Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

search redirect, ran hijackthis scan, posting log, please help...


  • Please log in to reply
1 reply to this topic

#1 Irisim1

Irisim1

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:09:03 PM

Posted 15 September 2010 - 12:56 PM

Hi,

My problem is when searching google and clicking on a link I am redirected to this website supersearch.net, not the link in the search. I ran a scan using ad-aware, BitDefender, some malware was detected and removed, but the problem still persists. I ran hijackthis scan and here is the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:37:14 PM, on 9/15/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Dell Photo AIO Printer 964\memcard.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Babylon\Babylon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Iris\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\dlcjcoms.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6092
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: TBSB07286 - {C23D0D6A-8CBA-4B33-9735-47D81F5B2B85} - C:\Program Files\Ecobar\tbcore3.dll (file missing)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ecobar - {10000000-1000-1000-1000-100000000000} - C:\Program Files\Ecobar\tbcore3.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DLCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlcjmon.exe] "C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 964\memcard.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [cilxrhoj£] C:\WINDOWS\System32\cilxrhoj£.exe
O4 - HKLM\..\Run: [Yhijetohekafom] rundll32.exe "C:\WINDOWS\uzeqepijo.dll",Startup
O4 - HKLM\..\Run: [cilxrhojª] C:\WINDOWS\System32\cilxrhojª.exe
O4 - HKLM\..\Run: [cilxrhojò] C:\WINDOWS\System32\cilxrhojò.exe
O4 - HKLM\..\Run: [cilxrhoj³] C:\WINDOWS\System32\cilxrhoj³.exe
O4 - HKLM\..\Run: [cilxrhoj] C:\WINDOWS\System32\cilxrhoj.exe
O4 - HKLM\..\Run: [cilxrhoj]] C:\WINDOWS\System32\cilxrhoj].exe
O4 - HKLM\..\Run: [cilxrhoj¯] C:\WINDOWS\System32\cilxrhoj¯.exe
O4 - HKLM\..\Run: [cilxrhoj’] C:\WINDOWS\System32\cilxrhoj’.exe
O4 - HKLM\..\Run: [cilxrhoj÷] C:\WINDOWS\System32\cilxrhoj÷.exe
O4 - HKLM\..\Run: [cilxrhoj=] C:\WINDOWS\System32\cilxrhoj=.exe
O4 - HKLM\..\Run: [cilxrhoj[] C:\WINDOWS\System32\cilxrhoj[.exe
O4 - HKLM\..\Run: [cilxrhoj‡] C:\WINDOWS\System32\cilxrhoj‡.exe
O4 - HKLM\..\Run: [cilxrhoj®] C:\WINDOWS\System32\cilxrhoj®.exe
O4 - HKLM\..\Run: [cilxrhoj] C:\WINDOWS\System32\cilxrhoj.exe
O4 - HKLM\..\Run: [cilxrhoj´] C:\WINDOWS\System32\cilxrhoj´.exe
O4 - HKLM\..\Run: [cilxrhojå] C:\WINDOWS\System32\cilxrhojÅ.exe
O4 - HKLM\..\Run: [cilxrhojY] C:\WINDOWS\System32\cilxrhojY.exe
O4 - HKLM\..\Run: [cilxrhojp] C:\WINDOWS\System32\cilxrhojp.exe
O4 - HKLM\..\Run: [cilxrhoj0] C:\WINDOWS\System32\cilxrhoj0.exe
O4 - HKLM\..\Run: [cilxrhoj…] C:\WINDOWS\System32\cilxrhoj….exe
O4 - HKLM\..\Run: [cilxrhoj×] C:\WINDOWS\System32\cilxrhoj×.exe
O4 - HKLM\..\Run: [cilxrhojŒ] C:\WINDOWS\System32\cilxrhojŒ.exe
O4 - HKLM\..\Run: [cilxrhoj‹] C:\WINDOWS\System32\cilxrhoj‹.exe
O4 - HKLM\..\Run: [cilxrhoj] C:\WINDOWS\System32\cilxrhoj.exe
O4 - HKLM\..\Run: [cilxrhojá] C:\WINDOWS\System32\cilxrhojÁ.exe
O4 - HKLM\..\Run: [cilxrhoj] C:\WINDOWS\System32\cilxrhoj.exe
O4 - HKLM\..\Run: [cilxrhoj.] C:\WINDOWS\System32\cilxrhoj..exe
O4 - HKLM\..\Run: [cilxrhojF] C:\WINDOWS\System32\cilxrhojf.exe
O4 - HKLM\..\Run: [cilxrhojÚ] C:\WINDOWS\System32\cilxrhojú.exe
O4 - HKLM\..\Run: [cilxrhojÂ] C:\WINDOWS\System32\cilxrhojÂ.exe
O4 - HKLM\..\Run: [cilxrhojb] C:\WINDOWS\System32\cilxrhojB.exe
O4 - HKLM\..\Run: [cilxrhojê] C:\WINDOWS\System32\cilxrhojÊ.exe
O4 - HKLM\..\Run: [cilxrhojÏ] C:\WINDOWS\System32\cilxrhojï.exe
O4 - HKLM\..\Run: [cilxrhojj] C:\WINDOWS\System32\cilxrhojj.exe
O4 - HKLM\..\Run: [cilxrhoj«] C:\WINDOWS\System32\cilxrhoj«.exe
O4 - HKLM\..\Run: [cilxrhoj ] C:\WINDOWS\System32\cilxrhoj .exe
O4 - HKLM\..\Run: [cilxrhoj¢] C:\WINDOWS\System32\cilxrhoj¢.exe
O4 - HKLM\..\Run: [cilxrhoj4] C:\WINDOWS\System32\cilxrhoj4.exe
O4 - HKLM\..\Run: [cilxrhojÞ] C:\WINDOWS\System32\cilxrhojþ.exe
O4 - HKLM\..\Run: [cilxrhoj¶] C:\WINDOWS\System32\cilxrhoj¶.exe
O4 - HKLM\..\Run: [cilxrhoji] C:\WINDOWS\System32\cilxrhojI.exe
O4 - HKLM\..\Run: [cilxrhoj¦] C:\WINDOWS\System32\cilxrhoj¦.exe
O4 - HKLM\..\Run: [cilxrhojÎ] C:\WINDOWS\System32\cilxrhojî.exe
O4 - HKLM\..\Run: [cilxrhojE] C:\WINDOWS\System32\cilxrhoje.exe
O4 - HKLM\..\Run: [cilxrhojc] C:\WINDOWS\System32\cilxrhojC.exe
O4 - HKLM\..\Run: [cilxrhoj2] C:\WINDOWS\System32\cilxrhoj2.exe
O4 - HKLM\..\Run: [cilxrhojl] C:\WINDOWS\System32\cilxrhojL.exe
O4 - HKLM\..\Run: [cilxrhoj&] C:\WINDOWS\System32\cilxrhoj&.exe
O4 - HKLM\..\Run: [cilxrhoj9] C:\WINDOWS\System32\cilxrhoj9.exe
O4 - HKLM\..\Run: [cilxrhoj`] C:\WINDOWS\System32\cilxrhoj`.exe
O4 - HKLM\..\Run: [cilxrhojž] C:\WINDOWS\System32\cilxrhojž.exe
O4 - HKLM\..\Run: [cilxrhoj%] C:\WINDOWS\System32\cilxrhoj%.exe
O4 - HKLM\..\Run: [cilxrhoj°] C:\WINDOWS\System32\cilxrhoj°.exe
O4 - HKLM\..\Run: [cilxrhoj,] C:\WINDOWS\System32\cilxrhoj,.exe
O4 - HKLM\..\Run: [cilxrhoj•] C:\WINDOWS\System32\cilxrhoj•.exe
O4 - HKLM\..\Run: [cilxrhojÃ] C:\WINDOWS\System32\cilxrhojã.exe
O4 - HKLM\..\Run: [cilxrhoj©] C:\WINDOWS\System32\cilxrhoj©.exe
O4 - HKLM\..\Run: [cilxrhojÜ] C:\WINDOWS\System32\cilxrhojü.exe
O4 - HKLM\..\Run: [cilxrhoj·] C:\WINDOWS\System32\cilxrhoj·.exe
O4 - HKLM\..\Run: [cilxrhoj˜] C:\WINDOWS\System32\cilxrhoj˜.exe
O4 - HKLM\..\Run: [cilxrhoj#] C:\WINDOWS\System32\cilxrhoj#.exe
O4 - HKLM\..\Run: [cilxrhoj¤] C:\WINDOWS\System32\cilxrhoj¤.exe
O4 - HKLM\..\Run: [cilxrhoj¹] C:\WINDOWS\System32\cilxrhoj¹.exe
O4 - HKLM\..\Run: [cilxrhoj–] C:\WINDOWS\System32\cilxrhoj–.exe
O4 - HKLM\..\Run: [cilxrhojS] C:\WINDOWS\System32\cilxrhojs.exe
O4 - HKLM\..\Run: [cilxrhoj1] C:\WINDOWS\System32\cilxrhoj1.exe
O4 - HKLM\..\Run: [cilxrhojß] C:\WINDOWS\System32\cilxrhojß.exe
O4 - HKLM\..\Run: [cilxrhoj'] C:\WINDOWS\System32\cilxrhoj'.exe
O4 - HKLM\..\Run: [cilxrhoj}] C:\WINDOWS\System32\cilxrhoj}.exe
O4 - HKLM\..\Run: [cilxrhoj¿] C:\WINDOWS\System32\cilxrhoj¿.exe
O4 - HKLM\..\Run: [cilxrhoj!] C:\WINDOWS\System32\cilxrhoj!.exe
O4 - HKLM\..\Run: [cilxrhoj—] C:\WINDOWS\System32\cilxrhoj—.exe
O4 - HKLM\..\Run: [cilxrhoj8] C:\WINDOWS\System32\cilxrhoj8.exe
O4 - HKLM\..\Run: [cilxrhoj^] C:\WINDOWS\System32\cilxrhoj^.exe
O4 - HKLM\..\Run: [cilxrhoj~] C:\WINDOWS\System32\cilxrhoj~.exe
O4 - HKLM\..\Run: [cilxrhojA] C:\WINDOWS\System32\cilxrhojA.exe
O4 - HKLM\..\Run: [cilxrhojX] C:\WINDOWS\System32\cilxrhojX.exe
O4 - HKLM\..\Run: [cilxrhoj] C:\WINDOWS\System32\cilxrhoj.exe
O4 - HKLM\..\Run: [cilxrhoj+] C:\WINDOWS\System32\cilxrhoj+.exe
O4 - HKLM\..\Run: [cilxrhoj­] C:\WINDOWS\System32\cilxrhoj­.exe
O4 - HKLM\..\Run: [cilxrhojà] C:\WINDOWS\System32\cilxrhojÀ.exe
O4 - HKLM\..\Run: [cilxrhoj™] C:\WINDOWS\System32\cilxrhoj™.exe
O4 - HKLM\..\Run: [cilxrhoj¸] C:\WINDOWS\System32\cilxrhoj¸.exe
O4 - HKLM\..\Run: [cilxrhoj6] C:\WINDOWS\System32\cilxrhoj6.exe
O4 - HKLM\..\Run: [cilxrhoj] C:\WINDOWS\System32\cilxrhoj.exe
O4 - HKLM\..\Run: [cilxrhoj;] C:\WINDOWS\System32\cilxrhoj;.exe
O4 - HKLM\..\Run: [cilxrhoj(] C:\WINDOWS\System32\cilxrhoj(.exe
O4 - HKLM\..\Run: [cilxrhoj7] C:\WINDOWS\System32\cilxrhoj7.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SansaDispatch] C:\Documents and Settings\Iris\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKCU\..\Run: [cilxrhoj£] C:\Documents and Settings\Iris\cilxrhoj£.exe
O4 - HKCU\..\Run: [cilxrhoj»] C:\Documents and Settings\Iris\cilxrhoj».exe
O4 - HKCU\..\Run: [cilxrhojø] C:\Documents and Settings\Iris\cilxrhojø.exe
O4 - HKCU\..\Run: [cilxrhojª] C:\Documents and Settings\Iris\cilxrhojª.exe
O4 - HKCU\..\Run: [cilxrhojÌ] C:\Documents and Settings\Iris\cilxrhojÌ.exe
O4 - HKCU\..\Run: [cilxrhoj¾] C:\Documents and Settings\Iris\cilxrhoj¾.exe
O4 - HKCU\..\Run: [cilxrhojé] C:\Documents and Settings\Iris\cilxrhojÉ.exe
O4 - HKCU\..\Run: [cilxrhojò] C:\Documents and Settings\Iris\cilxrhojò.exe
O4 - HKCU\..\Run: [cilxrhoj³] C:\Documents and Settings\Iris\cilxrhoj³.exe
O4 - HKCU\..\Run: [cilxrhoj] C:\Documents and Settings\Iris\cilxrhoj.exe
O4 - HKCU\..\Run: [cilxrhoj‰] C:\Documents and Settings\Iris\cilxrhoj‰.exe
O4 - HKCU\..\Run: [cilxrhoj]] C:\Documents and Settings\Iris\cilxrhoj].exe
O4 - HKCU\..\Run: [cilxrhoj¯] C:\Documents and Settings\Iris\cilxrhoj¯.exe
O4 - HKCU\..\Run: [cilxrhoj‚] C:\Documents and Settings\Iris\cilxrhoj‚.exe
O4 - HKCU\..\Run: [cilxrhoj’] C:\Documents and Settings\Iris\cilxrhoj’.exe
O4 - HKCU\..\Run: [cilxrhoj÷] C:\Documents and Settings\Iris\cilxrhoj÷.exe
O4 - HKCU\..\Run: [cilxrhoj=] C:\Documents and Settings\Iris\cilxrhoj=.exe
O4 - HKCU\..\Run: [cilxrhoj5] C:\Documents and Settings\Iris\cilxrhoj5.exe
O4 - HKCU\..\Run: [cilxrhoj[] C:\Documents and Settings\Iris\cilxrhoj[.exe
O4 - HKCU\..\Run: [cilxrhojð] C:\Documents and Settings\Iris\cilxrhojð.exe
O4 - HKCU\..\Run: [cilxrhoj²] C:\Documents and Settings\Iris\cilxrhoj².exe
O4 - HKCU\..\Run: [cilxrhoj‡] C:\Documents and Settings\Iris\cilxrhoj‡.exe
O4 - HKCU\..\Run: [cilxrhoj®] C:\Documents and Settings\Iris\cilxrhoj®.exe
O4 - HKCU\..\Run: [cilxrhoj] C:\Documents and Settings\Iris\cilxrhoj.exe
O4 - HKCU\..\Run: [cilxrhoj´] C:\Documents and Settings\Iris\cilxrhoj´.exe
O4 - HKCU\..\Run: [cilxrhojå] C:\Documents and Settings\Iris\cilxrhojÅ.exe
O4 - HKCU\..\Run: [cilxrhojY] C:\Documents and Settings\Iris\cilxrhojY.exe
O4 - HKCU\..\Run: [cilxrhojp] C:\Documents and Settings\Iris\cilxrhojp.exe
O4 - HKCU\..\Run: [cilxrhoj0] C:\Documents and Settings\Iris\cilxrhoj0.exe
O4 - HKCU\..\Run: [cilxrhoj…] C:\Documents and Settings\Iris\cilxrhoj….exe
O4 - HKCU\..\Run: [cilxrhoj×] C:\Documents and Settings\Iris\cilxrhoj×.exe
O4 - HKCU\..\Run: [cilxrhojŒ] C:\Documents and Settings\Iris\cilxrhojŒ.exe
O4 - HKCU\..\Run: [cilxrhoj‹] C:\Documents and Settings\Iris\cilxrhoj‹.exe
O4 - HKCU\..\Run: [cilxrhoj] C:\Documents and Settings\Iris\cilxrhoj.exe
O4 - HKCU\..\Run: [cilxrhojN] C:\Documents and Settings\Iris\cilxrhojn.exe
O4 - HKCU\..\Run: [cilxrhojá] C:\Documents and Settings\Iris\cilxrhojÁ.exe
O4 - HKCU\..\Run: [cilxrhojk] C:\Documents and Settings\Iris\cilxrhojK.exe
O4 - HKCU\..\Run: [cilxrhoj] C:\Documents and Settings\Iris\cilxrhoj.exe
O4 - HKCU\..\Run: [cilxrhoj.] C:\Documents and Settings\Iris\cilxrhoj..exe
O4 - HKCU\..\Run: [cilxrhojd] C:\Documents and Settings\Iris\cilxrhojD.exe
O4 - HKCU\..\Run: [cilxrhojF] C:\Documents and Settings\Iris\cilxrhojf.exe
O4 - HKCU\..\Run: [cilxrhojÚ] C:\Documents and Settings\Iris\cilxrhojÚ.exe
O4 - HKCU\..\Run: [cilxrhojÑ] C:\Documents and Settings\Iris\cilxrhojñ.exe
O4 - HKCU\..\Run: [cilxrhoj›] C:\Documents and Settings\Iris\cilxrhoj›.exe
O4 - HKCU\..\Run: [cilxrhojÂ] C:\Documents and Settings\Iris\cilxrhojÂ.exe
O4 - HKCU\..\Run: [cilxrhojb] C:\Documents and Settings\Iris\cilxrhojB.exe
O4 - HKCU\..\Run: [cilxrhojê] C:\Documents and Settings\Iris\cilxrhojÊ.exe
O4 - HKCU\..\Run: [cilxrhojÍ] C:\Documents and Settings\Iris\cilxrhojí.exe
O4 - HKCU\..\Run: [cilxrhojÏ] C:\Documents and Settings\Iris\cilxrhojï.exe
O4 - HKCU\..\Run: [cilxrhojÈ] C:\Documents and Settings\Iris\cilxrhojÈ.exe
O4 - HKCU\..\Run: [cilxrhojj] C:\Documents and Settings\Iris\cilxrhojj.exe
O4 - HKCU\..\Run: [cilxrhoj«] C:\Documents and Settings\Iris\cilxrhoj«.exe
O4 - HKCU\..\Run: [cilxrhojÝ] C:\Documents and Settings\Iris\cilxrhojý.exe
O4 - HKCU\..\Run: [cilxrhoj ] C:\Documents and Settings\Iris\cilxrhoj .exe
O4 - HKCU\..\Run: [cilxrhoj¢] C:\Documents and Settings\Iris\cilxrhoj¢.exe
O4 - HKCU\..\Run: [cilxrhoj4] C:\Documents and Settings\Iris\cilxrhoj4.exe
O4 - HKCU\..\Run: [cilxrhojÞ] C:\Documents and Settings\Iris\cilxrhojþ.exe
O4 - HKCU\..\Run: [cilxrhojô] C:\Documents and Settings\Iris\cilxrhojÔ.exe
O4 - HKCU\..\Run: [cilxrhoj“] C:\Documents and Settings\Iris\cilxrhoj“.exe
O4 - HKCU\..\Run: [cilxrhoj¶] C:\Documents and Settings\Iris\cilxrhoj¶.exe
O4 - HKCU\..\Run: [cilxrhoji] C:\Documents and Settings\Iris\cilxrhojI.exe
O4 - HKCU\..\Run: [cilxrhoj¦] C:\Documents and Settings\Iris\cilxrhoj¦.exe
O4 - HKCU\..\Run: [cilxrhojÇ] C:\Documents and Settings\Iris\cilxrhojç.exe
O4 - HKCU\..\Run: [cilxrhojÎ] C:\Documents and Settings\Iris\cilxrhojî.exe
O4 - HKCU\..\Run: [cilxrhojE] C:\Documents and Settings\Iris\cilxrhoje.exe
O4 - HKCU\..\Run: [cilxrhojc] C:\Documents and Settings\Iris\cilxrhojC.exe
O4 - HKCU\..\Run: [cilxrhojó] C:\Documents and Settings\Iris\cilxrhojó.exe
O4 - HKCU\..\Run: [cilxrhoj„] C:\Documents and Settings\Iris\cilxrhoj„.exe
O4 - HKCU\..\Run: [cilxrhoj2] C:\Documents and Settings\Iris\cilxrhoj2.exe
O4 - HKCU\..\Run: [cilxrhojl] C:\Documents and Settings\Iris\cilxrhojL.exe
O4 - HKCU\..\Run: [cilxrhoj&] C:\Documents and Settings\Iris\cilxrhoj&.exe
O4 - HKCU\..\Run: [cilxrhoj9] C:\Documents and Settings\Iris\cilxrhoj9.exe
O4 - HKCU\..\Run: [cilxrhoj`] C:\Documents and Settings\Iris\cilxrhoj`.exe
O4 - HKCU\..\Run: [cilxrhojž] C:\Documents and Settings\Iris\cilxrhojž.exe
O4 - HKCU\..\Run: [cilxrhoj%] C:\Documents and Settings\Iris\cilxrhoj%.exe
O4 - HKCU\..\Run: [cilxrhoj@] C:\Documents and Settings\Iris\cilxrhoj@.exe
O4 - HKCU\..\Run: [cilxrhoj°] C:\Documents and Settings\Iris\cilxrhoj°.exe
O4 - HKCU\..\Run: [cilxrhoj,] C:\Documents and Settings\Iris\cilxrhoj,.exe
O4 - HKCU\..\Run: [cilxrhoj•] C:\Documents and Settings\Iris\cilxrhoj•.exe
O4 - HKCU\..\Run: [cilxrhojÃ] C:\Documents and Settings\Iris\cilxrhojã.exe
O4 - HKCU\..\Run: [cilxrhoj©] C:\Documents and Settings\Iris\cilxrhoj©.exe
O4 - HKCU\..\Run: [cilxrhojÜ] C:\Documents and Settings\Iris\cilxrhojü.exe
O4 - HKCU\..\Run: [cilxrhoj·] C:\Documents and Settings\Iris\cilxrhoj·.exe
O4 - HKCU\..\Run: [cilxrhoj˜] C:\Documents and Settings\Iris\cilxrhoj˜.exe
O4 - HKCU\..\Run: [cilxrhoj#] C:\Documents and Settings\Iris\cilxrhoj#.exe
O4 - HKCU\..\Run: [cilxrhoj$] C:\Documents and Settings\Iris\cilxrhoj$.exe
O4 - HKCU\..\Run: [cilxrhojˆ] C:\Documents and Settings\Iris\cilxrhojˆ.exe
O4 - HKCU\..\Run: [cilxrhojÛ] C:\Documents and Settings\Iris\cilxrhojÛ.exe
O4 - HKCU\..\Run: [cilxrhojV] C:\Documents and Settings\Iris\cilxrhojv.exe
O4 - HKCU\..\Run: [cilxrhoj¤] C:\Documents and Settings\Iris\cilxrhoj¤.exe
O4 - HKCU\..\Run: [cilxrhoj¹] C:\Documents and Settings\Iris\cilxrhoj¹.exe
O4 - HKCU\..\Run: [cilxrhoj–] C:\Documents and Settings\Iris\cilxrhoj–.exe
O4 - HKCU\..\Run: [cilxrhoj1] C:\Documents and Settings\Iris\cilxrhoj1.exe
O4 - HKCU\..\Run: [cilxrhojß] C:\Documents and Settings\Iris\cilxrhojß.exe
O4 - HKCU\..\Run: [cilxrhoj”] C:\Documents and Settings\Iris\cilxrhoj”.exe
O4 - HKCU\..\Run: [cilxrhoj'] C:\Documents and Settings\Iris\cilxrhoj'.exe
O4 - HKCU\..\Run: [cilxrhoj}] C:\Documents and Settings\Iris\cilxrhoj}.exe
O4 - HKCU\..\Run: [cilxrhoj)] C:\Documents and Settings\Iris\cilxrhoj).exe
O4 - HKCU\..\Run: [cilxrhoj¿] C:\Documents and Settings\Iris\cilxrhoj¿.exe
O4 - HKCU\..\Run: [cilxrhojƒ] C:\Documents and Settings\Iris\cilxrhojƒ.exe
O4 - HKCU\..\Run: [cilxrhoj!] C:\Documents and Settings\Iris\cilxrhoj!.exe
O4 - HKCU\..\Run: [cilxrhoj] C:\Documents and Settings\Iris\cilxrhoj.exe
O4 - HKCU\..\Run: [cilxrhojº] C:\Documents and Settings\Iris\cilxrhojº.exe
O4 - HKCU\..\Run: [cilxrhoj—] C:\Documents and Settings\Iris\cilxrhoj—.exe
O4 - HKCU\..\Run: [cilxrhoj8] C:\Documents and Settings\Iris\cilxrhoj8.exe
O4 - HKCU\..\Run: [cilxrhoj^] C:\Documents and Settings\Iris\cilxrhoj^.exe
O4 - HKCU\..\Run: [cilxrhoj~] C:\Documents and Settings\Iris\cilxrhoj~.exe
O4 - HKCU\..\Run: [cilxrhoj¨] C:\Documents and Settings\Iris\cilxrhoj¨.exe
O4 - HKCU\..\Run: [cilxrhojA] C:\Documents and Settings\Iris\cilxrhojA.exe
O4 - HKCU\..\Run: [cilxrhoj½] C:\Documents and Settings\Iris\cilxrhoj½.exe
O4 - HKCU\..\Run: [cilxrhojX] C:\Documents and Settings\Iris\cilxrhojX.exe
O4 - HKCU\..\Run: [cilxrhoj] C:\Documents and Settings\Iris\cilxrhoj.exe
O4 - HKCU\..\Run: [cilxrhoj+] C:\Documents and Settings\Iris\cilxrhoj+.exe
O4 - HKCU\..\Run: [cilxrhoj­] C:\Documents and Settings\Iris\cilxrhoj­.exe
O4 - HKCU\..\Run: [cilxrhojà] C:\Documents and Settings\Iris\cilxrhojÀ.exe
O4 - HKCU\..\Run: [cilxrhoj§] C:\Documents and Settings\Iris\cilxrhoj§.exe
O4 - HKCU\..\Run: [cilxrhoj™] C:\Documents and Settings\Iris\cilxrhoj™.exe
O4 - HKCU\..\Run: [cilxrhoj¸] C:\Documents and Settings\Iris\cilxrhoj¸.exe
O4 - HKCU\..\Run: [cilxrhoj6] C:\Documents and Settings\Iris\cilxrhoj6.exe
O4 - HKCU\..\Run: [cilxrhoj] C:\Documents and Settings\Iris\cilxrhoj.exe
O4 - HKCU\..\Run: [cilxrhoj;] C:\Documents and Settings\Iris\cilxrhoj;.exe
O4 - HKCU\..\Run: [cilxrhoj(] C:\Documents and Settings\Iris\cilxrhoj(.exe
O4 - HKCU\..\Run: [cilxrhoj±] C:\Documents and Settings\Iris\cilxrhoj±.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: dlcj_device - Unknown owner - C:\WINDOWS\system32\dlcjcoms.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe

--
End of file - 22718 bytes


It seems to me like the file with the name including cilxrhoj, which repeats a lot, is the same program which was detected by adaware and removed yesterday, now it's not detected by adaware but still detected by hijackthis. maybe this is the problem?

I hope you can help me, thank you so much in advance!

Iris

BC AdBot (Login to Remove)

 


#2 Irisim1

Irisim1
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:09:03 PM

Posted 15 September 2010 - 01:38 PM

I have now read the instructions so running the requested scans, and will post the logs in the other forum. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users