Reply
1 2

Join Date: Dec 2007
Posts: 25
Reputation: ownedswax is an unknown quantity at this point 
Solved Threads: 0
ownedswax ownedswax is offline Offline
Light Poster

HJT log

 
0
  #1
Apr 3rd, 2008
My friend has been expierencing some small problems on his computer, you guys have been extermely helpful in the past and if someone could help me claen up this HJT log that would be great! Thank you in advance!

C:\Program Files\STOPzilla!\STOPzilla.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rd.yahoo.com/customize/sbcyds...oo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/sbcyds...oo.sbc.com/dsl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [WUSB54Gv2] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [braviax] C:\WINDOWS\system32\brvrav32.exe
O4 - HKLM\..\Run: [7090a8c9] rundll32.exe "C:\WINDOWS\system32\scurhsrb.dll",b
O4 - HKLM\..\Run: [BM73a39b55] Rundll32.exe "C:\WINDOWS\system32\mgybmtfn.dll",s
O4 - HKLM\..\RunServices: [SystemTools32] C:\WINDOWS\system32\inet.exe
O4 - HKCU\..\Run: [braviax] C:\WINDOWS\system32\brvrav32.exe
O4 - HKCU\..\Run: [WintelUpdate] C:\WINDOWS\system32\brvrav32.exe
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\Owner\LOCALS~1\Temp\csrssc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/sof...iveXPlugin.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/amp...1.11_en_dl.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O22 - SharedTaskScheduler: jhsf8d984jief8dsfus98jkefn - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: fqllbfjmzuak (arpsdwzt5) - Unknown owner - C:\WINDOWS\system32\buwwnuul5.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WUSB54Gv2SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 7269 bytes
Reply With Quote Quick reply to this message  
Join Date: Feb 2004
Posts: 10,047
Reputation: crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold 
Solved Threads: 761
Moderator
Featured Poster
crunchie's Avatar
crunchie crunchie is offline Offline
Spyware Killer

Re: HJT log

 
0
  #2
Apr 4th, 2008
You have posted enough logs to know that that one is incomplete. Please post the complete log.
Also, you have a history here of not seeing your threads out to the end. http://www.daniweb.com/forums/search2764611.html If you want help, then you must follow through and not waste all our helpers time.

============

Download
SDFix
and save it to your desktop.

Please then reboot your computer in Safe Mode by doing the
following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the
    Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
  • In Safe Mode, right click the SDFix.zip folder and choose Extract
    All    ,
  • Open the extracted folder and double click RunThis.bat to
    start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the
    registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool
    will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and
    display Finished, then press any key to end the script and load
    your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the
    contents of the results file Report.txt back onto the forum with
    a new HijackThis log

==

Post your SDFix within code tags please.
Last edited by crunchie; Apr 4th, 2008 at 7:09 am.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Reply With Quote Quick reply to this message  
Join Date: Dec 2007
Posts: 25
Reputation: ownedswax is an unknown quantity at this point 
Solved Threads: 0
ownedswax ownedswax is offline Offline
Light Poster

Re: HJT log

 
0
  #3
Apr 8th, 2008
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:06:12 PM, on 4/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:..WINDOWS..System32..smss.exe
C:..WINDOWS..system32..winlogon.exe
C:..WINDOWS..system32..services.exe
C:..WINDOWS..system32..lsass.exe
C:..WINDOWS..system32..svchost.exe
C:..WINDOWS..System32..svchost.exe
C:..WINDOWS..system32..svchost.exe
C:..Program Files..Common Files..iS3..Anti-Spyware..SZServer.exe
C:..WINDOWS..Explorer.EXE
C:..WINDOWS..system32..spoolsv.exe
C:..Program Files..Common Files..Apple..Mobile Device Support..bin..AppleMobileDeviceService.exe
C:..Program Files..Bonjour..mDNSResponder.exe
C:..Program Files..Common Files..New Boundary..PrismXL..PRISMXL.SYS
C:..WINDOWS..system32..svchost.exe
C:..Program Files..Viewpoint..Common..ViewpointService.exe
C:..Program Files..Linksys Wireless-G USB Wireless Network Monitor..WLService.exe
C:..Program Files..Linksys Wireless-G USB Wireless Network Monitor..WUSB54Gv2.exe
C:..Program Files..Viewpoint..Viewpoint Manager..ViewMgr.exe
C:..Program Files..STOPzilla!..STOPzilla.exe
C:..Program Files..Digital Media Reader..shwiconem.exe
C:..WINDOWS..system32..spool..drivers..w32x86..3..hpztsb09.e
xe
C:..Program Files..Common Files..Real..Update_OB..realsched.exe
C:..Program Files..Java..jre1.5.0_03..bin..jusched.exe
C:..Program Files..BroadJump..Client Foundation..CFD.exe
C:..Program Files..Linksys Wireless-G USB Wireless Network Monitor..InfoMyCa.exe
C:..Program Files..Java..jre1.5.0_03..bin..jucheck.exe
C:..Program Files..Uniblue..RegistryBooster 2..RegistryBooster.exe
C:..Program Files..Mozilla Firefox..firefox.exe
C:..Documents and Settings..Owner..Desktop..HijackThis.exe

R0 - HKCU..Software..Microsoft..Internet Explorer..Main,Start Page = http://www. myspace. com/
R1 - HKLM..Software..Microsoft..Internet Explorer..Main,Default_Page_URL = http://go. microsoft. com/fwlink/?LinkId=69157
R1 - HKLM..Software..Microsoft..Internet Explorer..Main,Default_Search_URL = http://go. microsoft. com/fwlink/?LinkId=54896
R1 - HKLM..Software..Microsoft..Internet Explorer..Main,Search Bar = http://red. clientapps. yahoo. com/customize/ie/defaults/sb/sbcydsl. r{}*http://yahoo. sbc. com/dsl
R0 - HKCU..Software..Microsoft..Internet Explorer..Main,Local Page = C:..WINDOWS..about.htm
R1 - HKCU..Software..Microsoft..Windows..CurrentVersion..Internet
Settings,ProxyOverride = 127. 0. 0. 1;*.local
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:..Program Files..STOPzilla!..SZIEBHO.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:..Program Files..STOPzilla!..SZSG.dll
O4 - HKLM......Run: [SunKistEM] C:..Program Files..Digital Media Reader..shwiconem.exe
O4 - HKLM......Run: [HPDJ Taskbar Utility] C:..WINDOWS..system32..spool..drivers..w32x86..3..hpztsb09.e
xe
O4 - HKLM......Run: [TkBellExe] "C:..Program Files..Common Files..Real..Update_OB..realsched.exe" -osboot
O4 - HKLM......Run: [SunJavaUpdateSched] C:..Program Files..Java..jre1.5.0_03..bin..jusched.exe
O4 - HKLM......Run: [BJCFD] C:..Program Files..BroadJump..Client Foundation..CFD.exe
O4 - HKLM......Run: [WUSB54Gv2] C:..Program Files..Linksys Wireless-G USB Wireless Network Monitor..InvokeSvc3.exe
O4 - HKLM......Run: [QuickTime Task] "C:..Program Files..QuickTime..qttask.exe" -atboottime
O4 - HKLM......Run: [BM73a39b55] Rundll32.exe "C:..WINDOWS..system32..euotbymp.dll",s
O4 - HKCU......Run: [Uniblue RegistryBooster 2] C:..Program Files..Uniblue..RegistryBooster 2..RegistryBooster.exe /S
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:..PROGRA~1..MICROS~4..OFFICE11..EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:..WINDOWS..system32..msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:..WINDOWS..system32..msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:..PROGRA~1..MICROS~4..OFFICE11..REFIEBAR.DLL
O9 - Extra button: Real. com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:..WINDOWS..system32..Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:..Program Files..Messenger..msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:..Program Files..Messenger..msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go. microsoft. com/fwlink/?linkid=39204
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads. myspace. com/upload/MySpaceUploader1006. cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www. sibelius. com/download/software/win/ActiveXPlugin. cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn. digitalcity. com/radio/ampx/ampx2. 6. 1. 11_en_dl. cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl. stream. aol. com/downloads/aol/unagi/ampx_en_dl. cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:..Program Files..Common Files..Apple..Mobile Device Support..bin..AppleMobileDeviceService.exe
O23 - Service: fqllbfjmzuak (arpsdwzt5) - Unknown owner - C:..WINDOWS..system32..buwwnuul5.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762&#0
35;# (Bonjour Service) - Apple Computer, Inc. - C:..Program Files..Bonjour..mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:..Program Files..Common Files..Macrovision Shared..FLEXnet Publisher..FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:..Program Files..Common Files..InstallShield..Driver..11..Intel 32..IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:..Program Files..iPod..bin..iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:..Program Files..Intel..NCS..Sync..NetSvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:..Program Files..Common Files..New Boundary..PrismXL..PRISMXL.SYS
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:..Program Files..Common Files..iS3..Anti-Spyware..SZServer.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:..Program Files..Viewpoint..Common..ViewpointService.exe
O23 - Service: WUSB54Gv2SVC - GEMTEKS - C:..Program Files..Linksys Wireless-G USB Wireless Network Monitor..WLService.exe

--
End of file - 6657 bytes





SDFix: Version 1.167 
Run by Owner on Tue 04/08/2008 at 06:56 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:..DOCUME~1..Owner..MYDOCU~1..Unzipped..SDFix..SDFix

Checking Services :

Name:
mqzprwe

Path:
..??..C:..WINDOWS..mqzprwe.log 

mqzprwe - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing SharedAccess Service 

Rebooting


Checking Files : 

Trojan Files Found:

C:..WINDOWS..SYSTEM32..CP.EXE - Deleted
C:..188852~1 - Deleted
C:..ILRIUPF.EXE - Deleted
C:..d.exe - Deleted
C:..WINDOWS..browser.exe - Deleted
C:..WINDOWS..system32..brvrav32.exe - Deleted
C:..WINDOWS..system32..web.dat - Deleted
C:..WINDOWS..mqzprwe.log - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1351.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www. gmer. net
Rootkit scan 2008-04-08 19:43:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE..SYSTEM..controlset001..control..Class..
{4D36E965-E325-11CE-BFC1-08002BE10318}..Properties]
"DeviceType"=dword:00000002
"DeviceCharacteristics"=dword:00000100
[HKEY_LOCAL_MACHINE..SYSTEM..controlset001..control..Class..
{4D36E967-E325-11CE-BFC1-08002BE10318}..Properties]
"DeviceType"=dword:00000007
"DeviceCharacteristics"=dword:00000100
[HKEY_LOCAL_MACHINE..SYSTEM..controlset001..control..Class..
{4D36E968-E325-11CE-BFC1-08002BE10318}..Properties]
"DeviceType"=dword:00000023
"DeviceCharacteristics"=dword:00000100
[HKEY_LOCAL_MACHINE..SYSTEM..controlset001..control..Class..
{4D36E969-E325-11CE-BFC1-08002BE10318}..Properties]
"DeviceType"=dword:00000004
"DeviceCharacteristics"=dword:00000100
[HKEY_LOCAL_MACHINE..SYSTEM..controlset001..control..Class..
{4D36E96A-E325-11CE-BFC1-08002BE10318}..Properties]
"DeviceType"=dword:00000004
"DeviceCharacteristics"=dword:00000100
[HKEY_LOCAL_MACHINE..SYSTEM..controlset001..control..Class..
{4D36E97B-E325-11CE-BFC1-08002BE10318}..Properties]
"DeviceType"=dword:00000004
"DeviceCharacteristics"=dword:00000100
[HKEY_LOCAL_MACHINE..SYSTEM..controlset001..control..Class..
{4D36E980-E325-11CE-BFC1-08002BE10318}..Properties]
"DeviceType"=dword:00000007
"DeviceCharacteristics"=dword:00000100
[HKEY_LOCAL_MACHINE..SYSTEM..controlset001..Services..MRxDAV
..EncryptedDirectories]
@=""
[HKEY_LOCAL_MACHINE..SYSTEM..ControlSet004..services..MRxDAV
..EncryptedDirectories]
@=""
[HKEY_LOCAL_MACHINE..SYSTEM..CurrentControlSet..services..MR
xDAV..EncryptedDirectories]
@=""

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE..system..currentcontrolset..services..sh
aredaccess..parameters..firewallpolicy..standardprofile..authorizedapp
lications..list]
"%windir%....system32....sessmgr.exe"="%windir%....system32.
...sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:....Program Files....Bonjour....mDNSResponder.exe"="C:....Program Files....Bonjour....mDNSResponder.exe:*:Enabled:Bonjour"
"C:....Program Files....Steam....SteamApps....ssvenomx26....counter-strike.
...hl.exe"="C:....Program Files....Steam....SteamApps....ssvenomx26....counter-strike.
...hl.exe:*:Enabled:Half-Life Launcher"
"C:....Program Files....HLSW....hlsw.exe"="C:....Program Files....HLSW....hlsw.exe:*:Enabled:hlsw"
"C:....Program Files....mIRC....mirc.exe"="C:....Program Files....mIRC....mirc.exe:*:Enabled:mIRC"
"C:....Program Files....LimeWire....LimeWire.exe"="C:....Program Files....LimeWire....LimeWire.exe:*:Enabled:LimeWire"
"C:....Program Files....AIM6....aim6.exe"="C:....Program Files....AIM6....aim6.exe:*:Enabled:AIM"
"C:....Program Files....Steam....SteamApps....nikenoah....counter-strike...
.hl.exe"="C:....Program Files....Steam....SteamApps....nikenoah....counter-strike...
.hl.exe:*:Enabled:Half-Life Launcher"
"C:....Program Files....Steam....SteamApps....ssvenomx26....day of defeat....hl.exe"="C:....Program Files....Steam....SteamApps....ssvenomx26....day of defeat....hl.exe:*:Enabled:Half-Life Launcher"
"C:....Program Files....Pando Networks....Pando....pando.exe"="C:....Program Files....Pando Networks....Pando....pando.exe:*:Enabled:Pando Application"
"C:....Program Files....Warcraft III Demo....War3Demo.exe"="C:....Program Files....Warcraft III Demo....War3Demo.exe:*:Enabled:Warcraft III Demo"
"C:....Program Files....Warcraft III....Warcraft III.exe"="C:....Program Files....Warcraft III....Warcraft III.exe:*:Enabled:Warcraft III"
"C:....Program Files....uTorrent....uTorrent.exe"="C:....Program Files....uTorrent....uTorrent.exe:*:Enabled:µTorrent"

[HKEY_LOCAL_MACHINE..system..currentcontrolset..services..sh
aredaccess..parameters..firewallpolicy..domainprofile..authorizedappli
cations..list]
"C:....Program Files....MSN Messenger....msnmsgr.exe"="C:....Program Files....MSN Messenger....msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:....Program Files....MSN Messenger....livecall.exe"="C:....Program Files....MSN Messenger....livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%....system32....sessmgr.exe"="%windir%....system32.
...sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :


File Backups: - C:..DOCUME~1..Owner..MYDOCU~1..Unzipped..SDFix..SDFix..backu
ps..backups.zip

Files with Hidden Attributes :

Thu 28 Apr 2005 442,942 ..SH. --- "C:..WINDOWS..system..tenipxe.tmp"
Wed 27 Apr 2005 60,619 ..SH. --- "C:..WINDOWS..system..tenipxe.bak1"
Fri 29 Apr 2005 442,795 ..SH. --- "C:..WINDOWS..system..tenipxe.bak2"
Sat 4 Jun 2005 56 A.SHR --- "C:..WINDOWS..system32..1C86978378.sys"
Wed 4 Jul 2007 1,851,383 ..SH. --- "C:..WINDOWS..system32..nnnmp.bak1"
Fri 11 Nov 2005 352,372 A. SH. --- "C:..WINDOWS..system32..oqtwa.tmp"
Wed 30 Nov 2005 422,746 A. SH. --- "C:..WINDOWS..system32..oqtwa.bak1"
Tue 29 Nov 2005 411,930 A. SH. --- "C:..WINDOWS..system32..oqtwa.bak2"
Thu 27 Oct 2005 159,927 A. SH. --- "C:..WINDOWS..system32..vycdd.tmp"
Sun 23 Oct 2005 141,320 A. SH. --- "C:..WINDOWS..system32..vycdd.bak1"
Fri 28 Oct 2005 162,642 A. SH. --- "C:..WINDOWS..system32..vycdd.bak2"
Wed 31 Aug 2005 179,187 A. SH. --- "C:..WINDOWS..Web..ksidnib.tmp"
Sun 9 Oct 2005 339,283 A. SH. --- "C:..WINDOWS..Web..ksidnib.bak1"
Wed 12 Oct 2005 354,419 A. SH. --- "C:..WINDOWS..Web..ksidnib.bak2"
Sun 22 May 2005 4,348 A. SH. --- "C:..Documents and Settings..All Users..DRM..DRMv1.bak"
Sun 13 Jan 2008 0 A. SH. --- "C:..Documents and Settings..All Users..DRM..Cache..Indiv02.tmp"
Wed 4 Oct 2006 3,072,000 A..H. --- "C:..Documents and Settings..Owner..Application Data..U3..temp..Launchpad Removal.exe"

Finished!
Last edited by ownedswax; Apr 8th, 2008 at 9:17 pm.
Reply With Quote Quick reply to this message  
Join Date: Feb 2004
Posts: 10,047
Reputation: crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold 
Solved Threads: 761
Moderator
Featured Poster
crunchie's Avatar
crunchie crunchie is offline Offline
Spyware Killer

Re: HJT log

 
0
  #4
Apr 9th, 2008
Tell me something. Why is it that your hijackthis logs always look different to every one else's?
Take a look at your first post, then your second and spot the difference. Who is doing all that pointless editing of the log? All it means is that now you will have to wait until you have posted a log in the correct format.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Reply With Quote Quick reply to this message  
Join Date: Dec 2007
Posts: 25
Reputation: ownedswax is an unknown quantity at this point 
Solved Threads: 0
ownedswax ownedswax is offline Offline
Light Poster

Re: HJT log

 
0
  #5
Apr 9th, 2008
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:21:56 PM, on 4/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv2.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/sbcyds...oo.sbc.com/dsl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [WUSB54Gv2] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BM73a39b55] Rundll32.exe "C:\WINDOWS\system32\euotbymp.dll",s
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/sof...iveXPlugin.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/amp...1.11_en_dl.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: fqllbfjmzuak (arpsdwzt5) - Unknown owner - C:\WINDOWS\system32\buwwnuul5.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WUSB54Gv2SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 6778 bytes
Reply With Quote Quick reply to this message  
Join Date: Feb 2004
Posts: 10,047
Reputation: crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold 
Solved Threads: 761
Moderator
Featured Poster
crunchie's Avatar
crunchie crunchie is offline Offline
Spyware Killer

Re: HJT log

 
0
  #6
Apr 9th, 2008
Much better.

Can you please do the following.


===============

Go to Add/Remove programs and uninstall the following, if present:

Viewpoint Manager

The above could appear anywhere within the entry. Be careful not to remove any personal or system software.

===============

Scan with HijackThis and then place a check next to all the following, if present:


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm

O4 - HKLM\..\Run: [BM73a39b55] Rundll32.exe "C:\WINDOWS\system32\euotbymp.dll",s

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O23 - Service: fqllbfjmzuak (arpsdwzt5) - Unknown owner - C:\WINDOWS\system32\buwwnuul5.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:

folders...

C:\Program Files\Viewpoint

files...

C:\WINDOWS\system32\euotbymp.dll

-

Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear.
Select the first option to run Windows in Safe Mode hit enter.

-

Reboot.

===============

After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Reply With Quote Quick reply to this message  
Join Date: Dec 2007
Posts: 25
Reputation: ownedswax is an unknown quantity at this point 
Solved Threads: 0
ownedswax ownedswax is offline Offline
Light Poster

Re: HJT log

 
0
  #7
Apr 9th, 2008
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:25:10 PM, on 4/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv2.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/sbcyds...oo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [WUSB54Gv2] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/sof...iveXPlugin.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/amp...1.11_en_dl.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: fqllbfjmzuak (arpsdwzt5) - Unknown owner - C:\WINDOWS\system32\buwwnuul5.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: WUSB54Gv2SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 5980 bytes
Reply With Quote Quick reply to this message  
Join Date: Dec 2007
Posts: 25
Reputation: ownedswax is an unknown quantity at this point 
Solved Threads: 0
ownedswax ownedswax is offline Offline
Light Poster

Re: HJT log

 
0
  #8
Apr 9th, 2008
sorry for the double post, the computer is running much faster. He said surfing the internet is very much faster and online games are running at higher FPS.
Reply With Quote Quick reply to this message  
Join Date: Feb 2004
Posts: 10,047
Reputation: crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold 
Solved Threads: 761
Moderator
Featured Poster
crunchie's Avatar
crunchie crunchie is offline Offline
Spyware Killer

Re: HJT log

 
0
  #9
Apr 13th, 2008
Copy and paste the following bold blue text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: fix.bat to your desktop.
Then double click on the fix.bat file on your desktop
You'll see a black screen flash,thats normal.

@echo off
sc stop fqllbfjmzuak
sc delete fqllbfjmzuak
Restart your PC. Post another log please.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Reply With Quote Quick reply to this message  
Join Date: Feb 2004
Posts: 10,047
Reputation: crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold 
Solved Threads: 761
Moderator
Featured Poster
crunchie's Avatar
crunchie crunchie is offline Offline
Spyware Killer

Re: HJT log

 
0
  #10
Apr 15th, 2008
Are you still there?
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Reply With Quote Quick reply to this message  
Reply
1 2

Quick Reply to Thread
This thread is more than three months old.
Perhaps start a new thread instead?
Message:



Similar Threads
Other Threads in the Viruses, Spyware and other Nasties Forum
Thread Tools Search this Thread



adware anti-malware anti-virussitesaccessissue antivirus apple attack avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial conficker connect control cyber cybercrime cyberwarfare ddos education email europe exam exploit facebook fake fancheckvirus gaming gtaiv halloween herss.exe hijack hosting internet iphone kaspersky legal logfiles malware mcafee messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista war warning windows worm yahoo zeroday
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC