Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ie Running Silently


  • This topic is locked This topic is locked
6 replies to this topic

#1 firebrand459

firebrand459

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 22 October 2007 - 05:17 PM

I'm totally lost right now. I have multiple instances of IE running silently on my system. They do appear in the task manager, but that's the only place I can see them. When terminated, they immediately reopen themselves. Between the 2 of them, they jump my cpu usage from roughly 10% up to 100%. In the quarter second interval between closing them and seeing them resurface, a couple of other .exes flicker on screen. A simple search traces them back to C:/WINDOWS/Prefetch. The files are FORKJO~1.EXE-33A5006A.pf and LOUDSU~1.EXE-36C6B05C.pf. Prior to running through your prep guide for posting here (excellently written and extremely helpful, by the way), I was getting ad popups from nowhere. Thankfully, those seem to have stopped, but IE continues to run and my system continues to move like a turtle crawling through jello. The sygate firewall you folks recommended tells me that IE is attempting to contact several different sites, with ayb.netbios-wait.com and ads.dns-look-up.com being the main ones. Any help would be much appreciated.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:14:12 PM, on 10/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Firebrand459\Desktop\downloaded software\firewall\sygate\smc.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Firebrand459\Desktop\downloaded software\medicine\adaware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\AOL\1128550330\ee\AOLSoftware.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Documents and Settings\Firebrand459\Desktop\downloaded software\medicine\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Documents and Settings\Firebrand459\Desktop\downloaded software\Trillian\trillian.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0\bin\jucheck.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Firebrand459\Desktop\downloaded software\medicine\HiJackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\FIREBR~1\Desktop\DOWNLO~1\medicine\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [rbenh ml710e] "C:\Program Files\RBEnhance\rbenh.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1128550330\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [file wave user bat] C:\Documents and Settings\All Users\Application Data\Mail For File Wave\Loud support.exe
O4 - HKLM\..\Run: [SmcService] C:\DOCUME~1\FIREBR~1\Desktop\DOWNLO~1\firewall\sygate\smc.exe -startgui
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Documents and Settings\Firebrand459\Desktop\downloaded software\medicine\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Startup: Trillian.lnk = C:\Documents and Settings\Firebrand459\Desktop\downloaded software\Trillian\trillian.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\DOCUME~1\FIREBR~1\Desktop\DOWNLO~1\medicine\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\DOCUME~1\FIREBR~1\Desktop\DOWNLO~1\medicine\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Documents and Settings\Firebrand459\Desktop\downloaded software\medicine\adaware\aawservice.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Documents and Settings\Firebrand459\Desktop\downloaded software\firewall\sygate\smc.exe

--
End of file - 5213 bytes

BC AdBot (Login to Remove)

 


m

#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:51 PM

Posted 23 October 2007 - 12:50 PM

Hello firebrand459,

Welcome to Bleeping Computer :thumbsup:

Uninstall the following via Add/Remove Programs, if present :

CiD Help
Download Plugin for Internet Explorer
Zone Media
Netpumper
Bitroll


In case, during the uninstall, when asked for the uninstall Verification, please enter the numbers that will appear in the window.

Then reboot. Important!

* Download Deljob.exe and save it to your desktop.
Doubleclick Deljob.exe.

A log, (logit.txt) should open afterwards. This log will be present on your desktop
Post the contents of the logfile in your next reply together with a new HijackThis log.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 firebrand459

firebrand459
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 23 October 2007 - 04:42 PM

Ok, got that done. CiD Help was the only one off the list that was present.

--------------------------------------------------------
No LOP jobs found
--------------------------------------------------------
Files remaining after cleaning

AppleSoftwareUpdate.job
--------------------------------------------------------
App data folders

Volume in drive C has no label.
Volume Serial Number is 3008-F1E7

Directory of C:\Documents and Settings\Firebrand459\Application Data

10/23/2007 04:26 PM <DIR> .
10/23/2007 04:26 PM <DIR> ..
07/28/2007 05:57 PM <DIR> Adobe
07/28/2007 06:04 PM <DIR> AdobeUM
10/23/2007 04:32 PM <DIR> Azureus
10/05/2005 04:44 PM <DIR> Gtek
12/20/2002 12:47 AM <DIR> IDENTI~1 Identities
07/27/2007 02:47 PM <DIR> MACROM~1 Macromedia
09/20/2007 05:59 PM <DIR> MEDIAP~1 Media Player Classic
07/18/2007 05:30 PM <DIR> MICROS~1 Microsoft
07/19/2007 01:26 PM <DIR> Mozilla
10/23/2007 04:34 PM <DIR> OPENOF~1.ORG OpenOffice.org2
07/19/2007 05:02 PM <DIR> Sun
07/19/2007 01:26 PM <DIR> Talkback
07/19/2007 01:26 PM <DIR> THUNDE~1 Thunderbird
08/29/2007 01:10 AM <DIR> WinRAR
0 File(s) 0 bytes
16 Dir(s) 2,306,486,272 bytes free
Volume in drive C has no label.
Volume Serial Number is 3008-F1E7

Directory of C:\Documents and Settings\All Users\Application Data

10/22/2007 11:43 AM <DIR> .
10/22/2007 11:43 AM <DIR> ..
07/28/2007 06:06 PM <DIR> Adobe
03/26/2007 06:57 PM <DIR> AOL
01/09/2006 02:18 PM <DIR> AOLDOW~1 AOL Downloads
07/31/2007 10:07 AM <DIR> Apple
07/31/2007 10:07 AM <DIR> APPLEC~1 Apple Computer
12/20/2002 01:20 AM <DIR> BVRPSO~1 BVRP Software
10/05/2005 05:08 PM <DIR> Dell
10/07/2005 06:52 PM <DIR> GTek
10/22/2007 11:43 AM <DIR> Lavasoft
10/23/2007 04:24 PM <DIR> MAILFO~1 Mail For File Wave
04/19/2006 01:04 PM <DIR> McAfee.com
01/08/2006 10:18 AM <DIR> MICROS~1 Microsoft
03/01/2003 02:26 PM <DIR> MSN6
10/05/2005 05:13 PM <DIR> PURENE~1 Pure Networks
09/21/2003 10:15 AM <DIR> QUICKT~1 QuickTime
12/20/2002 01:17 AM <DIR> SBSI
10/20/2007 04:33 PM <DIR> SPYBOT~1 Spybot - Search & Destroy
07/18/2007 04:12 PM <DIR> Support.com
03/26/2007 07:02 PM <DIR> VIEWPO~1 Viewpoint
09/13/2007 09:23 PM <DIR> WINDOW~1 Windows Genuine Advantage
0 File(s) 0 bytes
22 Dir(s) 2,306,486,272 bytes free
--------------------------------------------------------



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:39:32 PM, on 10/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Firebrand459\Desktop\downloaded software\firewall\sygate\smc.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Firebrand459\Desktop\downloaded software\medicine\adaware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\AOL\1128550330\ee\AOLSoftware.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Documents and Settings\Firebrand459\Desktop\downloaded software\medicine\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Documents and Settings\Firebrand459\Desktop\downloaded software\Trillian\trillian.exe
c:\program files\common files\aol\1128550330\ee\aolsoftware.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Firebrand459\Desktop\downloaded software\medicine\HiJackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\FIREBR~1\Desktop\DOWNLO~1\medicine\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [rbenh ml710e] "C:\Program Files\RBEnhance\rbenh.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1128550330\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SmcService] C:\DOCUME~1\FIREBR~1\Desktop\DOWNLO~1\firewall\sygate\smc.exe -startgui
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Documents and Settings\Firebrand459\Desktop\downloaded software\medicine\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Startup: Trillian.lnk = C:\Documents and Settings\Firebrand459\Desktop\downloaded software\Trillian\trillian.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\DOCUME~1\FIREBR~1\Desktop\DOWNLO~1\medicine\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\DOCUME~1\FIREBR~1\Desktop\DOWNLO~1\medicine\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Documents and Settings\Firebrand459\Desktop\downloaded software\medicine\adaware\aawservice.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Documents and Settings\Firebrand459\Desktop\downloaded software\firewall\sygate\smc.exe

--
End of file - 5021 bytes

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:51 PM

Posted 23 October 2007 - 07:55 PM

Hello,

I notice that you do not seem to be running Antivirus software. This is somewhat suicidal in today's digital world. That's why I want you to install one!!

AVG, Avira OR Avast are good FREE antivirus.
Never install more than one antivirus scanner or firewall on your system! Several together can give you problems and decrease the reliability of it seriously!

Please run a full system scan with the one you chose to install and let it clean what it finds. In your reply, let me know how it's running now and post a new HijackThis log.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 firebrand459

firebrand459
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 25 October 2007 - 06:59 AM

The IE windows seem to have disappeared, and avast is now installed and running. I just recently inherited this pc and I hadn't installed the antivirus yet. Thanks for the suggestions. I'm experienced enough to know I should have one, but not experienced enough to know which ones are good, much less how to fix the problems I inherited along with the computer. Personally I would have just gone with a format, but the guy I got the machine from neglected to give me any sort of restore disk, and so I turn to the experts. Thanks for all the help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:51:05 AM, on 10/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Firebrand459\Desktop\downloaded software\firewall\sygate\smc.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Firebrand459\Desktop\downloaded software\medicine\adaware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\AOL\1128550330\ee\AOLSoftware.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Documents and Settings\Firebrand459\Desktop\downloaded software\medicine\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Documents and Settings\Firebrand459\Desktop\downloaded software\Trillian\trillian.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
c:\program files\common files\aol\1128550330\ee\aolsoftware.exe
C:\Program Files\Java\jre1.6.0\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Firebrand459\Desktop\downloaded software\medicine\HiJackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\FIREBR~1\Desktop\DOWNLO~1\medicine\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [rbenh ml710e] "C:\Program Files\RBEnhance\rbenh.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1128550330\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SmcService] C:\DOCUME~1\FIREBR~1\Desktop\DOWNLO~1\firewall\sygate\smc.exe -startgui
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Documents and Settings\Firebrand459\Desktop\downloaded software\medicine\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Startup: Trillian.lnk = C:\Documents and Settings\Firebrand459\Desktop\downloaded software\Trillian\trillian.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\DOCUME~1\FIREBR~1\Desktop\DOWNLO~1\medicine\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\DOCUME~1\FIREBR~1\Desktop\DOWNLO~1\medicine\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Documents and Settings\Firebrand459\Desktop\downloaded software\medicine\adaware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Documents and Settings\Firebrand459\Desktop\downloaded software\firewall\sygate\smc.exe

--
End of file - 5781 bytes

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:51 PM

Posted 25 October 2007 - 10:10 AM

Hello,

No worries. ;) Your log looks pretty good now. I do have a question. You have this running : O4 - HKLM\..\Run: [rbenh ml710e] "C:\Program Files\RBEnhance\rbenh.exe" This is Rapid Blaster :

General Info: RapidBlaster runs as a task at Windows startup. It downloads advertising from the Internet and displays it periodically.

http://www.wilderssecurity.net/specialinfo/rapidblaster.html

This is an old article, but I still would worry a bit about running it. If you didn't put it there the run HijackThis and put a check next to that entry, fix checked, then delete the folder C:\Program Files\RBEnhance. Reboot. If it doesn't go away you should disable TeaTimer long enough to fix it, then reenable TeaTimer. It tends to get in the way when you try to fix much anything. ;)

Let me know how you come out. :thumbsup:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:51 PM

Posted 05 November 2007 - 04:00 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users