Jump to content

PLEASE HELp.. i can not get rid of this bug on my computer

Guest alexlweigel@gmail.com

By Guest alexlweigel@gmail.com
in Windows XP

 Share

Recommended Posts

Guest alexlweigel@gmail.com

Guest alexlweigel@gmail.com

Posted
Posted

Here i smy Hijack log..can anyone please help me?

 

Logfile of HijackThis v1.99.1

Scan saved at 11:30:44 AM, on 9/21/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe

C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin

\AppleMobileDeviceService.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

\autorun.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\Program Files\Spyware Doctor\sdhelp.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor

\WLService.exe

C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor

\WMP54Gv4.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\DOCUME~1\Alex\LOCALS~1\Temp\Rar$EX06.422\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

http://www.dell4me.com/myway

F2 - REG:system.ini: Shell=

O1 - Hosts: 216.19.0.250 idenupdate.motorola.com

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no

file)

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core

\smax4pnp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java

\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor

\IntelMEM.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer

\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:

\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files

\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [sAClient] "C:\Program Files\Mediacom\BBClient

\Programs\RegCon.exe" /admincheck

O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell

Photo AIO Printer 922\dlbtbmgr.exe"

O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS

\W32X86\3\DLBTtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /

STARTUP

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime

\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes

\iTunesHelper.exe"

O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware

2007\AAWTray.exe

O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic

\RegMech.exe /QS

O4 - HKLM\..\Run: [TC-Spy] "C:\Program Files\TC-Spy\TC-Spy.exe" -h

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport

\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /

background

O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero

\NEROPH~1\data\Xtras\mssysmgr.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink

Advisor\LinksysAgent.exe" /startup

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search

& Destroy\TeaTimer.exe

O4 - Startup: system.exe

O4 - Global Startup: autorun.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program

Files\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files

\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System,

DisableRegedit=1

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program

Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}

- C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-

AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin

\npjpi142_03.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-

A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}

- C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:

\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583}

- %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-

d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic

\xpnetdiag.exe (file missing)

O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-

B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-

B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}

- C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-

BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: START_PAGE_URL=http://www.mchsi.com

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine

Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation

Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -

http://www1.snapfish.com/SnapfishActivia.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)

- http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144785168234

O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture

Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab

O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} -

http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/Entriq_3_5_2_2_Silent.cab

O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -

O16 - DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} -

http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/NBCUniversal_1_0_0_7.cab

O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send

Class) - http://216.249.24.62/code/iPIX-ImageWell-ipix.cab

O20 - AppInit_DLLs: hadjajr.ini

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: vtsqp - C:\WINDOWS\

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: xxywwtt - xxywwtt.dll (file missing)

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:

\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files

\Common Files\Apple\Mobile Device Support\bin

\AppleMobileDeviceService.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o.

- C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:

\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. -

C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files

\DellSupport\brkrsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Common Files\InstallShield\Driver

\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin

\iPodService.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation -

C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research

Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys

Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe

(file missing)

  • Replies 2
  • Created
  • Last Reply

Popular Days

Popular Days

Guest John John

Guest John John

Posted
Posted

Re: PLEASE HELp.. i can not get rid of this bug on my computer

 

alexlweigel@gmail.com wrote:

> Here i smy Hijack log..can anyone please help me?

 

This is not the right place to post HJT logs! Read the instructions and

documentation that came with the utility for more information. The HJT

experts are not here, they are hanging around web sites and in forums

that specialize with these logs.

 

Try:

 

http://www.spywareinfo.com/~merijn/forums.php

 

http://www.tomcoyote.org/

http://castlecops.com/

 

John

Guest Elmo

Guest Elmo

Posted
Posted

Re: PLEASE HELp.. i can not get rid of this bug on my computer

 

alexlweigel@gmail.com wrote:

> Here i smy Hijack log..can anyone please help me?

>

> C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

> O4 - HKLM\..\Run: [iSUSPM Startup] C:

> \PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

> O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files

> \InstallShield\UpdateService\issch.exe" -start

 

These three seem to be from Winfixer. Look up a repair routine for that

malware.

 

Please post HJT results in their many forums.

 

--

Joe =o)

 Share
Go to topic listing
×
×
  • Create New...