F-BDB9-48B3-9DF7-622478AD74FC} - C:\WINDOWS\system32\jkkLfEVM.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: QXK Olive - {812AE34E-162C-4C94-BAA1-A2C0431AEC84} - C:\WINDOWS\kgxmotapktx.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: qndsfmao - {3FCAEB7D-F8AE-4A67-AE6C-57EE1416BB6D} - C:\WINDOWS\qndsfmao.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [EPSON Stylus CX7800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE /P26 "EPSON Stylus CX7800 Series" /O6 "USB001" /M "Stylus CX7800" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O4 - Global Startup: VPN Client.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O11 - Options group: [INTERNATIONAL] International O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=21871 O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: jkkLfEVM - C:\WINDOWS\SYSTEM32\jkkLfEVM.dll O21 - SSODL: kvxqmtre - {A9D64A39-6515-4989-8759-524DDB98DF9F} - C:\WINDOWS\kvxqmtre.dll (file missing) O21 - SSODL: evgratsm - {E08642BD-D406-4550-AE35-FE554ECCDF7E} - C:\WINDOWS\evgratsm.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

Gary R View Member Profile	Jul 22 2008, 04:00 AM Post #2
Advanced Member Group: Malware Team Posts: 930 Joined: 25-July 06 From: Yorkshire, England Member No.: 58,927 Operating System: XP	Looking over your log, back ASAP.

Gary R View Member Profile	Jul 22 2008, 04:09 AM Post #3
Advanced Member Group: Malware Team Posts: 930 Joined: 25-July 06 From: Yorkshire, England Member No.: 58,927 Operating System: XP	QUOTE Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections. If you think you have similar problems, please post a log in the HJT forum and wait for help. Unless informed of in advance, failure to post replies within 5 days will result in this thread being closed. Hi sicklife I'm Gary R, I'll be glad to help you with your computer problems. Please observe these rules while we work: Perform all actions in the order given. If you don't know, stop and ask! Don't keep going on. Please reply to this thread. Do not start a new topic. Stick with it till you're given the all clear. Remember, absence of symptoms does not mean the infection is all gone. Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If you can do these things, everything should go smoothly. If you're using XP, you'll need Administrator privileges to perform the fixes. (XP accounts are Administrator by default) If you're using Vista, it will be necessary to right click all tools we use and select ----> Run as Admistrator QUOTE It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them. I can see at least 2 infections on your computer, so it'll take a few passes to get you fully cleaned up, stick with it and we should be able to get you running properly again. OK, lets get started with the first. There are some new infections that damage your ability to boot if they are removed. So before we go any further, I need you to install Recovery Console to your computer. This is purely a precautionary measure, I don't see signs of them on your computer, but it's better to be a little cautious now than regretful later. Recovery Console gives us the ability to recover your computer if things go wrong. Download combofix.exe by sUBs to your Desktop (it must be in this location). Alternate Download If you already have a previous version, delete it and download a new version. Go to Microsoft's website Select the download that's appropriate for your Operating System (if you have XP Media Centre, use download for XP Pro. If you have SP3, then use the download for SP2) Download the file & save it as it's originally named, to your Desktop. Next Disconnect from the Internet. Important! Temporarily disable your anti-virus, and anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its files which may cause unpredictable results. Click here to see a list of programs that should be disabled (ignore the firewalls). The list is not all inclusive. If yours are not listed and you don't know how to disable them, please ask. Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix. When prompted, agree to the End-User License Agreement to install Microsoft Recovery Console. When complete a mesage will pop up asking if you want to continue scanning for Malware. Click Yes Combofix will now run a scan. (Usually takes 15-20 mins, but could be slightly longer) When finished, it will Produce a log for you. (it can also be found at C:\Combofix.txt) Post the log in your next reply please. Now run a new HJT scan and send me the log from that as well please. Don't forget to re-enable your anti-virus and anti-malware protection before re-connecting to the Internet. IMPORTANT Do not use your computer while Combofix is running. Do not mouseclick combofix's window whilst it's running. That may cause it to stall. If you've lost your Internet connection when Combofix has completely finished, re-start your computer to restore it. If you have any problems with these instructions, a detailed Tutorial for how to use Combofix is available here.

sicklife View Member Profile	Jul 22 2008, 10:47 PM Post #4
New Member Group: New Member Posts: 4 Joined: 21-July 08 Member No.: 80,429 Operating System: windows xp	Here is the first log. ComboFix 08-07-21.2 - KG 2008-07-22 21:36:47.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.668 [GMT -7:00] Running from: C:\Documents and Settings\KG\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\KG\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\KG\Application Data\ShoppingReport C:\Documents and Settings\KG\Application Data\ShoppingReport\cs\Config.xml C:\Documents and Settings\KG\Application Data\ShoppingReport\cs\db\Aliases.dbs C:\Documents and Settings\KG\Application Data\ShoppingReport\cs\db\Sites.dbs C:\Documents and Settings\KG\Application Data\ShoppingReport\cs\dwld\WhiteList.xip C:\Documents and Settings\KG\Application Data\ShoppingReport\cs\report\aggr_storage.xml C:\Documents and Settings\KG\Application Data\ShoppingReport\cs\report\send_storage.xml C:\Documents and Settings\KG\Application Data\ShoppingReport\cs\res1\WhiteList.dbs C:\Documents and Settings\KG\Desktop\Error Cleaner.url C:\Documents and Settings\KG\Desktop\Privacy Protector.url C:\Documents and Settings\KG\Desktop\Spyware&Malware Protection.url C:\Program Files\ShoppingReport C:\Program Files\ShoppingReport\Uninst.exe C:\WINDOWS\erms.exe C:\WINDOWS\evgratsm.dll C:\WINDOWS\qndsfmao.dll C:\WINDOWS\system32\cbXOFxYP.dll C:\WINDOWS\system32\jkkLfEVM.dll C:\WINDOWS\system32\JlTsDccf.ini C:\WINDOWS\system32\JlTsDccf.ini2 . ((((((((((((((((((((((((( Files Created from 2008-06-23 to 2008-07-23 ))))))))))))))))))))))))))))))) . 2008-07-21 20:16 . 2008-07-21 18:07 <DIR> d-------- C:\Documents and Settings\Administrator.KG-CD51E3DE9B9B\Application Data\Apple Computer 2008-07-21 20:16 . 2008-07-21 20:16 <DIR> d-------- C:\Documents and Settings\Administrator.KG-CD51E3DE9B9B 2008-07-21 20:13 . 2008-07-21 20:13 <DIR> d-------- C:\Program Files\Common Files\supportsoft 2008-07-21 19:57 . 2008-07-21 18:07 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer 2008-07-21 19:57 . 2008-07-21 20:10 <DIR> d---s---- C:\Documents and Settings\Administrator 2008-07-21 19:19 . 2008-07-21 19:55 <DIR> d-------- C:\$AVG8.VAULT$ 2008-07-21 19:16 . 2008-07-21 19:18 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg(2) 2008-07-21 19:16 . 2008-07-21 20:10 <DIR> d-------- C:\Program Files\AVG(2) 2008-07-21 19:16 . 2008-07-21 20:10 <DIR> d-------- C:\Documents and Settings\KG\Application Data\AVGTOOLBAR 2008-07-21 19:16 . 2008-07-21 20:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8(2) 2008-07-21 17:55 . 2008-07-21 17:55 <DIR> d-------- C:\Program Files\Windows Sidebar 2008-07-21 17:55 . 2008-07-21 20:12 <DIR> d-------- C:\Program Files\Norton AntiVirus 2008-07-21 17:53 . 2008-07-21 20:13 <DIR> d-------- C:\Program Files\Symantec 2008-07-21 17:53 . 2008-07-21 20:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec 2008-07-21 17:50 . 2008-07-21 20:13 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared 2008-07-21 16:55 . 2008-07-21 16:55 <DIR> d-------- C:\Program Files\Common Files\Download Manager 2008-07-21 16:41 . 2008-07-17 03:14 155,648 --a------ C:\WINDOWS\agpqlrfm.exe 2008-07-10 20:36 . 2008-07-10 20:36 <DIR> d-------- C:\WINDOWS\Internet Logs 2008-07-10 20:33 . 2003-05-01 13:26 5,220 -ra------ C:\WINDOWS\system32\drivers\CVirtA.sys 2008-07-10 20:32 . 2008-07-10 20:32 <DIR> d-------- C:\Program Files\Common Files\Deterministic Networks 2008-07-10 20:32 . 2008-07-10 20:32 <DIR> d-------- C:\Program Files\Cisco Systems 2008-07-10 20:32 . 2004-02-02 12:29 139,604 --a------ C:\WINDOWS\system32\drivers\dne2000.sys 2008-07-10 20:32 . 2004-02-02 12:29 113,596 --a------ C:\WINDOWS\system32\dneinobj.dll 2008-06-30 20:24 . 2005-02-25 00:00 46,080 --a------ C:\WINDOWS\system32\escimgd.dll 2008-06-30 20:24 . 2005-02-25 00:00 29,696 --a------ C:\WINDOWS\system32\escwiad.dll 2008-06-30 20:24 . 2005-02-25 00:00 22,016 --a------ C:\WINDOWS\system32\esccmd.dll 2008-06-30 20:24 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2008-06-30 20:24 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys 2008-06-30 20:23 . 2008-06-30 20:24 <DIR> d-------- C:\Program Files\EPSON 2008-06-30 20:23 . 2008-06-30 20:24 <DIR> d-------- C:\epson 2008-06-30 20:17 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2008-06-30 20:17 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys 2008-06-30 20:16 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2008-06-30 20:16 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys 2008-06-29 13:02 . 2007-07-30 14:44 3,518,464 --a------ C:\WINDOWS\system32\cdintf300.dll 2008-06-29 13:02 . 2007-06-28 14:09 1,843,200 --a------ C:\WINDOWS\system32\acXMLParser.dll 2008-06-29 12:56 . 2008-06-29 12:56 <DIR> d-------- C:\Program Files\Intuit 2008-06-29 12:56 . 2008-06-29 12:59 <DIR> d-------- C:\Program Files\Common Files\Intuit 2008-06-29 12:56 . 2008-06-30 20:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Intuit 2008-06-29 12:55 . 2008-06-29 12:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\COMMON FILES 2008-06-29 12:54 . 2008-06-29 12:54 <DIR> d-------- C:\Program Files\MSXML 4.0 2008-06-29 12:49 . 2008-06-29 12:49 376 --a------ C:\WINDOWS\ODBC.INI 2008-06-29 12:48 . 2008-06-29 12:48 <DIR> d-------- C:\Program Files\Microsoft ActiveSync 2008-06-29 12:47 . 2008-06-29 12:48 <DIR> d-------- C:\WINDOWS\ShellNew 2008-06-29 11:40 . 2008-06-29 11:40 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav 2008-06-29 11:40 . 2008-06-29 11:40 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav 2008-06-29 11:40 . 2001-08-17 14:00 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys 2008-06-29 11:40 . 2001-08-17 14:00 54,272 --a--c--- C:\WINDOWS\system32\dllcache\swmidi.sys 2008-06-29 11:40 . 2004-08-03 23:07 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys 2008-06-29 11:40 . 2004-08-03 23:07 52,864 --a--c--- C:\WINDOWS\system32\dllcache\dmusic.sys 2008-06-29 11:40 . 2004-08-03 23:07 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys 2008-06-29 11:40 . 2004-08-03 23:07 6,400 --a--c--- C:\WINDOWS\system32\dllcache\splitter.sys 2008-06-29 11:36 . 2008-06-29 11:36 <DIR> d-------- C:\WINDOWS\system32\Lang 2008-06-29 11:36 . 2004-08-03 23:15 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys 2008-06-29 11:36 . 2004-08-03 23:15 82,944 --a--c--- C:\WINDOWS\system32\dllcache\wdmaud.sys 2008-06-29 11:34 . 2008-06-29 11:34 <DIR> d-------- C:\Program Files\Realtek 2008-06-29 11:34 . 2008-06-29 11:34 <DIR> d--h----- C:\Program Files\InstallShield Installation Information 2008-06-29 10:00 . 2008-06-29 10:00 <DIR> d-------- C:\Program Files\iTunes 2008-06-29 10:00 . 2008-06-29 10:00 <DIR> d-------- C:\Program Files\iPod 2008-06-29 10:00 . 2008-06-29 10:00 <DIR> d-------- C:\Documents and Settings\KG\Application Data\Apple Computer 2008-06-29 09:59 . 2008-06-29 09:59 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2008-06-29 09:59 . 2008-06-29 09:59 <DIR> d-------- C:\Program Files\QuickTime 2008-06-29 09:59 . 2008-06-29 09:59 <DIR> d-------- C:\Program Files\Bonjour 2008-06-29 09:59 . 2008-06-29 09:59 <DIR> d-------- C:\Program Files\Apple Software Update 2008-06-29 09:59 . 2008-06-29 10:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-06-29 09:58 . 2008-06-29 09:58 <DIR> d-------- C:\Program Files\Common Files\Apple 2008-06-29 09:58 . 2008-06-29 09:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-29 18:35 0 ----a-w C:\WINDOWS\system32\drivers\SET1133.tmp 2008-06-29 18:34 315,392 ----a-w C:\WINDOWS\HideWin.exe 2008-06-29 18:34 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-06-10 02:23 --------- d-----w C:\Program Files\Common Files\Adobe 2008-06-09 01:51 --------- d-----w C:\Program Files\Google 2008-06-09 01:38 --------- d-----w C:\Program Files\Java 2008-06-09 01:37 --------- d-----w C:\Program Files\Common Files\Java 2008-06-03 04:54 --------- d-----w C:\Program Files\PCDR5 2008-06-03 04:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC-Doctor 2008-05-24 23:47 --------- d-----w C:\Program Files\Broadcom 2008-05-24 22:57 --------- d-----w C:\Program Files\microsoft frontpage . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-13 20:06 68856] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24 1694208] "AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 10:37 2321600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 05:00 208952] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 05:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 05:00 455168] "Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2006-10-12 16:28 1282048] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 13:17 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 13:13 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 13:17 118784] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 11:13 267048] "AzMixerSel"="C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2007-08-23 14:48 53248] "EPSON Stylus CX7800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE" [2005-04-07 04:00 98304] "RTHDCPL"="RTHDCPL.EXE" [2007-08-10 15:21 16384000 C:\WINDOWS\RTHDCPL.exe] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360] QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-11-12 21:41:42 972064] VPN Client.lnk - C:\WINDOWS\Installer\{3E5562ED-69AB-4CEC-91E2-64E18EC5ACC6}\Icon3E5562ED7.ico [2008-07-10 20:34:05 6144] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"= S3 PCD5SRVC{DF187064-5DA14001-05040000};PCD5SRVC{DF187064-5DA14001-05040000} - PCDR Kernel Mode Service Helper Driver;C:\PROGRA~1\PCDR5\PCD5SRVC.pkms [2007-12-10 13:20] . Contents of the 'Scheduled Tasks' folder "2008-06-29 16:59:13 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-07-22 01:01:02 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - KG.job" - C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK: . - - - - ORPHANS REMOVED - - - - BHO-{03BB1EF4-4FC3-4B2E-AB6C-B976781B3AAE} - C:\WINDOWS\system32\fccDsTlJ.dll BHO-{812AE34E-162C-4C94-BAA1-A2C0431AEC84} - C:\WINDOWS\kgxmotapktx.dll Toolbar-{3FCAEB7D-F8AE-4A67-AE6C-57EE1416BB6D} - C:\WINDOWS\qndsfmao.dll SSODL-kvxqmtre-{A9D64A39-6515-4989-8759-524DDB98DF9F} - C:\WINDOWS\kvxqmtre.dll SSODL-evgratsm-{E08642BD-D406-4550-AE35-FE554ECCDF7E} - C:\WINDOWS\evgratsm.dll . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.azcentral.com/ R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 R1 -: HKCU-Internet Settings,ProxyOverride = .local R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 *********************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-22 21:41:53 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCD5SRVC{DF187064-5DA14001-05040000}] "ImagePath"="\??\C:\PROGRA~1\PCDR5\PCD5SRVC.pkms" . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\WLTRYSVC.EXE C:\WINDOWS\system32\BCMWLTRY.EXE C:\WINDOWS\system32\agrsmsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\iPod\bin\iPodService.exe . ************************************************************************ . Completion time: 2008-07-22 21:44:19 - machine was rebooted ComboFix-quarantined-files.txt 2008-07-23 04:44:16 Pre-Run: 64,789,372,928 bytes free Post-Run: 65,249,640,448 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons 211 --- E O F --- 2008-06-03 04:37:49

sicklife View Member Profile	Jul 22 2008, 10:47 PM Post #5
New Member Group: New Member Posts: 4 Joined: 21-July 08 Member No.: 80,429 Operating System: windows xp	and the second Logfile of HijackThis v1.99.1 Scan saved at 21:47, on 7/22/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\agrsmsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.azcentral.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [EPSON Stylus CX7800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE /P26 "EPSON Stylus CX7800 Series" /O6 "USB001" /M "Stylus CX7800" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O4 - Global Startup: VPN Client.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O11 - Options group: [INTERNATIONAL] International O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=21871 O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

Gary R View Member Profile	Jul 23 2008, 03:44 AM Post #6
Advanced Member Group: Malware Team Posts: 930 Joined: 25-July 06 From: Yorkshire, England Member No.: 58,927 Operating System: XP	OK, looking a lot better, still a little work to do. Download OTMoveIt2 by Old Timer and save it to your Desktop. Double-click OTMoveIt2.exe to run it. Copy the lines in the codebox below. CODE C:\WINDOWS\agpqlrfm.exe C:\WINDOWS\system32\drivers\SET1133.tmp Return to OTMoveIt2, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste. Click the red Moveit! button. Copy everything in the Results window (under the green bar), and paste it in your next reply. Close OTMoveIt2 Next Run a scan with HJT and when finished check the following items (if found). O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\system32\shdocvw.dll O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing) Now close all open windows and click Fix Checked to remove them. Next Click Start > Run and type cleanmgr then click OK. This will bring up the Disk Cleanup window. Check the following entries. Temporary Internet Files. Recycle Bin. Temporary Files. Click OK. When a prompt pops up click Yes. Then Please download Malwarebytes' Anti-Malware to your Desktop. Double-click mbam-setup.exe and follow the prompts to install the program. Click on the Malwarebytes' Anti-Malware icon to launch the programme. Click the Updates tab. Click Check for Updates and allow the programme to download the latest definitions. Click the Scanner tab. Check Perform Full Scan. Click Scan and wait for the scan to complete. When the scan is complete, click OK, then Show Results. Ensure all items are checked then click Remove Selected. A box will pop-up telling you that files have been quarantined. A log will pop-up. Post the log in your next reply please. You can also access the log by doing the following Click on the Logs tab. Click on the log at the bottom of those listed to highlight it. Click Open Finally Run a new scan with HJT and post me the log please. Summary of the logs I need from you in your next post: OTMoveIt log MBAM log New HJT log Please post each log separately to prevent them being cut off by the forum post size limiter.

Gary R View Member Profile	Jul 28 2008, 03:57 PM Post #7
Advanced Member Group: Malware Team Posts: 930 Joined: 25-July 06 From: Yorkshire, England Member No.: 58,927 Operating System: XP	Due to inactivity this topic will be closed. If you need help please start a new thread and post a new HJT log

Gary R View Member Profile	Jul 28 2008, 03:57 PM Post #8
Advanced Member Group: Malware Team Posts: 930 Joined: 25-July 06 From: Yorkshire, England Member No.: 58,927 Operating System: XP	Due to inactivity this topic will be closed. If you need help please start a new thread and post a new HJT log

« Next Oldest · HijackThis™ Logs and Infections Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies	Topic Starter	Views	Last Action
HijackThis™ Logs and Infections Removal [Resolved] My laptop is misbehaving...and it's not liking me	10	Snowy Brighton	40	28 minutes ago Last post by: LDTate
HijackThis™ Logs and Infections Removal [Closed] adware.lop	5	Leomar	67	Today, 06:57 AM Last post by: mschroe919
HijackThis™ Logs and Infections Removal [Resolved] Slower by the day	8	Val Reyes	60	Today, 06:56 AM Last post by: mschroe919
HijackThis™ Logs and Infections Removal [Closed] Got Worms but ain't Fishing?	14	SweetNuttin	110	Yesterday, 11:30 PM Last post by: Tomk