Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log: Please Help Diagnose


  • Please log in to reply
4 replies to this topic

#1 nowally

nowally

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:49 AM

Posted 27 May 2007 - 06:52 PM

Logfile of HijackThis v1.99.1
Scan saved at 5:14:06 PM, on 5/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\BacsTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IPaq\eMule\emule.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Proficient\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [bacstray] BacsTray.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [multi plus file bone] C:\Documents and Settings\All Users\Application Data\Webgplmultiplus\Window Wait.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [Eachmags] C:\DOCUME~1\IANCAM~1.SUP\APPLIC~1\THUNKT~1\cdrom eggs style.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\IPaq\eMule\emule.exe -AutoStart
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - https://www.topproduceronline.com/downloads/msjavx86.exe
O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} - http://apps.deskwizz.com/ax/adwerkz.cab
O16 - DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0} (moDiagCollectionActiveX Object) - http://www.musicmatch.com/form/support/tec...tionControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = superiorrealty.tv
O17 - HKLM\Software\..\Telephony: DomainName = superiorrealty.tv
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD65D72F-CC20-4AFF-91F9-9EBA5F5C58A6}: NameServer = 192.168.0.1,205.171.3.65
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = superiorrealty.tv
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = superiorrealty.tv
O20 - AppInit_DLLs:
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 28 May 2007 - 03:30 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum nowally :thumbsup:

It appears you've no virus protection installed.
Download\install one of the following freeware options from the choice below.
Once installed update its definitions and then run a full system virus scan.

AVG7 Free Edition Antivirus:
http://free.grisoft.com/softw/70free/setup...ree_446a965.exe

Avast! 4 Home Edition:
http://files.avast.com/iavs4pro/setupeng.exe

Active Virus Shield
There's a nice setup tutorial Here:
http://www.activevirusshield.com/antivirus/freeav/

********************

With you having Service Pack 2 installed i'm presuming you're using the Windows Firewall.
If you require a more robust third party firewall then download\install one of the following freeware choices:

Sygate Personal Firewall Free Edition:
http://www.filehippo.com/download_sygate_personal_firewall/

Zone Alarm Free:
http://download.zonelabs.com/bin/free/1001..._737_000_en.exe

Comodo Personal Firewall:
http://www.personalfirewall.comodo.com/

********************

Copy and paste the following bold blue text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as..Save as Type: 'All Files' File name: fix.reg to your desktop.
Then double click on the fix.reg file on your desktop and agree to merge it into the registry,then reboot.

REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=-

********************

Click on Start>Control Panel>Add/Remove Programs.
Uninstall/remove any of the following programs if listed:
Netpumper
Bitroll
Bitgrabber
CiD Help / CiD Manager
Download Plugin for Internet Explorer
Zone Media

This is because they are often bundled with the malware you are dealing with.
Don't worry if none of them are present.
If you removed any of them please restart your pc.

********************

Download NoLop.exe to your desktop.

* First close any other programs you have running as this will require a reboot.
* Double click NoLop.exe to run it.
* Then click the button labelled "Search and Destroy".
* When scanning is finished you will be prompted to reboot only if infected,click 'OK'.
* Now click the "REBOOT" Button.
* A Message should popup from NoLop, if not,double click the program again and it will finish.
Post the contents of C:\NoLop.log and a new Hijack This log into your next reply.

If you receive the error,that mscomctl.ocx or one of its dependencies are not correctly registered, please download this file to your 'System32' folder then rerun the program: http://www.boletrice.com/downloads/mscomctl.ocx
Posted Image
Posted Image

#3 nowally

nowally
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:49 AM

Posted 29 May 2007 - 02:58 PM

Sorry, if there is anything else you need to know let me know.

Thanks again.

Edited by nowally, 29 May 2007 - 04:20 PM.


#4 nowally

nowally
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:49 AM

Posted 29 May 2007 - 04:18 PM

I had avast installed, but it has since been unable to work. There used to be the circling "a" in the icon tray on the start bar, but that has since gone away, although everytime I restart my computer it shows up for about 5 seconds and then disappears. I have tried to download it again, but eveytime I get it installed and try to run the program it says the shortcut or program is missing or moved. I did, however, do everything else that was recommended, and here are the new scan logs for Nolop and HJT:


NoLop! Log by Skate_Punk_21

Please Note: any existing old logs will have now been renamed to NoLop!OLD.log

Fix running from: C:\Documents and Settings\ian.cameron.SUPERIORREALTY\Desktop
[5/29/2007]
[1:43:26 PM]

---Infection Files Found/Removed---
NO INFECTION FILES FOUND - Cleaning Aborted.

---Listing AppData sub directories---

C:\Documents and Settings\Administrator\Application Data\Adobe
C:\Documents and Settings\Administrator\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Administrator\Application Data\Identities
C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
C:\Documents and Settings\Administrator\Application Data\Microsoft
C:\Documents and Settings\Administrator\Application Data\Real
C:\Documents and Settings\Administrator\Application Data\Sonic
C:\Documents and Settings\Administrator\Application Data\Sun
C:\Documents and Settings\Administrator\Application Data\Symantec -- EMPTY Directory
C:\Documents and Settings\Administrator.superiorrealty\Application Data\Identities
C:\Documents and Settings\Administrator.superiorrealty\Application Data\Jasc Software Inc
C:\Documents and Settings\Administrator.superiorrealty\Application Data\Microsoft
C:\Documents and Settings\Administrator.superiorrealty\Application Data\Real
C:\Documents and Settings\Administrator.superiorrealty\Application Data\Sonic
C:\Documents and Settings\Administrator.superiorrealty\Application Data\Sun
C:\Documents and Settings\Administrator.superiorrealty\Application Data\Symantec -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Adobe Systems
C:\Documents and Settings\All Users\Application Data\Aol -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Dvd Shrink
C:\Documents and Settings\All Users\Application Data\Kodak -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Move Networks
C:\Documents and Settings\All Users\Application Data\Msn Messenger 5.0.0527
C:\Documents and Settings\All Users\Application Data\Msn Messenger 6.1.0155
C:\Documents and Settings\All Users\Application Data\Msn6
C:\Documents and Settings\All Users\Application Data\Quicktime
C:\Documents and Settings\All Users\Application Data\Sbsi
C:\Documents and Settings\All Users\Application Data\Symantec
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\Default User\Application Data\Identities
C:\Documents and Settings\Default User\Application Data\Jasc Software Inc
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Default User\Application Data\Real
C:\Documents and Settings\Default User\Application Data\Sonic
C:\Documents and Settings\Default User\Application Data\Sun
C:\Documents and Settings\Default User\Application Data\Symantec -- EMPTY Directory
C:\Documents and Settings\Ian\Application Data\Adobe
C:\Documents and Settings\Ian\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Ian\Application Data\Cyberlink
C:\Documents and Settings\Ian\Application Data\Earthlink
C:\Documents and Settings\Ian\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Ian\Application Data\Identities
C:\Documents and Settings\Ian\Application Data\Jasc Software Inc
C:\Documents and Settings\Ian\Application Data\Leadertech
C:\Documents and Settings\Ian\Application Data\Microsoft
C:\Documents and Settings\Ian\Application Data\Msn6
C:\Documents and Settings\Ian\Application Data\Msninstaller
C:\Documents and Settings\Ian\Application Data\Real
C:\Documents and Settings\Ian\Application Data\Sonic
C:\Documents and Settings\Ian\Application Data\Sun
C:\Documents and Settings\Ian\Application Data\Symantec -- EMPTY Directory
C:\Documents and Settings\Ian.cameron\Application Data\Identities
C:\Documents and Settings\Ian.cameron\Application Data\Jasc Software Inc
C:\Documents and Settings\Ian.cameron\Application Data\Microsoft
C:\Documents and Settings\Ian.cameron\Application Data\Real
C:\Documents and Settings\Ian.cameron\Application Data\Sonic
C:\Documents and Settings\Ian.cameron\Application Data\Sun
C:\Documents and Settings\Ian.cameron\Application Data\Symantec -- EMPTY Directory
C:\Documents and Settings\Ian.cameron.superiorrealty\Application Data\Adobe
C:\Documents and Settings\Ian.cameron.superiorrealty\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Ian.cameron.superiorrealty\Application Data\Apple Computer
C:\Documents and Settings\Ian.cameron.superiorrealty\Application Data\Arcsoft
C:\Documents and Settings\Ian.cameron.superiorrealty\Application Data\Bitdownload
C:\Documents and Settings\Ian.cameron.superiorrealty\Application Data\Cyberlink
C:\Documents and Settings\Ian.cameron.superiorrealty\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Ian.cameron.superiorrealty\Application Data\Identities
C:\Documents and Settings\Ian.cameron.superiorrealty\Application Data\Jasc Software Inc
C:\Documents and Settings\Ian.cameron.superiorrealty\Application Data\Lavasoft
C:\Documents and Settings\Ian.cameron.superiorrealty\Application Data\Macromedia
C:\Documents and Settings\Ian.cameron.superiorrealty\Application Data\Microsoft
C:\Documents and Settings\Ian.cameron.superiorrealty\Application Data\Msn6 -- EMPTY Directory
C:\Documents and Settings\Ian.cameron.superiorrealty\Application Data\Msninstaller
C:\Documents and Settings\Ian.cameron.superiorrealty\Application Data\Musicmatch
C:\Documents and Settings\Ian.cameron.superiorrealty\Application Data\Myspace
C:\Documents and Settings\Ian.cameron.superiorrealty\Application Data\Real
C:\Documents and Settings\Ian.cameron.superiorrealty\Application Data\Sonic
C:\Documents and Settings\Ian.cameron.superiorrealty\Application Data\Sun
C:\Documents and Settings\Ian.cameron.superiorrealty\Application Data\Symantec -- EMPTY Directory
C:\Documents and Settings\Ian.cameron.superiorrealty\Application Data\System Restore -- EMPTY Directory
C:\Documents and Settings\Ian.cameron.superiorrealty\Application Data\Uniblue
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Netsupport\Application Data\Identities
C:\Documents and Settings\Netsupport\Application Data\Jasc Software Inc
C:\Documents and Settings\Netsupport\Application Data\Microsoft
C:\Documents and Settings\Netsupport\Application Data\Real
C:\Documents and Settings\Netsupport\Application Data\Sonic
C:\Documents and Settings\Netsupport\Application Data\Sun
C:\Documents and Settings\Netsupport\Application Data\Symantec -- EMPTY Directory
C:\Documents and Settings\Netsupport.sr-ian\Application Data\Identities
C:\Documents and Settings\Netsupport.sr-ian\Application Data\Jasc Software Inc
C:\Documents and Settings\Netsupport.sr-ian\Application Data\Microsoft
C:\Documents and Settings\Netsupport.sr-ian\Application Data\Real
C:\Documents and Settings\Netsupport.sr-ian\Application Data\Sonic
C:\Documents and Settings\Netsupport.sr-ian\Application Data\Sun
C:\Documents and Settings\Netsupport.sr-ian\Application Data\Symantec -- EMPTY Directory
C:\Documents and Settings\Networkservice\Application Data\Microsoft






Logfile of HijackThis v1.99.1
Scan saved at 1:45:36 PM, on 5/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Proficient\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [bacstray] BacsTray.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\IPaq\eMule\emule.exe -AutoStart
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} - http://apps.deskwizz.com/ax/adwerkz.cab
O16 - DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0} (moDiagCollectionActiveX Object) - http://www.musicmatch.com/form/support/tec...tionControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = superiorrealty.tv
O17 - HKLM\Software\..\Telephony: DomainName = superiorrealty.tv
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD65D72F-CC20-4AFF-91F9-9EBA5F5C58A6}: NameServer = 192.168.0.1,205.171.3.65
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = superiorrealty.tv
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = superiorrealty.tv
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE


Do you know what may be causing Avast to not load up properly? I don't know what's going on, obviously.

Thanks. :thumbsup:

#5 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 29 May 2007 - 04:45 PM

Download\install CleanUp.
Launch CleanUp,then click on 'Options'.
Now move the slider on the left up to 'Standard Cleanup!'.
Click 'Ok',now run the program by clicking on the 'Cleanup' button.
Reboot,or log off/log on when it's finished.

***********************

Please download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.

You should copy/print the following because you need to be in Safe Mode from here on.

Reboot your computer into SAFE MODE" using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Scan with DrWeb-CureIt as follows:
* Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
* Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
* Once the short scan has finished, Click Options > Change settings
* Choose the "Scan tab" and UNcheck "Heuristic analysis"
* Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
* Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
* When done, a message will be displayed at the bottom advising if any viruses were found.
* Click "Yes to all" if it asks if you want to cure/move the file.
* When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
(This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
* Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
* Save the DrWeb.csv report to your desktop.
* Exit Dr.Web Cureit when done.
* Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
* After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

***********************

Please download Combofix and save to your desktop:
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.


As well as the above requested,post a new Hijackthis log please.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users