Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser hijack? please help


  • This topic is locked This topic is locked
2 replies to this topic

#1 fructose

fructose

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 08 January 2009 - 03:43 PM

Hello,

A few days ago i noticed that my firefox searches were being redirected by "ecata.info" and i end up on various random advertisement websites. I have scanned with adaware and awaiting to use combofix with your advice, here are some logs, hope you an help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:33:02, on 2009-01-08
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\windows\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\windows\Explorer.EXE
C:\windows\system32\CTHELPER.EXE
C:\windows\system32\CTXFIHLP.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdydx.exe] C:\WINDOWS\system32\kdydx.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1211824054562
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: WMP54GSSVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe

--
End of file - 8382 bytes


_______________________________________

Lavasoft Ad-aware Personal Build 6.181
Logfile created on :2009-01-08 4:40:20 PM
Created with Ad-aware Personal, free for private use.
Using reference-file :01R298 20.04.2004
______________________________________________________

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry


2009-01-08 4:40:20 PM - Scan started. (Smart mode)

Listing running processes
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 2009-01-08 7:44:36 PM
BasePriority : Normal


#:2 [winlogon.exe]
FilePath : \??\C:\windows\system32\
ThreadCreationTime : 2009-01-08 7:44:39 PM
BasePriority : High


#:3 [services.exe]
FilePath : C:\windows\system32\
ThreadCreationTime : 2009-01-08 7:44:39 PM
BasePriority : Normal
FileSize : 106 KB
FileVersion : 5.1.2600.5512 (xpsp.080413-2111)
ProductVersion : 5.1.2600.5512
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Microsoft
Created on : 2006-02-28 12:00:00 PM
Last accessed : 2009-01-08 7:44:28 PM
Last modified : 2008-04-14 12:12:34 AM

#:4 [lsass.exe]
FilePath : C:\windows\system32\
ThreadCreationTime : 2009-01-08 7:44:39 PM
BasePriority : Normal
FileSize : 13 KB
FileVersion : 5.1.2600.5512 (xpsp.080413-2113)
ProductVersion : 5.1.2600.5512
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft
Created on : 2006-02-28 12:00:00 PM
Last accessed : 2009-01-08 7:44:28 PM
Last modified : 2008-04-14 12:12:24 AM

#:5 [svchost.exe]
FilePath : C:\windows\system32\
ThreadCreationTime : 2009-01-08 7:44:40 PM
BasePriority : Normal
FileSize : 14 KB
FileVersion : 5.1.2600.5512 (xpsp.080413-2111)
ProductVersion : 5.1.2600.5512
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 2006-02-28 12:00:00 PM
Last accessed : 2009-01-08 7:44:28 PM
Last modified : 2008-04-14 12:12:36 AM

#:6 [svchost.exe]
FilePath : C:\windows\System32\
ThreadCreationTime : 2009-01-08 7:44:40 PM
BasePriority : Normal
FileSize : 14 KB
FileVersion : 5.1.2600.5512 (xpsp.080413-2111)
ProductVersion : 5.1.2600.5512
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 2006-02-28 12:00:00 PM
Last accessed : 2009-01-08 7:44:28 PM
Last modified : 2008-04-14 12:12:36 AM

#:7 [svchost.exe]
FilePath : C:\windows\system32\
ThreadCreationTime : 2009-01-08 7:44:40 PM
BasePriority : Normal
FileSize : 14 KB
FileVersion : 5.1.2600.5512 (xpsp.080413-2111)
ProductVersion : 5.1.2600.5512
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 2006-02-28 12:00:00 PM
Last accessed : 2009-01-08 7:44:28 PM
Last modified : 2008-04-14 12:12:36 AM

#:8 [spoolsv.exe]
FilePath : C:\windows\system32\
ThreadCreationTime : 2009-01-08 7:44:45 PM
BasePriority : Normal
FileSize : 56 KB
FileVersion : 5.1.2600.5512 (xpsp.080413-0852)
ProductVersion : 5.1.2600.5512
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft
Created on : 2006-02-28 12:00:00 PM
Last accessed : 2009-01-08 7:44:28 PM
Last modified : 2008-04-14 12:12:36 AM

#:9 [ctaudsvc.exe]
FilePath : C:\Program Files\Creative\Shared Files\
ThreadCreationTime : 2009-01-08 7:44:46 PM
BasePriority : High
FileSize : 408 KB
FileVersion : 3.0.35.0
ProductVersion : 1.0.0.0
Copyright : Copyright © Creative Technology Ltd., 2006-2008. All rights reserved.
CompanyName : Creative Technology Ltd
FileDescription : Creative Audio Service
InternalName : CTAudSvc.exe
OriginalFilename : CTAudSvc.exe
ProductName : Creative Audio Service
Created on : 2008-05-26 7:00:26 PM
Last accessed : 2009-01-08 7:44:28 PM
Last modified : 2008-03-07 10:24:18 PM

#:10 [applemobiledeviceservice.exe]
FilePath : C:\Program Files\Common Files\Apple\Mobile Device Support\bin\
ThreadCreationTime : 2009-01-08 7:44:58 PM
BasePriority : Normal
FileSize : 108 KB
FileVersion : 1, 14, 0, 0
ProductVersion : 1, 14, 0, 0
Copyright : Copyright 2007 Apple, Inc. All Rights Reserved.
CompanyName : Apple, Inc.
FileDescription : Apple Mobile Device Service
InternalName : usbaapld
OriginalFilename : AppleMobileDeviceService.exe
ProductName : Apple Mobile Device Service
Created on : 2008-02-18 2:16:30 PM
Last accessed : 2009-01-08 7:44:28 PM
Last modified : 2008-02-18 2:16:30 PM

#:11 [avgwdsvc.exe]
FilePath : C:\PROGRA~1\AVG\AVG8\
ThreadCreationTime : 2009-01-08 7:44:58 PM
BasePriority : Normal
FileSize : 226 KB
FileVersion : 8.0.0.145
ProductVersion : 8.0.0.145
Copyright : Copyright
CompanyName : AVG Technologies CZ, s.r.o.
FileDescription : AVG Watchdog Service
InternalName : avgwdsvc
OriginalFilename : avgwdsvc.exe
ProductName : AVG Internet Security
Created on : 2008-07-07 3:23:20 PM
Last accessed : 2009-01-08 7:44:28 PM
Last modified : 2008-08-30 10:42:24 AM

#:12 [mdnsresponder.exe]
FilePath : C:\Program Files\Bonjour\
ThreadCreationTime : 2009-01-08 7:44:58 PM
BasePriority : Normal
FileSize : 224 KB
FileVersion : 1,0,4,12
ProductVersion : 1,0,4,12
Copyright : Copyright © 2003-2007 Apple Inc.
CompanyName : Apple Inc.
FileDescription : Bonjour Service
InternalName : mDNSResponder.exe
OriginalFilename : mDNSResponder.exe
ProductName : Bonjour
Created on : 2007-07-24 6:17:08 PM
Last accessed : 2009-01-08 7:44:28 PM
Last modified : 2007-07-24 6:17:08 PM

#:13 [lssrvc.exe]
FilePath : C:\Program Files\Common Files\LightScribe\
ThreadCreationTime : 2009-01-08 7:44:58 PM
BasePriority : Normal
FileSize : 77 KB
FileVersion : 1.10.13.1
CompanyName : Hewlett-Packard Company
FileDescription : LightScribe Service
InternalName : LSSrvc.exe
OriginalFilename : LSSrvc.exe
ProductName : LightScribe
Created on : 2007-08-23 8:40:48 PM
Last accessed : 2009-01-08 7:44:28 PM
Last modified : 2007-08-23 8:40:48 PM

#:14 [nvsvc32.exe]
FilePath : C:\windows\system32\
ThreadCreationTime : 2009-01-08 7:44:58 PM
BasePriority : Normal
FileSize : 156 KB
FileVersion : 6.14.11.7516
ProductVersion : 6.14.11.7516
Copyright : © NVIDIA Corporation. All rights reserved.
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 175.16
InternalName : NVSVC
OriginalFilename : nvsvc32.exe
ProductName : NVIDIA Driver Helper Service, Version 175.16
Created on : 2008-05-03 1:46:00 AM
Last accessed : 2009-01-08 7:44:28 PM
Last modified : 2008-05-03 1:46:00 AM

#:15 [pnkbstra.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 2009-01-08 7:44:58 PM
BasePriority : Normal
FileSize : 65 KB
Created on : 2008-06-06 11:00:25 PM
Last accessed : 2009-01-08 7:44:28 PM
Last modified : 2008-06-07 1:27:09 AM

#:16 [wlservice.exe]
FilePath : C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\
ThreadCreationTime : 2009-01-08 7:44:58 PM
BasePriority : Normal
FileSize : 40 KB
FileVersion : 1, 0, 0, 4
ProductVersion : 1, 0, 0, 4
Copyright : Copyright c 2003
CompanyName : GEMTEKS
FileDescription : WLService
InternalName : WLService
OriginalFilename : WLService.exe
ProductName : GEMTEKS WLService
Created on : 2008-12-30 11:49:10 PM
Last accessed : 2009-01-08 7:44:28 PM
Last modified : 2004-02-07 2:56:14 AM

#:17 [wmp54gsv1_1.exe]
FilePath : C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\
ThreadCreationTime : 2009-01-08 7:44:58 PM
BasePriority : High
FileSize : 4928 KB
FileVersion : 1.0.0.4
ProductVersion : 1.4
CompanyName : Linksys
InternalName : WMP54GS
ProductName : WMP54GS
Created on : 2008-12-30 11:49:11 PM
Last accessed : 2009-01-08 7:44:28 PM
Last modified : 2005-04-29 2:20:26 AM

#:18 [avgrsx.exe]
FilePath : C:\PROGRA~1\AVG\AVG8\
ThreadCreationTime : 2009-01-08 7:45:00 PM
BasePriority : Normal
FileSize : 280 KB
FileVersion : 8.0.0.134
ProductVersion : 8.0.0.134
Copyright : Copyright
CompanyName : AVG Technologies CZ, s.r.o.
FileDescription : AVG Resident Shield Service
InternalName : avgrs
OriginalFilename : avgrs.exe
ProductName : AVG Internet Security
Created on : 2008-05-26 7:41:40 PM
Last accessed : 2009-01-08 7:44:28 PM
Last modified : 2008-07-07 3:23:18 PM

#:19 [avgemc.exe]
FilePath : C:\PROGRA~1\AVG\AVG8\
ThreadCreationTime : 2009-01-08 7:45:02 PM
BasePriority : Normal
FileSize : 854 KB
FileVersion : 8.0.0.159
ProductVersion : 8.0.0.159
Copyright : Copyright
CompanyName : AVG Technologies CZ, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
OriginalFilename : avgemc.exe
ProductName : AVG Internet Security
Created on : 2008-07-07 3:23:22 PM
Last accessed : 2009-01-08 7:44:28 PM
Last modified : 2008-08-30 10:42:25 AM

#:20 [explorer.exe]
FilePath : C:\windows\
ThreadCreationTime : 2009-01-08 7:55:58 PM
BasePriority : Normal
FileSize : 1009 KB
FileVersion : 6.00.2900.5512 (xpsp.080413-2105)
ProductVersion : 6.00.2900.5512
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft
Created on : 2006-02-28 12:00:00 PM
Last accessed : 2009-01-08 8:16:54 PM
Last modified : 2008-04-14 12:12:19 AM

#:21 [cthelper.exe]
FilePath : C:\windows\system32\
ThreadCreationTime : 2009-01-08 7:56:02 PM
BasePriority : Normal
FileSize : 19 KB
FileVersion : 6.00.01.1283-2.14.1610
ProductVersion : 2.14.00.0003
Copyright : Copyright © 2004-2007
CompanyName : Creative Technology Ltd
FileDescription : CtHelper Application
InternalName : CtHelper
OriginalFilename : CtHelper.EXE
ProductName : CtHelper Application
Created on : 2008-02-20 11:58:44 PM
Last accessed : 2009-01-08 7:56:02 PM
Last modified : 2008-02-20 11:58:44 PM

#:22 [ctxfihlp.exe]
FilePath : C:\windows\system32\
ThreadCreationTime : 2009-01-08 7:56:02 PM
BasePriority : Normal
FileSize : 19 KB
FileVersion : 6.00.01.1283-2.14.1610
ProductVersion : 2.14.00.0003
Copyright : Copyright © 2004-2007
CompanyName : Creative Technology Ltd
FileDescription : CTXfiHlp MFC Application
InternalName : CTXfiHlp
OriginalFilename : CTXfiHlp.exe
ProductName : CTXfiHlp Application
Created on : 2008-02-20 11:58:46 PM
Last accessed : 2009-01-08 7:56:02 PM
Last modified : 2008-02-20 11:58:46 PM

#:23 [avgtray.exe]
FilePath : C:\PROGRA~1\AVG\AVG8\
ThreadCreationTime : 2009-01-08 7:56:04 PM
BasePriority : Normal
FileSize : 1205 KB
FileVersion : 8.0.0.172
ProductVersion : 8.0.0.172
Copyright : Copyright
CompanyName : AVG Technologies CZ, s.r.o.
FileDescription : AVG Tray Monitor
InternalName : avgtray
OriginalFilename : avgtray.exe
ProductName : AVG Internet Security
Created on : 2008-07-07 3:23:25 PM
Last accessed : 2009-01-08 7:56:04 PM
Last modified : 2008-09-30 11:18:07 AM

#:24 [ctxfispi.exe]
FilePath : C:\WINDOWS\SYSTEM32\
ThreadCreationTime : 2009-01-08 7:56:04 PM
BasePriority : Normal
FileSize : 946 KB
FileVersion : 6.00.01.1283-2.14.1610
ProductVersion : 2.14.00.0003
Copyright : Copyright
CompanyName : Creative Technology Ltd
FileDescription : SPI (Creative X-Fi Module)
InternalName : CTXFISpi.exe
OriginalFilename : CTXFISpi.exe
ProductName : Creative Audio Product
Created on : 2008-02-20 11:55:12 PM
Last accessed : 2009-01-08 7:56:04 PM
Last modified : 2008-02-20 11:55:12 PM

#:25 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ThreadCreationTime : 2009-01-08 7:56:05 PM
BasePriority : Normal
FileSize : 260 KB
FileVersion : 7.6.2.9
ProductVersion : 7.6.2.9
CompanyName : Apple Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
OriginalFilename : iTunesHelper.exe
ProductName : iTunes
Created on : 2008-03-30 1:36:40 PM
Last accessed : 2009-01-08 7:56:05 PM
Last modified : 2008-03-30 1:36:40 PM

#:26 [ctfmon.exe]
FilePath : C:\windows\system32\
ThreadCreationTime : 2009-01-08 7:56:07 PM
BasePriority : Normal
FileSize : 15 KB
FileVersion : 5.1.2600.5512 (xpsp.080413-2105)
ProductVersion : 5.1.2600.5512
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
OriginalFilename : CTFMON.EXE
ProductName : Microsoft
Created on : 2006-02-28 12:00:00 PM
Last accessed : 2009-01-08 7:56:06 PM
Last modified : 2008-04-14 12:12:16 AM

#:27 [lightscribecontrolpanel.exe]
FilePath : C:\Program Files\Common Files\LightScribe\
ThreadCreationTime : 2009-01-08 7:56:08 PM
BasePriority : Normal
FileSize : 445 KB
FileVersion : 1.10.13.1
CompanyName : Hewlett-Packard Company
OriginalFilename : LightScribeContolPanel.exe
ProductName : LightScribe
Created on : 2007-08-23 8:36:30 PM
Last accessed : 2009-01-08 7:56:08 PM
Last modified : 2007-08-23 8:36:30 PM

#:28 [nmbgmonitor.exe]
FilePath : C:\Program Files\Common Files\Ahead\Lib\
ThreadCreationTime : 2009-01-08 7:56:08 PM
BasePriority : Normal
FileSize : 149 KB
FileVersion : 2,0,16,0
ProductVersion : 2,0,16,0
Copyright : Copyright © 1995-2006 Nero AG and its licensors
CompanyName : Nero AG
FileDescription : Nero Home
InternalName : NMBgMonitor
OriginalFilename : NMBgMonitor.exe
ProductName : Nero Home
Created on : 2007-06-27 10:03:40 PM
Last accessed : 2009-01-08 7:56:08 PM
Last modified : 2007-06-27 10:03:40 PM

#:29 [nmindexingservice.exe]
FilePath : C:\Program Files\Common Files\Ahead\Lib\
ThreadCreationTime : 2009-01-08 7:56:11 PM
BasePriority : Normal
FileSize : 273 KB
FileVersion : 2,0,16,0
ProductVersion : 2,0,16,0
Copyright : Copyright © 1995-2006 Nero AG and its licensors
CompanyName : Nero AG
FileDescription : Nero Home
InternalName : NMIndexingService
OriginalFilename : NMIndexingService.exe
ProductName : Nero Home
Created on : 2007-06-27 10:04:00 PM
Last accessed : 2009-01-08 7:56:11 PM
Last modified : 2007-06-27 10:04:00 PM

#:30 [nmindexstoresvr.exe]
FilePath : C:\Program Files\Common Files\Ahead\Lib\
ThreadCreationTime : 2009-01-08 7:56:11 PM
BasePriority : Normal
FileSize : 1185 KB
FileVersion : 2,0,16,0
ProductVersion : 2,0,16,0
Copyright : Copyright © 1995-2006 Nero AG and its licensors
CompanyName : Nero AG
FileDescription : Nero Home
InternalName : NMIndexStoreSvr
OriginalFilename : NMIndexStoreSvr.exe
ProductName : Nero Home
Created on : 2007-06-27 10:04:00 PM
Last accessed : 2009-01-08 7:56:11 PM
Last modified : 2007-06-27 10:04:00 PM

#:31 [daemon.exe]
FilePath : C:\Program Files\DAEMON Tools Lite\
ThreadCreationTime : 2009-01-08 7:56:17 PM
BasePriority : Normal
FileSize : 475 KB
FileVersion : 4.12.3.0
ProductVersion : 4.12.3.0
Copyright : © DT Soft Ltd. All rights reserved.
CompanyName : DT Soft Ltd
FileDescription : DAEMON Tools main application
InternalName : daemon.exe
OriginalFilename : daemon.exe
ProductName : DAEMON Tools Lite
Created on : 2008-04-01 9:39:48 AM
Last accessed : 2009-01-08 7:56:17 PM
Last modified : 2008-04-01 9:39:48 AM

#:32 [rocketdock.exe]
FilePath : C:\Program Files\RocketDock\
ThreadCreationTime : 2009-01-08 7:56:18 PM
BasePriority : Normal
FileSize : 484 KB
Created on : 2008-05-30 3:56:45 PM
Last accessed : 2009-01-08 7:56:18 PM
Last modified : 2007-09-02 4:58:52 PM

#:33 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ThreadCreationTime : 2009-01-08 7:56:19 PM
BasePriority : Normal
FileSize : 492 KB
FileVersion : 7.6.2.9
ProductVersion : 7.6.2.9
CompanyName : Apple Inc.
FileDescription : iPodService Module
InternalName : iPodService
OriginalFilename : iPodService.exe
ProductName : iTunes
Created on : 2008-03-30 1:36:30 PM
Last accessed : 2009-01-08 7:56:19 PM
Last modified : 2008-03-30 1:36:30 PM

#:34 [usnsvc.exe]
FilePath : C:\Program Files\Windows Live\Messenger\
ThreadCreationTime : 2009-01-08 7:57:29 PM
BasePriority : Normal
FileSize : 96 KB
FileVersion : 8.5.1302.1018
ProductVersion : 8.5.1302
Copyright : Copyright © Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : Messenger Sharing USN Journal Reader Service
InternalName : usnsvc.exe
OriginalFilename : usnsvc.exe
ProductName : Messenger
Created on : 2007-10-18 2:31:54 PM
Last accessed : 2009-01-08 7:57:29 PM
Last modified : 2007-10-18 2:31:54 PM

#:35 [msiexec.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 2009-01-08 8:30:04 PM
BasePriority : Normal
FileSize : 77 KB
FileVersion : 3.1.4001.5512
ProductVersion : 3.1.4001.5512
CompanyName : Microsoft Corporation
FileDescription : Windows
InternalName : msiexec
OriginalFilename : msiexec.exe
ProductName : Windows Installer - Unicode
Created on : 2006-02-28 12:00:00 PM
Last accessed : 2009-01-08 8:30:04 PM
Last modified : 2008-04-14 12:12:28 AM

#:36 [jusched.exe]
FilePath : C:\Program Files\Java\jre6\bin\
ThreadCreationTime : 2009-01-08 8:30:24 PM
BasePriority : Normal
FileSize : 133 KB
FileVersion : 6.0.110.3
ProductVersion : 6.0.110.3
Copyright : Copyright
CompanyName : Sun Microsystems, Inc.
FileDescription : Java™ Platform SE binary
InternalName : Java™ Update Scheduler
OriginalFilename : jusched.exe
ProductName : Java™ Platform SE 6 U11
Created on : 2009-01-08 8:30:12 PM
Last accessed : 2009-01-08 8:30:12 PM
Last modified : 2009-01-08 8:30:12 PM

#:37 [jqs.exe]
FilePath : C:\Program Files\Java\jre6\bin\
ThreadCreationTime : 2009-01-08 8:30:26 PM
BasePriority : Idle
FileSize : 149 KB
FileVersion : 6.0.110.3
ProductVersion : 6.0.110.3
Copyright : Copyright
CompanyName : Sun Microsystems, Inc.
FileDescription : Java™ Quick Starter Service
InternalName : jqs
OriginalFilename : jqs.exe
ProductName : Java™ Platform SE 6 U11
Created on : 2009-01-08 8:30:12 PM
Last accessed : 2009-01-08 8:30:12 PM
Last modified : 2009-01-08 8:30:12 PM

#:38 [firefox.exe]
FilePath : C:\Program Files\Mozilla Firefox\
ThreadCreationTime : 2009-01-08 8:31:47 PM
BasePriority : Normal
FileSize : 300 KB
FileVersion : 1.9.0.5
ProductVersion : 3.0.5
CompanyName : Mozilla Corporation
FileDescription : Firefox
InternalName : Firefox
OriginalFilename : firefox.exe
ProductName : Firefox
Created on : 2008-05-26 7:15:37 PM
Last accessed : 2009-01-08 8:31:12 PM
Last modified : 2008-12-18 9:14:11 PM

#:39 [notepad.exe]
FilePath : C:\windows\system32\
ThreadCreationTime : 2009-01-08 8:33:02 PM
BasePriority : Normal
FileSize : 67 KB
FileVersion : 5.1.2600.5512 (xpsp.080413-2105)
ProductVersion : 5.1.2600.5512
CompanyName : Microsoft Corporation
FileDescription : Notepad
InternalName : Notepad
OriginalFilename : NOTEPAD.EXE
ProductName : Microsoft
Created on : 2006-02-28 12:00:00 PM
Last accessed : 2009-01-08 8:33:02 PM
Last modified : 2008-04-14 12:12:29 AM

#:40 [ad-aware.exe]
FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\
ThreadCreationTime : 2009-01-08 8:39:55 PM
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 2009-01-07 9:56:53 PM
Last accessed : 2009-01-08 8:16:38 PM
Last modified : 2003-07-13 1:00:20 AM

Memory scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 0


Started registry scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Registry scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 0


Started deep registry scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Deep registry scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 0


ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ


Deep scanning and examining files (C:)
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

4:40:45 PM Scan complete

Summary of this scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Total scanning time :00:00:25:406
Objects scanned :51273
Objects identified :0
Objects ignored :0
New objects :0

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:34 AM

Posted 21 January 2009 - 04:32 PM

Hello fructose,

Posted Image

Sorry about the delay.:thumbsup: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:34 AM

Posted 03 February 2009 - 12:54 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users