Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Deckard File


  • This topic is locked This topic is locked
4 replies to this topic

#1 agallas

agallas

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 03 June 2008 - 10:58 PM

I have an xp and had some trouble with avg and bo clean being turned off by a foreign source and an 017 double ip sending, slow computor
i used combofix cause highjack this didnt fix it, please recommend any changed including ola program removal.
i uploaded addi. the hjack log, please fix 017, keeps coming back.
another questions is avg keeps telling me my hostfile had been changed, and why does kaspersky reconise my hostman files as bad ad clicker???

Deckard's System Scanner v20071014.68
Run by All Users on 2008-06-03 23:38:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
5: 2008-06-04 03:38:26 UTC - RP24 - Deckard's System Scanner Restore Point
4: 2008-06-04 03:31:40 UTC - RP23 - ComboFix created restore point
3: 2008-06-03 04:23:46 UTC - RP22 - System Checkpoint
2: 2008-06-01 19:26:19 UTC - RP21 - System Checkpoint
1: 2008-05-31 14:42:40 UTC - RP20 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as All Users.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:41:27 PM, on 03-Jun-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\All Users.P4\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\All Users.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BOC-425] C:\PROGRA~1\Comodo\CBOClean\BOC425.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [ScriptSentry] C:\Documents and Settings\All Users.P4\Desktop\Crusty\security programs\scriptsentry\ScriptSentry.exe /check
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ProtoWall] C:\Program Files\Dudez\ProtoWall\ProtoWall.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD40/JSCDL/jre/6u...ows-i586-jc.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A59CCAA7-5A5A-40DD-A398-4DA1E0A558FB}: NameServer = 209.88.128.25 209.88.128.26
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 7409 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080328-203652-293 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20080504-080721-259 F3 - REG:win.ini: run=
backup-20080504-080721-342 F3 - REG:win.ini: load=
backup-20080529-161615-601 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20080529-161738-381 O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - http://www.mks.com.pl/skaner/SkanerOnline.cab
backup-20080529-161739-555 O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-0e3ff905faf83cd4.spaces.live.co...ad/MsnPUpld.cab
backup-20080529-161852-428 O17 - HKLM\System\CCS\Services\Tcpip\..\{A59CCAA7-5A5A-40DD-A398-4DA1E0A558FB}: NameServer = 209.88.128.25 209.88.128.26

-- File Associations -----------------------------------------------------------

.js - JSFile - shell\open\command - C:\Documents and Settings\All Users.P4\Desktop\Crusty\security programs\scriptsentry\ScriptSentry.exe "%1" %*
.txt - txtfile - shell\open\command - C:\WINDOWS\NOTEPAD.EXE %1
.vbs - VBSFile - shell\open\command - C:\Documents and Settings\All Users.P4\Desktop\Crusty\security programs\scriptsentry\ScriptSentry.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 BUFADPT - c:\windows\system32\bufadpt.sys <Not Verified; BUFFALO INC.; BUFFALO Wireless LAN>
R1 ISODrive (ISO DVD/CD-ROM Device Driver) - c:\program files\ultraiso\drivers\isodrive.sys <Not Verified; EZB Systems, Inc.; ISODrive>
R1 sf (SFI Service) - c:\windows\system32\drivers\sf.sys <Not Verified; Sonic Focus, Inc; Sonic Focus DSP service driver>
R3 aeaudio - c:\windows\system32\drivers\aeaudio.sys <Not Verified; Andrea Electronics Corporation; Andrea Audio Driver>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 smwdm - c:\windows\system32\drivers\smwdm.sys <Not Verified; Analog Devices, Inc.; SoundMAX Digital Audio Driver>

S1 sdpiosys - c:\windows\system32\drivers\sdpiosys.sys (file missing)
S2 {95808DC4-FA4A-4C74-92FE-5B863F82066B} - c:\program files\cyberlink\powerdvd\000.fcl (file missing)
S3 MS1000 - c:\windows\system32\drivers\ms1000.sys
S3 ProtoWall (ProtoWall Network Service) - c:\windows\system32\drivers\protowall.sys (file missing)
S3 U2G300N5 (BUFFALO WLI-U2-G144N Wireless LAN Driver for Windows XP) - c:\windows\system32\drivers\u2g300n5.sys <Not Verified; Marvell Semiconductor, Inc; Device driver for Marvell 802.11n NIC>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S4 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S4 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-03 20:00:41 392 --a------ C:\WINDOWS\Tasks\SmartDefrag.job


-- Files created between 2008-05-03 and 2008-06-03 -----------------------------

2008-06-03 23:31:16 68096 --a------ C:\WINDOWS\zip.exe
2008-06-03 23:31:16 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-03 23:31:16 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-03 23:31:16 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-03 23:31:16 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-03 23:31:16 98816 --a------ C:\WINDOWS\sed.exe
2008-06-03 23:31:16 80412 --a------ C:\WINDOWS\grep.exe
2008-06-03 23:31:16 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-03 23:17:18 25992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe <Not Verified; Sysinternals - www.sysinternals.com; Page File Defragmenter>
2008-06-03 22:43:09 0 dr-h----- C:\Documents and Settings\All Users.P4\Recent
2008-06-03 22:26:29 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-06-03 20:03:58 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-06-03 20:03:58 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-06-03 20:03:58 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-06-03 20:03:58 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-06-03 20:03:58 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-06-03 20:03:58 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-06-03 20:03:58 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-06-03 20:03:58 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-06-03 20:03:58 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-06-03 20:03:58 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-06-03 20:03:58 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-03 20:03:57 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-06-03 20:03:57 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-06-03 20:03:57 2097152 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-05-28 14:51:13 0 dr-h----- C:\$VAULT$.AVG
2008-05-28 09:18:28 0 d-------- C:\Program Files\Rufus
2008-05-27 15:41:46 0 d-------- C:\WINDOWS\system32\ipp20
2008-05-11 03:30:47 0 d-------- C:\Program Files\Pyrenean
2008-05-11 00:00:47 0 d-------- C:\Documents and Settings\All Users.P4\Application Data\Wireshark
2008-05-10 23:57:51 0 d-------- C:\Program Files\WinPcap
2008-05-10 23:57:31 0 d-------- C:\Program Files\Wireshark
2008-05-09 22:17:06 0 d-------- C:\Documents and Settings\All Users.P4\Application Data\Arctic
2008-05-09 20:48:11 230400 --a------ C:\Program Files\NRPG-RatioMaster.exe <Not Verified; NRPG; NRPG RatioMaster>
2008-05-09 19:47:58 0 d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2008-05-09 19:26:45 0 d-------- C:\Program Files\SlySoft
2008-05-09 18:00:36 0 d-------- C:\CloneDVDTemp
2008-05-09 17:45:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
2008-05-09 17:12:54 0 d-------- C:\Program Files\Elaborate Bytes
2008-05-09 17:10:46 0 d-------- C:\Program Files\Combined Community Codec Pack
2008-05-09 01:53:47 0 d-------- C:\Program Files\Dudez
2008-05-08 17:01:48 0 d-------- C:\Program Files\MediaInfo
2008-05-07 20:44:13 0 d-------- C:\Documents and Settings\All Users.P4\Application Data\BitTyrant
2008-05-07 20:43:55 0 d-------- C:\Program Files\BitTyrant
2008-05-06 13:52:45 0 d-------- C:\Documents and Settings\All Users.P4\Application Data\dvdcss
2008-05-04 20:57:28 0 d-------- C:\Program Files\xchat
2008-05-04 20:57:28 0 d-------- C:\Documents and Settings\All Users.P4\Application Data\X-Chat 2
2008-05-04 09:07:47 0 d-------- C:\Program Files\VideoLAN
2008-05-03 05:02:17 0 d-------- C:\Program Files\TheSage
2008-05-03 03:14:37 0 d-------- C:\Documents and Settings\All Users.P4\Application Data\FileZilla
2008-05-03 03:04:30 0 d-------- C:\Program Files\ClearEdit
2008-05-03 02:59:29 0 d-------- C:\Program Files\FileZilla FTP Client
2008-05-03 02:36:44 0 d-------- C:\Documents and Settings\All Users.P4\Application Data\Help
2008-05-03 02:30:40 0 d-------- C:\Program Files\IObit
2008-05-03 02:20:52 0 d-------- C:\Documents and Settings\All Users.P4\Application Data\Serif
2008-05-03 02:20:29 0 d-------- C:\Program Files\Serif
2008-05-03 02:14:25 0 d-------- C:\Documents and Settings\All Users.P4\Application Data\Mael
2008-05-03 02:14:11 0 d-------- C:\Program Files\HxD


-- Find3M Report ---------------------------------------------------------------

2008-06-03 19:58:47 0 d-------- C:\Documents and Settings\All Users.P4\Application Data\uTorrent
2008-06-03 18:58:43 0 d-------- C:\Documents and Settings\All Users.P4\Application Data\AVG7
2008-06-02 23:40:54 0 d-------- C:\Documents and Settings\All Users.P4\Application Data\Skype
2008-05-29 16:04:25 0 d-------- C:\Documents and Settings\All Users.P4\Application Data\skypePM
2008-05-28 20:46:01 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-27 11:17:18 0 d-------- C:\Documents and Settings\All Users.P4\Application Data\Vso
2008-05-26 12:24:07 0 d-------- C:\Program Files\a-squared Free
2008-05-10 13:29:12 0 d-------- C:\Documents and Settings\All Users.P4\Application Data\X-NetStat
2008-05-08 23:40:36 0 d-------- C:\Documents and Settings\All Users.P4\Application Data\ArcSoft
2008-05-04 09:11:04 0 d-------- C:\Documents and Settings\All Users.P4\Application Data\vlc
2008-05-02 18:55:35 0 d-------- C:\Program Files\ArcSoft
2008-05-02 18:07:38 0 d-------- C:\Program Files\CCleaner
2008-05-02 17:10:03 0 d-------- C:\Program Files\ClipX
2008-05-02 12:28:32 0 d-------- C:\Documents and Settings\All Users.P4\Application Data\abelhadigital.com
2008-05-02 12:21:28 0 d-------- C:\Program Files\abelhadigital.com
2008-04-30 15:10:34 0 --a------ C:\Documents
2008-04-29 09:39:05 0 d-------- C:\Program Files\X-NetStat Professional
2008-04-22 17:12:52 0 d-------- C:\Documents and Settings\All Users.P4\Application Data\Media Player Classic
2008-04-20 21:34:02 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-20 21:11:50 0 d-------- C:\Program Files\Common Files
2008-04-20 21:11:45 0 d-------- C:\Program Files\Windows Live
2008-04-20 21:07:43 0 d-------- C:\Program Files\Canon
2008-04-20 01:57:18 0 d-------- C:\Program Files\Foxit Software
2008-04-19 17:34:39 0 d-------- C:\Documents and Settings\All Users.P4\Application Data\Sun
2008-04-19 16:10:13 0 d-------- C:\Program Files\Java
2008-04-19 16:07:24 0 d-------- C:\Program Files\Common Files\Java
2008-04-08 01:39:36 0 d-------- C:\Documents and Settings\All Users.P4\Application Data\Peachtree
2008-04-08 01:36:59 0 d-------- C:\Program Files\Common Files\Peach
2008-04-08 01:35:44 0 d-------- C:\Program Files\Crystal Decisions
2008-04-08 01:35:44 0 d-------- C:\Program Files\Common Files\Crystal Decisions
2008-04-08 01:33:55 0 d-------- C:\Program Files\Sage Software
2008-03-21 11:47:39 2541 --a------ C:\WINDOWS\unins000.dat
2008-03-21 11:43:53 691545 --a------ C:\WINDOWS\unins000.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [20-Sep-05 10:35 AM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [20-Sep-05 10:32 AM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [20-Sep-05 10:36 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [20-Apr-08 12:39 PM]
"BOC-425"="C:\PROGRA~1\Comodo\CBOClean\BOC425.EXE" [26-Nov-07 10:38 AM]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [30-Sep-03 12:14 AM]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [21-Mar-06 01:19 PM]
"ScriptSentry"="C:\Documents and Settings\All Users.P4\Desktop\Crusty\security programs\scriptsentry\ScriptSentry.exe" [04-Jul-02 08:44 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04-Aug-04 12:56 AM]
"ProtoWall"="C:\Program Files\Dudez\ProtoWall\ProtoWall.exe" [27-Jan-05 06:55 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PAGEDFRG



-- Hosts -----------------------------------------------------------------------

127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 www.abx4.com #[Adware.ABXToolbar]
127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
127.0.0.1 phpadsnew.abac.com
127.0.0.1 a.abnad.net
127.0.0.1 b.abnad.net
127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]
127.0.0.1 d.abnad.net

92811 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-06-03 23:42:04 ------------

Attached Files



BC AdBot (Login to Remove)

 


m

#2 pskelley

pskelley

  • Staff Emeritus
  • 1,487 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 14 June 2008 - 07:01 PM

Welcome to Bleeping Computer, please be sure you have read and followed the
Preparation Guide For Use Before Posting A Hijackthis Log, Instructions for receiving help in cleaning your computer http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
All advice given is taken at your own risk.

I apologize for the wait, if your issues are not resolved, read the instructions posted above and then follow the directions below. If you no longer need help, I would appreciate a quick post letting me know so I can close your topic.

I don't know exactly what your problem is? If you still have issues, post a new HijackThis log using Add Reply. Describe your issues in as much detail as possible and I will be glad to take a look.

Thanks
MS-MVP Windows Security 2007-08
Proud Member ASAP
UNITE Member 2006

#3 agallas

agallas
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 15 June 2008 - 10:40 AM

i would for you to comment on my file structure and anything of importance or useless. To make my computor bettter cause the other day everything mas well , but something kept turning of my avg and comodo. until i i cobofixed it

#4 pskelley

pskelley

  • Staff Emeritus
  • 1,487 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 15 June 2008 - 12:01 PM

If you want my help, please read and follow the directions I posted.

Thanks
MS-MVP Windows Security 2007-08
Proud Member ASAP
UNITE Member 2006

#5 pskelley

pskelley

  • Staff Emeritus
  • 1,487 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 23 June 2008 - 03:56 PM

There has been no response to this topic in a week
This topic is closed
Thanks...pskelley
BleepingComputer
MS-MVP Windows Security 2007-08
Proud Member ASAP
UNITE Member 2006




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users