 My Deckard File, some problem with dl programs |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Forum Guidelines
Read this topic before posting a log. DO NOT post a ComboFix log unless requested to. Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 Jun 3 2008, 10:58 PM
Post
#1
|
|
|
New Member  Group: Members Posts: 8 Joined: 27-January 08 Member No.: 186,617  |
i used combofix cause highjack this didnt fix it, please recommend any changed including ola program removal. i uploaded addi. the hjack log, please fix 017, keeps coming back. another questions is avg keeps telling me my hostfile had been changed, and why does kaspersky reconise my hostman files as bad ad clicker??? Deckard's System Scanner v20071014.68 Run by All Users on 2008-06-03 23:38:21 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 5: 2008-06-04 03:38:26 UTC - RP24 - Deckard's System Scanner Restore Point 4: 2008-06-04 03:31:40 UTC - RP23 - ComboFix created restore point 3: 2008-06-03 04:23:46 UTC - RP22 - System Checkpoint 2: 2008-06-01 19:26:19 UTC - RP21 - System Checkpoint 1: 2008-05-31 14:42:40 UTC - RP20 - System Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis (run as All Users.exe) ------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:41:27 PM, on 03-Jun-08 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\a-squared Free\a2service.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Comodo\CBOClean\BOCORE.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\All Users.P4\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\All Users.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [BOC-425] C:\PROGRA~1\Comodo\CBOClean\BOC425.EXE O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [ScriptSentry] C:\Documents and Settings\All Users.P4\Desktop\Crusty\security programs\scriptsentry\ScriptSentry.exe /check O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ProtoWall] C:\Program Files\Dudez\ProtoWall\ProtoWall.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD40/JSCDL/jre/6u...ows-i586-jc.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{A59CCAA7-5A5A-40DD-A398-4DA1E0A558FB}: NameServer = 209.88.128.25 209.88.128.26 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 7409 bytes -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) ----------- backup-20080328-203652-293 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) backup-20080504-080721-259 F3 - REG:win.ini: run= backup-20080504-080721-342 F3 - REG:win.ini: load= backup-20080529-161615-601 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) backup-20080529-161738-381 O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - http://www.mks.com.pl/skaner/SkanerOnline.cab backup-20080529-161739-555 O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-0e3ff905faf83cd4.spaces.live.co...ad/MsnPUpld.cab backup-20080529-161852-428 O17 - HKLM\System\CCS\Services\Tcpip\..\{A59CCAA7-5A5A-40DD-A398-4DA1E0A558FB}: NameServer = 209.88.128.25 209.88.128.26 -- File Associations ----------------------------------------------------------- .js - JSFile - shell\open\command - C:\Documents and Settings\All Users.P4\Desktop\Crusty\security programs\scriptsentry\ScriptSentry.exe "%1" %* .txt - txtfile - shell\open\command - C:\WINDOWS\NOTEPAD.EXE %1 .vbs - VBSFile - shell\open\command - C:\Documents and Settings\All Users.P4\Desktop\Crusty\security programs\scriptsentry\ScriptSentry.exe "%1" %* -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 BUFADPT - c:\windows\system32\bufadpt.sys <Not Verified; BUFFALO INC.; BUFFALO Wireless LAN> R1 ISODrive (ISO DVD/CD-ROM Device Driver) - c:\program files\ultraiso\drivers\isodrive.sys <Not Verified; EZB Systems, Inc.; ISODrive> R1 sf (SFI Service) - c:\windows\system32\drivers\sf.sys <Not Verified; Sonic Focus, Inc; Sonic Focus DSP service driver> R3 aeaudio - c:\windows\system32\drivers\aeaudio.sys <Not Verified; Andrea Electronics Corporation; Andrea Audio Driver> R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine> R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell> R3 smwdm - c:\windows\system32\drivers\smwdm.sys <Not Verified; Analog Devices, Inc.; SoundMAX Digital Audio Driver> S1 sdpiosys - c:\windows\system32\drivers\sdpiosys.sys (file missing) S2 {95808DC4-FA4A-4C74-92FE-5B863F82066B} - c:\program files\cyberlink\powerdvd\000.fcl (file missing) S3 MS1000 - c:\windows\system32\drivers\ms1000.sys S3 ProtoWall (ProtoWall Network Service) - c:\windows\system32\drivers\protowall.sys (file missing) S3 U2G300N5 (BUFFALO WLI-U2-G144N Wireless LAN Driver for Windows XP) - c:\windows\system32\drivers\u2g300n5.sys <Not Verified; Marvell Semiconductor, Inc; Device driver for Marvell 802.11n NIC> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- S4 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe S4 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" (file missing) -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-06-03 20:00:41 392 --a------ C:\WINDOWS\Tasks\SmartDefrag.job -- Files created between 2008-05-03 and 2008-06-03 ----------------------------- 2008-06-03 23:31:16 68096 --a------ C:\WINDOWS\zip.exe 2008-06-03 23:31:16 49152 --a------ C:\WINDOWS\VFind.exe 2008-06-03 23:31:16 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists> 2008-06-03 23:31:16 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller> 2008-06-03 23:31:16 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor> 2008-06-03 23:31:16 98816 --a------ C:\WINDOWS\sed.exe 2008-06-03 23:31:16 80412 --a------ C:\WINDOWS\grep.exe 2008-06-03 23:31:16 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; > 2008-06-03 23:17:18 25992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe <Not Verified; Sysinternals - www.sysinternals.com; Page File Defragmenter> 2008-06-03 22:43:09 0 dr-h----- C:\Documents and Settings\All Users.P4\Recent 2008-06-03 22:26:29 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla 2008-06-03 20:03:58 0 dr-h----- C:\Documents and Settings\Administrator\SendTo 2008-06-03 20:03:58 0 d--h----- C:\Documents and Settings\Administrator\Recent 2008-06-03 20:03:58 0 d--h----- C:\Documents and Settings\Administrator\PrintHood 2008-06-03 20:03:58 0 d--h----- C:\Documents and Settings\Administrator\NetHood 2008-06-03 20:03:58 0 d-------- C:\Documents and Settings\Administrator\My Documents 2008-06-03 20:03:58 0 d--h----- C:\Documents and Settings\Administrator\Local Settings 2008-06-03 20:03:58 0 d-------- C:\Documents and Settings\Administrator\Favorites 2008-06-03 20:03:58 0 d-------- C:\Documents and Settings\Administrator\Desktop 2008-06-03 20:03:58 0 d--hs---- C:\Documents and Settings\Administrator\Cookies 2008-06-03 20:03:58 0 dr-h----- C:\Documents and Settings\Administrator\Application Data 2008-06-03 20:03:58 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft 2008-06-03 20:03:57 0 d--h----- C:\Documents and Settings\Administrator\Templates 2008-06-03 20:03:57 0 dr------- C:\Documents and Settings\Administrator\Start Menu 2008-06-03 20:03:57 2097152 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT 2008-05-28 14:51:13 0 dr-h----- C:\$VAULT$.AVG 2008-05-28 09:18:28 0 d-------- C:\Program Files\Rufus 2008-05-27 15:41:46 0 d-------- C:\WINDOWS\system32\ipp20 2008-05-11 03:30:47 0 d-------- C:\Program Files\Pyrenean 2008-05-11 00:00:47 0 d-------- C:\Documents and Settings\All Users.P4\Application Data\Wireshark 2008-05-10 23:57:51 0 d-------- C:\Program Files\WinPcap 2008-05-10 23:57:31 0 d-------- C:\Program Files\Wireshark 2008-05-09 22:17:06 0 d-------- C:\Documents and Settings\All Users.P4\Application Data\Arctic 2008-05-09 20:48:11 230400 --a------ C:\Program Files\NRPG-RatioMaster.exe <Not Verified; NRPG; NRPG RatioMaster> 2008-05-09 19:47:58 0 d-------- C:\Documents and Settings\All Users\Application Data\SlySoft 2008-05-09 19:26:45 0 d-------- C:\Program Files\SlySoft 2008-05-09 18:00:36 0 d-------- C:\CloneDVDTemp 2008-05-09 17:45:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes 2008-05-09 17:12:54 0 d-------- C:\Program Files\Elaborate Bytes 2008-05-09 17:10:46 0 d-------- C:\Program Files\Combined Community Codec Pack 2008-05-09 01:53:47 0 d-------- C:\Program Files\Dudez 2008-05-08 17:01:48 0 d-------- C:\Program Files\MediaInfo 2008-05-07 20:44:13 0 d-------- C:\Documents and Settings\All Users.P4\Application Data\BitTyrant 2008-05-07 20:43:55 0 d-------- C:\Program Files\BitTyrant 2008-05-06 13:52:45 0 d-------- C:\Documents and Settings\All Users.P4\Application Data\dvdcss 2008-05-04 20:57:28 0 d-------- C:\Program Files\xchat 2008-05-04 20:57:28 0 d-------- C:\Documents and Settings\All Users.P4\Application Data\X-Chat 2 2008-05-04 09:07:47 0 d-------- C:\Program Files\VideoLAN 2008-05-03 05:02:17 0 d-------- C:\Program Files\TheSage 2008-05-03 03:14:37 0 d-------- C:\Documents and Settings\All Users.P4\Application Data\FileZilla 2008-05-03 03:04:30 0 d-------- C:\Program Files\ClearEdit 2008-05-03 02:59:29 0 d-------- C:\Program Files\FileZilla FTP Client 2008-05-03 02:36:44 0 d-------- C:\Documents and Settings\All Users.P4\Application Data\Help 2008-05-03 02:30:40 0 d-------- C:\Program Files\IObit 2008-05-03 02:20:52 0 d-------- C:\Documents and Settings\All Users.P4\Application Data\Serif 2008-05-03 02:20:29 0 d-------- C:\Program Files\Serif 2008-05-03 02:14:25 0 d-------- C:\Documents and Settings\All Users.P4\Application Data\Mael 2008-05-03 02:14:11 0 d-------- C:\Program Files\HxD -- Find3M Report --------------------------------------------------------------- 2008-06-03 19:58:47 0 d-------- C:\Documents and Settings\All Users.P4\Application Data\uTorrent 2008-06-03 18:58:43 0 d-------- C:\Documents and Settings\All Users.P4\Application Data\AVG7 2008-06-02 23:40:54 0 d-------- C:\Documents and Settings\All Users.P4\Application Data\Skype 2008-05-29 16:04:25 0 d-------- C:\Documents and Settings\All Users.P4\Application Data\skypePM 2008-05-28 20:46:01 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-05-27 11:17:18 0 d-------- C:\Documents and Settings\All Users.P4\Application Data\Vso 2008-05-26 12:24:07 0 d-------- C:\Program Files\a-squared Free 2008-05-10 13:29:12 0 d-------- C:\Documents and Settings\All Users.P4\Application Data\X-NetStat 2008-05-08 23:40:36 0 d-------- C:\Documents and Settings\All Users.P4\Application Data\ArcSoft 2008-05-04 09:11:04 0 d-------- C:\Documents and Settings\All Users.P4\Application Data\vlc 2008-05-02 18:55:35 0 d-------- C:\Program Files\ArcSoft 2008-05-02 18:07:38 0 d-------- C:\Program Files\CCleaner 2008-05-02 17:10:03 0 d-------- C:\Program Files\ClipX 2008-05-02 12:28:32 0 d-------- C:\Documents and Settings\All Users.P4\Application Data\abelhadigital.com 2008-05-02 12:21:28 0 d-------- C:\Program Files\abelhadigital.com 2008-04-30 15:10:34 0 --a------ C:\Documents 2008-04-29 09:39:05 0 d-------- C:\Program Files\X-NetStat Professional 2008-04-22 17:12:52 0 d-------- C:\Documents and Settings\All Users.P4\Application Data\Media Player Classic 2008-04-20 21:34:02 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller 2008-04-20 21:11:50 0 d-------- C:\Program Files\Common Files 2008-04-20 21:11:45 0 d-------- C:\Program Files\Windows Live 2008-04-20 21:07:43 0 d-------- C:\Program Files\Canon 2008-04-20 01:57:18 0 d-------- C:\Program Files\Foxit Software 2008-04-19 17:34:39 0 d-------- C:\Documents and Settings\All Users.P4\Application Data\Sun 2008-04-19 16:10:13 0 d-------- C:\Program Files\Java 2008-04-19 16:07:24 0 d-------- C:\Program Files\Common Files\Java 2008-04-08 01:39:36 0 d-------- C:\Documents and Settings\All Users.P4\Application Data\Peachtree 2008-04-08 01:36:59 0 d-------- C:\Program Files\Common Files\Peach 2008-04-08 01:35:44 0 d-------- C:\Program Files\Crystal Decisions 2008-04-08 01:35:44 0 d-------- C:\Program Files\Common Files\Crystal Decisions 2008-04-08 01:33:55 0 d-------- C:\Program Files\Sage Software 2008-03-21 11:47:39 2541 --a------ C:\WINDOWS\unins000.dat 2008-03-21 11:43:53 691545 --a------ C:\WINDOWS\unins000.exe -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [20-Sep-05 10:35 AM] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [20-Sep-05 10:32 AM] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [20-Sep-05 10:36 AM] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [20-Apr-08 12:39 PM] "BOC-425"="C:\PROGRA~1\Comodo\CBOClean\BOC425.EXE" [26-Nov-07 10:38 AM] "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [30-Sep-03 12:14 AM] "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [21-Mar-06 01:19 PM] "ScriptSentry"="C:\Documents and Settings\All Users.P4\Desktop\Crusty\security programs\scriptsentry\ScriptSentry.exe" [04-Jul-02 08:44 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04-Aug-04 12:56 AM] "ProtoWall"="C:\Program Files\Dudez\ProtoWall\ProtoWall.exe" [27-Jan-05 06:55 AM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=0 (0x0) "HideStartupScripts"=0 (0x0) "DisableRegistryTools"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=0 (0x0) "HideStartupScripts"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "DisableRegistryTools"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe *Newly Created Service* - CATCHME *Newly Created Service* - PAGEDFRG -- Hosts ----------------------------------------------------------------------- 127.0.0.1 ad.a8.net 127.0.0.1 asy.a8ww.net 127.0.0.1 www.abx4.com #[Adware.ABXToolbar] 127.0.0.1 acezip.net #[SiteAdvisor.acezip.net] 127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions] 127.0.0.1 phpadsnew.abac.com 127.0.0.1 a.abnad.net 127.0.0.1 b.abnad.net 127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie] 127.0.0.1 d.abnad.net 92811 more entries in hosts file. -- End of Deckard's System Scanner: finished at 2008-06-03 23:42:04 ------------
Attached File(s)
|
 |
 
|
|
Jun 14 2008, 07:01 PM
Post
#2
|
|
 Forum Addict Group: HJT Team Posts: 1,487 Joined: 7-June 04 Member No.: 724 |
Welcome to Bleeping Computer, please be sure you have read and followed the
Preparation Guide For Use Before Posting A Hijackthis Log, Instructions for receiving help in cleaning your computer http://www.bleepingcomputer.com/forums/topic34773.html All advice given is taken at your own risk. I apologize for the wait, if your issues are not resolved, read the instructions posted above and then follow the directions below. If you no longer need help, I would appreciate a quick post letting me know so I can close your topic. I don't know exactly what your problem is? If you still have issues, post a new HijackThis log using Add Reply. Describe your issues in as much detail as possible and I will be glad to take a look. Thanks -------------------- MS-MVP Windows Security 2007-08
Proud Member ASAP UNITE Member 2006 |
|
|
|
|
Jun 15 2008, 10:40 AM
Post
#3
|
|
|
New Member Group: Members Posts: 8 Joined: 27-January 08 Member No.: 186,617 |
i would for you to comment on my file structure and anything of importance or useless. To make my computor bettter cause the other day everything mas well , but something kept turning of my avg and comodo. until i i cobofixed it
|
|
|
|
|
Jun 15 2008, 12:01 PM
Post
#4
|
|
|
Forum Addict Group: HJT Team Posts: 1,487 Joined: 7-June 04 Member No.: 724 |
If you want my help, please read and follow the directions I posted.
Thanks -------------------- MS-MVP Windows Security 2007-08
Proud Member ASAP UNITE Member 2006 |
|
|
|
|
Jun 23 2008, 03:56 PM
Post
#5
|
|
|
Forum Addict Group: HJT Team Posts: 1,487 Joined: 7-June 04 Member No.: 724 |
There has been no response to this topic in a week
This topic is closed Thanks...pskelley BleepingComputer -------------------- MS-MVP Windows Security 2007-08
Proud Member ASAP UNITE Member 2006 |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 8th November 2009 - 01:23 AM |
© 2003-2009 All Rights Reserved Bleeping Computer LLC.