Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help With Hijackthis Log


  • Please log in to reply
2 replies to this topic

#1 Aliyea

Aliyea

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:41 PM

Posted 27 June 2008 - 09:55 PM

norton first found vundrop, someone suggested avast ran it it found 20 more. ran malwarebytes each time i run it it finds atleast one regestry key. ran vundofix found nothing VirtumundoBeGone found nothing. ran ATF cleaner and SUPERAntiSpyware in safe mode found nothing. Yet im still getting popups through IE
Here is the log


Deckard's System Scanner v20071014.68
Run by Nissa Skinner on 2008-06-27 21:45:50
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 510 MiB (512 MiB recommended).


-- HijackThis (run as Nissa Skinner.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:46:18 PM, on 6/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Nissa Skinner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Nissa Skinner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: {8da3f7e1-2d7b-d87a-a3c4-a26df33a50f0} - {0f05a33f-d62a-4c3a-a78d-b7d21e7f3ad8} - C:\WINDOWS\system32\sluaxlya.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=21871
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: byXqRLCt - byXqRLCt.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 5690 bytes

-- Files created between 2008-05-27 and 2008-06-27 -----------------------------

2008-06-27 21:46:00 0 d-------- C:\Program Files\Trend Micro
2008-06-27 10:26:16 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-27 10:26:05 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-27 10:26:05 0 d-------- C:\Documents and Settings\Nissa Skinner\Application Data\SUPERAntiSpyware.com
2008-06-26 20:25:53 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-06-26 20:25:53 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-06-26 20:25:53 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-06-26 20:25:53 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-06-26 20:25:53 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-06-26 20:25:53 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-06-26 20:25:53 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-06-26 20:25:53 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-06-26 20:25:53 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-06-26 20:25:53 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-06-26 20:25:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-06-26 20:25:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-06-26 20:25:53 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-26 20:25:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2008-06-26 20:25:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-06-26 20:25:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-06-26 20:25:53 0 d-------- C:\Documents and Settings\Administrator\.java
2008-06-26 20:25:52 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-06-26 20:25:52 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-06-26 20:25:52 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-06-26 20:25:51 1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-25 22:08:58 0 d-------- C:\VundoFix Backups
2008-06-25 16:59:23 0 d-------- C:\Documents and Settings\Nissa Skinner\Application Data\Malwarebytes
2008-06-25 16:59:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-25 16:59:06 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-25 13:01:21 0 d-------- C:\Program Files\Alwil Software
2008-06-25 12:25:33 81920 --a------ C:\WINDOWS\system32\xetkmsiq.dll
2008-06-25 12:25:26 106496 --a------ C:\WINDOWS\system32\sluaxlya.dll
2008-06-25 12:25:16 91136 --a------ C:\WINDOWS\system32\uxvqeece.dll
2008-06-25 07:31:00 0 d-------- C:\Program Files\Lavasoft
2008-06-25 07:30:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-25 07:29:43 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-24 11:12:38 99840 --a------ C:\WINDOWS\system32\qvnlndjs.dll
2008-06-23 20:42:45 0 d-------- C:\WINDOWS\pss
2008-06-23 20:12:59 0 d-------- C:\Program Files\Common Files\Ulead Systems
2008-06-23 19:44:41 0 d-------- C:\WINDOWS\Downloaded Installations
2008-06-23 19:17:51 0 d-------- C:\Program Files\Corel
2008-06-23 11:18:32 0 d-------- C:\Program Files\Conduit
2008-06-22 14:54:25 0 d-------- C:\Documents and Settings\Nissa Skinner\Application Data\LimeWire
2008-06-22 14:00:25 0 d-------- C:\Documents and Settings\Nissa Skinner\Application Data\Yahoo!
2008-06-22 12:26:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-06-22 12:24:53 0 d-------- C:\Program Files\Yahoo!
2008-06-20 01:37:54 0 d--hs---- C:\Documents and Settings\Nissa Skinner\UserData
2008-06-20 01:01:57 0 d-------- C:\Documents and Settings\Nissa Skinner\Application Data\Ulead Systems
2008-06-19 19:34:49 0 d-------- C:\WINDOWS\Sun
2008-06-19 19:34:49 0 d-------- C:\Documents and Settings\Nissa Skinner\Application Data\Sun
2008-06-19 19:33:14 0 d-------- C:\Program Files\Java
2008-06-19 19:22:36 0 d-------- C:\Program Files\Common Files\Java
2008-06-19 19:13:44 0 d-------- C:\Program Files\LimeWire
2008-06-19 18:39:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-06-19 18:27:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Macromedia
2008-06-19 18:21:11 0 d-------- C:\Program Files\Common Files\Macromedia
2008-06-19 18:18:43 0 d-------- C:\Program Files\Macromedia
2008-06-19 12:44:29 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-06-19 12:43:20 0 d-------- C:\WINDOWS\Prefetch
2008-06-19 11:34:13 0 d-------- C:\WINDOWS\peernet
2008-06-19 11:34:11 0 d-------- C:\WINDOWS\provisioning
2008-06-19 11:29:48 0 d-------- C:\WINDOWS\ServicePackFiles
2008-06-19 11:20:02 0 d-------- C:\WINDOWS\EHome
2008-06-19 09:33:00 46352 --a------ C:\WINDOWS\setdebug.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-06-19 09:32:59 171280 --a------ C:\WINDOWS\system32\jit.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-06-19 09:32:59 139536 --a------ C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-06-19 09:32:58 6550 --a------ C:\WINDOWS\jautoexp.dat
2008-06-19 09:32:57 313856 --a------ C:\WINDOWS\system32\dx3j.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Java>
2008-06-19 09:32:48 113 --a------ C:\WINDOWS\system32\zonedon.reg
2008-06-19 09:32:47 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2008-06-19 09:32:46 171792 --a------ C:\WINDOWS\system32\wjview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-06-19 09:32:45 286992 --a------ C:\WINDOWS\system32\vmhelper.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-06-19 09:32:45 21264 --a------ C:\WINDOWS\system32\msjdbc10.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-06-19 09:32:42 947472 --a------ C:\WINDOWS\system32\msjava.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-06-19 09:32:42 154384 --a------ C:\WINDOWS\system32\msawt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-06-19 09:32:41 172304 --a------ C:\WINDOWS\system32\jview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-06-19 09:32:40 15120 --a------ C:\WINDOWS\system32\jdbgmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-06-19 09:32:39 404752 --a------ C:\WINDOWS\system32\javart.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-06-19 09:32:38 63248 --a------ C:\WINDOWS\system32\javaprxy.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-06-19 09:32:38 187152 --a------ C:\WINDOWS\system32\javacypt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-06-19 09:32:37 49424 --a------ C:\WINDOWS\system32\clspack.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-06-19 07:23:20 0 d-------- C:\Documents and Settings\Nissa Skinner\Application Data\Help
2008-06-19 07:20:41 0 d-------- C:\WINDOWS\system32\bits
2008-06-19 07:19:46 0 d-------- C:\WINDOWS\system32\PreInstall
2008-06-19 03:11:30 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-06-19 03:10:04 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-06-19 01:20:50 0 d-------- C:\Program Files\Realtek Sound Manager
2008-06-19 01:20:38 40960 --a------ C:\WINDOWS\system32\ChCfg.exe
2008-06-19 01:20:32 192512 -----n--- C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-06-19 01:20:23 0 d-------- C:\cabs
2008-06-19 01:16:54 0 d--h----- C:\WINDOWS\$hf_mig$
2008-06-19 01:12:54 0 d-------- C:\Documents and Settings\Nissa Skinner\Application Data\Macromedia
2008-06-18 22:05:05 0 d-------- C:\Program Files\DeadlyDesire
2008-06-18 22:00:07 0 dr------- C:\Documents and Settings\Nissa Skinner\Favorites
2008-06-18 22:00:07 0 d-------- C:\Documents and Settings\Nissa Skinner\Desktop
2008-06-18 22:00:07 0 d--hs---- C:\Documents and Settings\Nissa Skinner\Cookies
2008-06-18 22:00:07 0 d--h----- C:\Documents and Settings\Nissa Skinner\Application Data
2008-06-18 22:00:07 0 d-------- C:\Documents and Settings\Nissa Skinner\Application Data\Symantec
2008-06-18 22:00:07 0 d-------- C:\Documents and Settings\Nissa Skinner\Application Data\Mozilla
2008-06-18 22:00:07 0 d-------- C:\Documents and Settings\Nissa Skinner\Application Data\InterTrust
2008-06-18 22:00:07 0 d-------- C:\Documents and Settings\Nissa Skinner\Application Data\Identities
2008-06-18 22:00:07 0 d-------- C:\Documents and Settings\Nissa Skinner\Application Data\Adobe
2008-06-18 22:00:07 0 d-------- C:\Documents and Settings\Nissa Skinner\.java
2008-06-18 22:00:06 0 d-------- C:\Documents and Settings\Nissa Skinner\WINDOWS
2008-06-18 22:00:06 0 d--h----- C:\Documents and Settings\Nissa Skinner\Templates
2008-06-18 22:00:06 0 dr------- C:\Documents and Settings\Nissa Skinner\Start Menu
2008-06-18 22:00:06 0 dr-h----- C:\Documents and Settings\Nissa Skinner\SendTo
2008-06-18 22:00:06 0 dr-h----- C:\Documents and Settings\Nissa Skinner\Recent
2008-06-18 22:00:06 0 d--h----- C:\Documents and Settings\Nissa Skinner\PrintHood
2008-06-18 22:00:06 2359296 --ah----- C:\Documents and Settings\Nissa Skinner\NTUSER.DAT
2008-06-18 22:00:06 0 d--h----- C:\Documents and Settings\Nissa Skinner\NetHood
2008-06-18 22:00:06 0 dr------- C:\Documents and Settings\Nissa Skinner\My Documents
2008-06-18 22:00:06 0 d--h----- C:\Documents and Settings\Nissa Skinner\Local Settings
2008-06-18 21:59:52 262144 --a------ C:\Documents and Settings\All Users\NTUSER.DAT
2008-06-18 21:59:11 0 d-------- C:\Documents and Settings\Default User\.java
2008-06-18 21:59:10 0 d-------- C:\Documents and Settings\Default User\WINDOWS
2008-06-18 21:59:10 0 d-------- C:\Documents and Settings\Default User\Application Data\Symantec
2008-06-18 21:59:10 0 d-------- C:\Documents and Settings\Default User\Application Data\Mozilla
2008-06-18 21:59:10 0 d-------- C:\Documents and Settings\Default User\Application Data\InterTrust
2008-06-18 21:59:10 0 d-------- C:\Documents and Settings\Default User\Application Data\Adobe
2008-06-18 21:59:09 0 d-------- C:\Program Files\Program Shortcuts


-- Find3M Report ---------------------------------------------------------------

2008-06-27 17:11:57 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-25 07:29:43 0 d-------- C:\Program Files\Common Files
2008-06-23 20:20:27 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-21 10:33:07 0 d-------- C:\Program Files\BigFix
2008-06-21 10:31:30 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-20 02:03:11 0 d-------- C:\Program Files\Messenger
2008-06-19 13:44:45 0 d-------- C:\Program Files\Norton AntiVirus
2008-06-19 11:34:15 0 d-------- C:\Program Files\Movie Maker
2008-06-19 11:29:16 0 d-------- C:\Program Files\Windows NT
2008-06-19 08:57:48 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-19 03:10:03 0 d--h----- C:\Program Files\WindowsUpdate
2008-06-19 01:20:46 0 d-------- C:\Program Files\AvRack


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0f05a33f-d62a-4c3a-a78d-b7d21e7f3ad8}]
06/25/2008 12:25 PM 106496 --a------ C:\WINDOWS\system32\sluaxlya.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [08/20/2002 01:22 AM]
"ccRegVfy"="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [08/20/2002 01:23 AM]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [10/16/2002 02:18 AM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [10/16/2002 02:05 AM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/15/2008 06:19 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 05:43 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXqRLCt]
byXqRLCt.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
mHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet




-- End of Deckard's System Scanner: finished at 2008-06-27 21:47:32 ------------

BC AdBot (Login to Remove)

 


#2 Aliyea

Aliyea
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:41 PM

Posted 28 June 2008 - 01:59 AM

if it helps each time i have ran malwarebytes it has deleted the same thing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

#3 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:41 PM

Posted 20 July 2008 - 03:40 PM

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please post a brand new HijackThis log, along with a description of any problems you are experiencing. If we do not hear back from you within a couple of days we will need to close your topic.

When posting your logs please post them directly into the reply. Do not attach them.

Thank you for your patience.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users