Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Hijack This log

  • This topic is locked This topic is locked
3 replies to this topic

#1 the_frog_princeferes


  • Members
  • 5 posts
  • Local time:02:00 AM

Posted 23 June 2009 - 03:14 PM

I can not run any of my antispyware. Here is the Hijack this log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:11:55, on 6/23/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Safe mode with network support

Running processes:
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesInternet ExplorerIexplore.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe
F2 - REG:system.ini: UserInit=C:WINDOWSsystem32userinit.exe,C:WINDOWSsystem32twex.exe,
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program FilesAVGAVG8avgssie.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:Program Filesdel.icio.usInternet Explorer ButtonsdlcsIE.dll
O4 - HKLM..Run: [StatusClient] C:Program FilesHewlett-PackardToolbox2.0Apache Tomcat 4.0webappsToolboxStatusClientStatusClient.exe /auto
O4 - HKLM..Run: [TomcatStartup] C:Program FilesHewlett-PackardToolbox2.0hpbpsttp.exe
O4 - HKLM..Run: [NeroCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [InCD] C:Program FilesAheadInCDInCD.exe
O4 - HKLM..Run: [PestPatrol Control Center] c:PROGRA~1PESTPA~1PPControl.exe
O4 - HKLM..Run: [PPMemCheck] c:PROGRA~1PESTPA~1PPMemCheck.exe
O4 - HKLM..Run: [CookiePatrol] c:PROGRA~1PESTPA~1CookiePatrol.exe
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.6.0_05binjusched.exe"
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [LVCOMS] C:WINDOWSsystem32LVComS.exe
O4 - HKLM..Run: [ccApp] "c:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 - HKLM..Run: [ISUSScheduler] "C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe" -start
O4 - HKLM..Run: [Zune Launcher] "c:Program FilesZuneZuneLauncher.exe"
O4 - HKLM..Run: [HP Software Update] "C:Program FilesHPHP Software UpdateHPWuSchd2.exe"
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot
O4 - HKLM..Run: [SPAMfighter Agent] "C:Program FilesSPAMfighterSFAgent.exe" update delay 60
O4 - HKLM..Run: [AVG8_TRAY] C:PROGRA~1AVGAVG8avgtray.exe
O4 - HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
O4 - HKCU..Run: [NoAds] "C:Program FilesNoAdsNoAds.exe"
O4 - HKCU..Run: [H/PC Connection Agent] "C:Program FilesMicrosoft ActiveSyncwcescomm.exe"
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [SUPERAntiSpyware] C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
O4 - HKCU..Run: [updateMgr] "C:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU..Run: [Skype] "C:Program FilesSkypePhoneSkype.exe" /nosplash /minimized
O4 - HKCU..Run: [iKill] "C:Program FilesArpanTECHiKilliKill.exe" -s
O4 - Startup: HotSync Manager.lnk = C:Program FilesPalmHOTSYNC.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:Program FilesAdobeAcrobat 5.0DistillrAcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
O4 - Global Startup: Device Detector 2.lnk = C:Program FilesOLYMPUSDeviceDetectorDevDtct2.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:Program FilesHPDigital Imagingbinhpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:Program FilesHPDigital Imagingbinhpqthb08.exe
O4 - Global Startup: Launch DovePlus.url
O4 - Global Startup: Mercury Direct Control Panel.lnk = C:Program FilesFTDIMDIIDialerExpressDialer.exe
O4 - Global Startup: Mercury Technology Software Update Application.lnk = C:Program FilesFTDIMTSUAMTSUA.exe
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:PROGRA~1MICROS~4INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 - Extra button: (no name) - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:WINDOWSSystem32shdocvw.dll
O9 - Extra 'Tools' menuitem: PopThis! Options... - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:WINDOWSSystem32shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O12 - Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O15 - Trusted Zone: *. karenm@eagle.ca
O15 - Trusted Zone: http://www.1ststopautosvc.com
O15 - Trusted Zone: www.aaflightservice.com
O15 - Trusted Zone: http://www.accuradio.com
O15 - Trusted Zone: http://www.addresses.com
O15 - Trusted Zone: http://stream1.adsertion.com
O15 - Trusted Zone: http://www.alltheweb.com
O15 - Trusted Zone: http://www.altavista.com
O15 - Trusted Zone: http://home3.americanexpress.com
O15 - Trusted Zone: http://www.andale.com
O15 - Trusted Zone: http://www.apfa.org
O15 - Trusted Zone: http://www.auctionlogistix.com
O15 - Trusted Zone: http://www.auctiva.com
O15 - Trusted Zone: http://www.azpartsmaster.com
O15 - Trusted Zone: http://www.bankofamerica.com
O15 - Trusted Zone: http://www.bankone.com
O15 - Trusted Zone: http://www.baytogo.com
O15 - Trusted Zone: http://complaints.bbb.org
O15 - Trusted Zone: http://www.bridalnames.com
O15 - Trusted Zone: http://www.capitalone.com
O15 - Trusted Zone: http://www.chase.com
O15 - Trusted Zone: http://www.chevyhhr.net
O15 - Trusted Zone: http://edit.cisdata.net
O15 - Trusted Zone: http://www.concertina.net
O15 - Trusted Zone: http://www.creativegraphicsgifts.com
O15 - Trusted Zone: http://www.dailymotion.com
O15 - Trusted Zone: http://www.deviantart.com
O15 - Trusted Zone: http://www.dfwadvantagerealty.com
O15 - Trusted Zone: http://members.driverguide.com
O15 - Trusted Zone: http://cgi.ebay.com
O15 - Trusted Zone: http://cgi1.ebay.com
O15 - Trusted Zone: http://cgi5.ebay.com
O15 - Trusted Zone: http://cgi6.ebay.com
O15 - Trusted Zone: http://contact.ebay.com
O15 - Trusted Zone: http://my.ebay.com
O15 - Trusted Zone: http://payments.ebay.com
O15 - Trusted Zone: http://signin.ebay.com
O15 - Trusted Zone: http://pleasehold.evenue.net
O15 - Trusted Zone: http://nbc10.feedroom.com
O15 - Trusted Zone: http://*.fingertrip.net
O15 - Trusted Zone: http://www.folkalley.com
O15 - Trusted Zone: http://*.freesitetemplates.com
O15 - Trusted Zone: http://www.ftdi.com
O15 - Trusted Zone: *.ftdi.com
O15 - Trusted Zone: http://www.futuredial.com
O15 - Trusted Zone: http://*.fwda.org
O15 - Trusted Zone: http://www.gaylordhotels.com
O15 - Trusted Zone: http://www.gfwar.org
O15 - Trusted Zone: http://disney.go.com
O15 - Trusted Zone: http://disney.store.go.com
O15 - Trusted Zone: http://www.guitarvision.com
O15 - Trusted Zone: http://hhonors1.hilton.com
O15 - Trusted Zone: http://www.hitsquad.com
O15 - Trusted Zone: http://www.hotmetalradio.com
O15 - Trusted Zone: *.https
O15 - Trusted Zone: http://www.imageshack.us
O15 - Trusted Zone: http://www.isabellafatpatch.com
O15 - Trusted Zone: www.jetnet.com
O15 - Trusted Zone: http://www.klif.com
O15 - Trusted Zone: http://app21.mailblocks.com
O15 - Trusted Zone: http://www.mailblocks.com
O15 - Trusted Zone: http://www.mapquest.com
O15 - Trusted Zone: http://www.marsacademy.com
O15 - Trusted Zone: http://by119fd.bay119.hotmail.msn.com
O15 - Trusted Zone: www.mysbc.com
O15 - Trusted Zone: http://login.myspace.com
O15 - Trusted Zone: http://viewmorepics.myspace.com
O15 - Trusted Zone: http://www.myspace.com
O15 - Trusted Zone: http://*.myspace.com
O15 - Trusted Zone: http://*.mysticalley.com
O15 - Trusted Zone: http://www.myteleflora.com
O15 - Trusted Zone: http://www.srh.noaa.gov
O15 - Trusted Zone: http://www.ntreis.net
O15 - Trusted Zone: http://www.obdii.com
O15 - Trusted Zone: http://www.pasc.panasonic.com
O15 - Trusted Zone: http://www.patchmeeting.com
O15 - Trusted Zone: http://www.paypal.com
O15 - Trusted Zone: ibdswebp6-ext.pb.com
O15 - Trusted Zone: http://www.pictage.com
O15 - Trusted Zone: http://ops.powweb.com
O15 - Trusted Zone: http://www.pwg.com
O15 - Trusted Zone: http://northtexas.rapmls.com
O15 - Trusted Zone: http://www.repairclinic.com
O15 - Trusted Zone: http://www.richdad.com
O15 - Trusted Zone: *.roseandthistle@sbcglobal.net
O15 - Trusted Zone: http://help.sbcglobal.net
O15 - Trusted Zone: http://www.shiner.com
O15 - Trusted Zone: http://www.sibeliusmusic.com
O15 - Trusted Zone: http://pictures.sprintpcs.com
O15 - Trusted Zone: http://*.sprintsurvey.com
O15 - Trusted Zone: http://www.squaretrade.com
O15 - Trusted Zone: http://photo.stamps.com
O15 - Trusted Zone: http://www.staples.com
O15 - Trusted Zone: http://www.teleflora.com
O15 - Trusted Zone: http://mail.teleflorist.com
O15 - Trusted Zone: http://www.terrapaycard.com
O15 - Trusted Zone: http://*.the-roseandthistle
O15 - Trusted Zone: http://*.the-roseandthistle.com
O15 - Trusted Zone: http://www.thepwg.com
O15 - Trusted Zone: http://www.theroseandthistleflowershoppe.com
O15 - Trusted Zone: http://www.ultimatecounter.com
O15 - Trusted Zone: http://www.usairways.com
O15 - Trusted Zone: http://shop.usps.com
O15 - Trusted Zone: http://www.vistaprint.com
O15 - Trusted Zone: http://www.wbap.com
O15 - Trusted Zone: http://www.weatherforddemocrat.com
O15 - Trusted Zone: http://*.weddingherald.com
O15 - Trusted Zone: http://www.wellsfargo.com
O15 - Trusted Zone: www.WindowsMedia.com
O15 - Trusted Zone: http://*.WindowsMedia.com
O15 - Trusted Zone: http://www.yellowpages.com
O15 - Trusted Zone: http://www.yozawa.com
O15 - Trusted Zone: http://www.yum.com
O15 - Trusted Zone: http://www.zonecustomersat.com
O15 - Trusted Zone: www.doveplus.com (HKLM)
O15 - Trusted Zone: stg.portalapp.teleflora.com (HKLM)
O15 - Trusted Zone: tfokdevweb.dev.teleflora.org (HKLM)
O15 - Trusted IP range:
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://www.webpcfos.com/webpcfos/Citrix/wficat.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:Program FilesYahoo!CommonYinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {413D6754-BFD4-47FE-9346-319559290BFA} (HTECtrl Class) - https://www.webpcfos.com/webpcfos/websabre/HTEweb.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by119fd.bay119.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6F0C8A8F-8B0D-11D2-801B-00105AA78F4A} (ECareAgent Class) - http://help.myteleflora.com/doveplus/ecare...t_4.2.1.319.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} (InstallShield Setup Player 2K2) - http://www.futuredial.com/registration/ins...psync/setup.exe
O16 - DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} - http://pdf.forbes.com/forbesnews/triggerne...oaderSigned.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program FilesAVGAVG8avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:Program FilesSUPERAntiSpywareSASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - C:WINDOWSSYSTEM32avgrsstx.dll
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:Program FilesIntelASF AgentASFAgent.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:PROGRA~1AVGAVG8avgwdsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:Program FilesCommon FilesSymantec SharedccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:Program FilesCommon FilesSymantec SharedccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - c:Program FilesSymantec AntiVirusDefWatch.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1150Intel 32IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:Program FilesAheadInCDInCDsrv.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:WINDOWSSystem32NMSSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSSystem32HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - c:Program FilesSymantec AntiVirusSavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:Program FilesSPAMfightersfus.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - c:Program FilesSymantec AntiVirusRtvscan.exe

End of file - 15333 bytes

Some info I didn't get in my first posting
Now the computer is just freezing up in regular mode, it will only run in safe mode now. Here is an attach and DDS file for further diagnostics. I am unable to run anti spyware or anti malware even in safe mode. I have tried running spyware doctor, Malwarebytes, Super antispyware, and sptbot sd. I have tried downloading and installing others but will not install.

Merged posts. ~ OB

Attached Files

Edited by Orange Blossom, 23 June 2009 - 08:27 PM.

BC AdBot (Login to Remove)


#2 the_frog_princeferes

  • Topic Starter

  • Members
  • 5 posts
  • Local time:02:00 AM

Posted 25 June 2009 - 10:12 PM

This turned out to be an ABCJMP.exe malware. Using this site stumbled into how to run Malwarebytes when it wouldn't load which I could not find in a search. I renamed the program file from a .exe to a .bat then I right clicked on the icon and clicked run. It found a lot of stuff but had to reboot to remove some of it. I ran it again and it found more but again had to reboot to remove. The problem is now windows will not start.

My solution is to install a new drive install the dell windows recovery disk in one partition copy the old drive into another partition and re-associate files and programs. I plan on using parted magic to do this. If anyone has a better idea please let me know, I will be starting this process tomorrow morning at about 10:00am.

#3 schrauber



  • Malware Response Team
  • 24,794 posts
  • Gender:Male
  • Location:Munich,Germany
  • Local time:08:00 AM

Posted 27 June 2009 - 01:32 PM

Hello the_frog_princeferes and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#4 teacup61


    Bleepin' Texan!

  • Malware Response Team
  • 17,075 posts
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:02:00 AM

Posted 01 July 2009 - 11:29 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image

Error reading poptart in Drive A: Delete kids y/n?

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users