Jump to content


HijackThis

Started by Solace., May 07 2007 06:58 AM

  • You cannot reply to this topic
5 replies to this topic

#1 OFFLINE   Solace.

    Newbie

  • Members
  • Pip
  • 4 posts
  • Gender:Female
  • Location:Australia.

Posted 07 May 2007 - 06:58 AM

I scanned my computer with Avast and a trojan come up, and I have deleted it. But I was wondering if someone could take a look at this and tell me if anything needs to be done. I have a habbit of installing things and then after a while uninstalling them. :blink:


---


Logfile of HijackThis v1.99.1
Scan saved at 4:46:20 PM, on 5/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\BigPond_CM.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\Utility\Application\QMICM.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Renae\My Documents\My Completed Downloads\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.ninemsn.com...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.ninemsn.com...S01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.ninemsn.com...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telstra BigPond Home Internet Explorer
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: BigPond Wireless Broadband 2.0 Auto Dial - {DB92EC3F-697D-4C3B-9A3B-3ABBD23D4A85} - C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\bpwbb2ad.dll
O2 - BHO: AlxTB BHO - {F1FABE79-25FC-46de-8C5A-2C6DB9D64333} - C:\WINDOWS\system32\AlxTB1.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [BigPondWirelessBroadbandCM] "C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\BigPond_CM.exe" -tsr
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Mail to a Friend... - http://client.alexa....ions/mailto.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1169898482897
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1169898465622
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...ows-i586-jc.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

#2 OFFLINE   rridgely

    I hate computers

  • Moderators
  • 8,858 posts
  • Gender:Male

Posted 07 May 2007 - 07:38 AM

Welcome to the forum. :)

Download AVG Anti-Spyware
  • Load AVG antispyware and then click the Update tab at the top. Under Manual Update click Start update.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Click on the Scanner tab at the top and then click on Complete System Scan
  • Ewido will list any infections found on the left, when the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG antispyware will then display "All actions have been applied" on the right.
  • Click on "Save Report", then "Save Report As". This will create a text file which you can then save to the Desktop and post back
Note that this is not AVG antivirus but the program formally known as Ewido.

Post the avg log and a new hijackthis log.

#3 OFFLINE   Solace.

    Newbie

  • Members
  • Pip
  • 4 posts
  • Gender:Female
  • Location:Australia.

Posted 08 May 2007 - 11:31 AM

Thanks a lot for that I done as you said and I got the log's. ;)


AVG Anti Spyware log -


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:33:17 PM 5/8/2007

+ Scan result:



HKLM\SOFTWARE\Alexa Internet -> Adware.Alexa : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Alexa Internet\Hosts -> Adware.Alexa : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\AlxTB.BHO -> Adware.Alexa : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\AlxTB.BHO.1 -> Adware.Alexa : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\AlxTB.BHO\CLSID -> Adware.Alexa : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\AlxTB.BHO\CurVer -> Adware.Alexa : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\PopMenu.Menu -> Adware.Alexa : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\PopMenu.Menu.1 -> Adware.Alexa : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\PopMenu.Menu\CLSID -> Adware.Alexa : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\PopMenu.Menu\CurVer -> Adware.Alexa : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Popup.HTMLEvent -> Adware.Alexa : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Popup.HTMLEvent.1 -> Adware.Alexa : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Popup.HTMLEvent\CLSID -> Adware.Alexa : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Popup.HTMLEvent\CurVer -> Adware.Alexa : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Popup.PopupKiller -> Adware.Alexa : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Popup.PopupKiller.1 -> Adware.Alexa : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Popup.PopupKiller\CLSID -> Adware.Alexa : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Popup.PopupKiller\CurVer -> Adware.Alexa : Cleaned with backup (quarantined).
HKU\S-1-5-21-606747145-436374069-1202660629-1004\Software\Microsoft\Internet Explorer\MenuExt\Mail to a Friend... -> Adware.Alexa : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B846C98A-557D-47FE-AC9A-FBE4B32D73A7}\RP112\A0023779.dll -> Adware.AlexaBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B846C98A-557D-47FE-AC9A-FBE4B32D73A7}\RP112\A0023780.dll -> Adware.AlexaBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-606747145-436374069-1202660629-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C95FE080-8F5D-11D2-A20B-00AA003C157A} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-606747145-436374069-1202660629-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F1FABE79-25FC-46DE-8C5A-2C6DB9D64333} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-606747145-436374069-1202660629-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CEFF6CD-6F08-4E4D-BCCD-FF7415288C3B} -> Adware.TitanShieldAntispyware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Cookies\system@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Renae\Cookies\renae@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Renae\Cookies\renae@aoluk.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Renae\Cookies\renae@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.110:C:\Documents and Settings\Renae\Application Data\Mozilla\Firefox\Profiles\8ckkxk9f.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.111:C:\Documents and Settings\Renae\Application Data\Mozilla\Firefox\Profiles\8ckkxk9f.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.112:C:\Documents and Settings\Renae\Application Data\Mozilla\Firefox\Profiles\8ckkxk9f.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Renae\Cookies\renae@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Renae\Cookies\renae@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.65:C:\Documents and Settings\Renae\Application Data\Mozilla\Firefox\Profiles\8ckkxk9f.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.66:C:\Documents and Settings\Renae\Application Data\Mozilla\Firefox\Profiles\8ckkxk9f.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.67:C:\Documents and Settings\Renae\Application Data\Mozilla\Firefox\Profiles\8ckkxk9f.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Renae\Cookies\renae@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.25:C:\Documents and Settings\Renae\Application Data\Mozilla\Firefox\Profiles\8ckkxk9f.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Renae\Cookies\renae@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.113:C:\Documents and Settings\Renae\Application Data\Mozilla\Firefox\Profiles\8ckkxk9f.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.114:C:\Documents and Settings\Renae\Application Data\Mozilla\Firefox\Profiles\8ckkxk9f.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.115:C:\Documents and Settings\Renae\Application Data\Mozilla\Firefox\Profiles\8ckkxk9f.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.116:C:\Documents and Settings\Renae\Application Data\Mozilla\Firefox\Profiles\8ckkxk9f.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.117:C:\Documents and Settings\Renae\Application Data\Mozilla\Firefox\Profiles\8ckkxk9f.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.118:C:\Documents and Settings\Renae\Application Data\Mozilla\Firefox\Profiles\8ckkxk9f.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.119:C:\Documents and Settings\Renae\Application Data\Mozilla\Firefox\Profiles\8ckkxk9f.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Renae\Cookies\renae@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.48:C:\Documents and Settings\Renae\Application Data\Mozilla\Firefox\Profiles\8ckkxk9f.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Renae\Cookies\renae@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.96:C:\Documents and Settings\Renae\Application Data\Mozilla\Firefox\Profiles\8ckkxk9f.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.97:C:\Documents and Settings\Renae\Application Data\Mozilla\Firefox\Profiles\8ckkxk9f.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.98:C:\Documents and Settings\Renae\Application Data\Mozilla\Firefox\Profiles\8ckkxk9f.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Renae\Cookies\renae@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Renae\Cookies\renae@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.124:C:\Documents and Settings\Renae\Application Data\Mozilla\Firefox\Profiles\8ckkxk9f.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.125:C:\Documents and Settings\Renae\Application Data\Mozilla\Firefox\Profiles\8ckkxk9f.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
C:\Documents and Settings\Renae\Cookies\renae@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Renae\Cookies\renae@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.76:C:\Documents and Settings\Renae\Application Data\Mozilla\Firefox\Profiles\8ckkxk9f.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.77:C:\Documents and Settings\Renae\Application Data\Mozilla\Firefox\Profiles\8ckkxk9f.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.53:C:\Documents and Settings\Renae\Application Data\Mozilla\Firefox\Profiles\8ckkxk9f.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.54:C:\Documents and Settings\Renae\Application Data\Mozilla\Firefox\Profiles\8ckkxk9f.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Renae\Cookies\renae@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.120:C:\Documents and Settings\Renae\Application Data\Mozilla\Firefox\Profiles\8ckkxk9f.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.62:C:\Documents and Settings\Renae\Application Data\Mozilla\Firefox\Profiles\8ckkxk9f.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Renae\Cookies\renae@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.85:C:\Documents and Settings\Renae\Application Data\Mozilla\Firefox\Profiles\8ckkxk9f.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Renae\Cookies\renae@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.104:C:\Documents and Settings\Renae\Application Data\Mozilla\Firefox\Profiles\8ckkxk9f.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.19:C:\Documents and Settings\Renae\Application Data\Mozilla\Firefox\Profiles\8ckkxk9f.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.20:C:\Documents and Settings\Renae\Application Data\Mozilla\Firefox\Profiles\8ckkxk9f.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.21:C:\Documents and Settings\Renae\Application Data\Mozilla\Firefox\Profiles\8ckkxk9f.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.22:C:\Documents and Settings\Renae\Application Data\Mozilla\Firefox\Profiles\8ckkxk9f.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Renae\Cookies\renae@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.107:C:\Documents and Settings\Renae\Application Data\Mozilla\Firefox\Profiles\8ckkxk9f.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.108:C:\Documents and Settings\Renae\Application Data\Mozilla\Firefox\Profiles\8ckkxk9f.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.109:C:\Documents and Settings\Renae\Application Data\Mozilla\Firefox\Profiles\8ckkxk9f.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Renae\Cookies\renae@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.


::Report end


HijackThis log-

Logfile of HijackThis v1.99.1
Scan saved at 9:20:29 PM, on 5/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\BigPond_CM.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\Utility\Application\QMICM.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Renae\My Documents\Downloads\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.ninemsn.com...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telstra BigPond Home Internet Explorer
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: BigPond Wireless Broadband 2.0 Auto Dial - {DB92EC3F-697D-4C3B-9A3B-3ABBD23D4A85} - C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\bpwbb2ad.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [BigPondWirelessBroadbandCM] "C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\BigPond_CM.exe" -tsr
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Ne

#4 OFFLINE   rridgely

    I hate computers

  • Moderators
  • 8,858 posts
  • Gender:Male

Posted 08 May 2007 - 04:05 PM

Please post a new hijackthis log. The one you posted got cut off. :(

#5 OFFLINE   Solace.

    Newbie

  • Members
  • Pip
  • 4 posts
  • Gender:Female
  • Location:Australia.

Posted 09 May 2007 - 02:00 AM

Sorry, I accidently posted that same post twice. Yikes. :huh:


Heres the HijackThis log.. (Hope it doesn't get cut off again) >_<;;



Logfile of HijackThis v1.99.1
Scan saved at 11:56:35 AM, on 5/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\BigPond_CM.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\Utility\Application\QMICM.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Renae\My Documents\Downloads\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.ninemsn.com...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telstra BigPond Home Internet Explorer
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: BigPond Wireless Broadband 2.0 Auto Dial - {DB92EC3F-697D-4C3B-9A3B-3ABBD23D4A85} - C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\bpwbb2ad.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [BigPondWirelessBroadbandCM] "C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\BigPond_CM.exe" -tsr
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1169898482897
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1169898465622
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...ows-i586-jc.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

#6 OFFLINE   rridgely

    I hate computers

  • Moderators
  • 8,858 posts
  • Gender:Male

Posted 09 May 2007 - 03:11 AM

That log looks ok.
Do things seem better? If so all you need to do is clear your restore points and make a new one.

To Flush the infected restore points:

Click Start Menu > All Programs > Accessories > System Tools > SystemRestore

Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.
Back to Spyware Hell


  1. Piriform Community Forums
  2. Computer Help and Discussion
  3. Spyware Hell