Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: Hijackthis log file please help.  (Read 9695 times)

0 Members and 1 Guest are viewing this topic.

MP1975

    Topic Starter


    Apprentice
    Hijackthis log file please help.
    « on: September 27, 2010, 03:47:25 PM »
    I did run super antispyware and had 36 bugs, it did not ask me to save a log file or I didn't see it ?

    Here is teh AVG logfile.

    "Scan ""Scan whole computer"" completed."
    "No infection was found during this scan"
    "Folders selected for scanning:";"Scan whole computer"
    "Scan started:";"Monday, September 27, 2010, 1:42:21 PM"
    "Scan finished:";"Monday, September 27, 2010, 2:55:50 PM (1 hour(s) 13 minute(s) 29 second(s))"
    "Total object scanned:";"134177"
    "User who launched the scan:";"Owner"

    My java is up to date.

    Ran Malwarebytes and there were zero bugs found ?

    This puter runs slower then a snail in the dead of heat.....HELP

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 5:43:24 PM, on 9/27/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\WINDOWS\System32\NMSSvc.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\System32\msiexec.exe
    C:\Program Files\Trend Micro\sniper.exe\sniper.exe.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
    O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS
    O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS

    --
    End of file - 3714 bytes
     
    Dream untill your dreams come true.

    SuperDave

    • Malware Removal Specialist
    • Moderator


    • Genius
    • Thanked: 1020
    • Certifications: List
    • Experience: Expert
    • OS: Windows 10
    Re: Hijackthis log file please help.
    « Reply #1 on: September 28, 2010, 05:12:25 PM »
      Hello and welcome to
    Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

    1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
    2. The fixes are specific to your problem and should only be used for this issue on this machine.
    3. If you don't know or understand something, please don't hesitate to ask.
    4. Please DO NOT run any other tools or scans while I am helping you.
    5. It is important that you reply to this thread. Do not start a new topic.
    6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    7. Absence of symptoms does not mean that everything is clear.

    You have Viewpoint installed.

    Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

    More information:

    * ViewMgr.exe - Useless
    * Viewpoint to Plunge Into Adware

    It is suggested to remove the program now. Go to Start > Control Panel > Add/Remove Programs - (Vista & Win7 is Programs and Features) and remove the following programs if present.

    * Viewpoint
    * Viewpoint Manager
    * Viewpoint Media Player
    * Viewpoint Toolbar
    * Viewpoint Experience Technology


    **********************************

    Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

    Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

    Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

    Exit out of MessengerDisable then delete the two files that were put on the desktop.

    *************************************
    Open HijackThis and select Do a system scan only

    Place a check mark next to the following entries: (if there)

    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    Important: Close all open windows except for HijackThis and then click Fix checked.

    Once completed, exit HijackThis.
    **************************************
    Please download ComboFix from BleepingComputer.com

    Alternate link: GeeksToGo.com

    Rename ComboFix.exe to commy.exe before you save it to your Desktop
    Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
    Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
    As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console[/list]

    Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


    Click on Yes, to continue scanning for malware.
    When finished, it shall produce a log for you.  Please include the contents of C:\ComboFix.txt in your next reply.

    If you have problems with ComboFix usage, see How to use ComboFix

    Windows 8 and Windows 10 dual boot with two SSD's

    MP1975

      Topic Starter


      Apprentice
      Re: Hijackthis log file please help.
      « Reply #2 on: September 28, 2010, 07:08:13 PM »
      Ran everything in order and had no problems except while running combofix, while it was creating the backup registry it ran out of VM twice and in both cases the system took over and combo fix was able to continue and finally finished.

      Thank you much for the help.



      ComboFix 10-09-27.05 - Owner 09/28/2010  20:12:59.1.1 - x86
      Running from: C:\Documents and Settings\Owner\My Documents\Downloads\commy.exe.exe
      .

      (((((((((((((((((((((((((   Files Created from 2010-08-28 to 2010-09-29  )))))))))))))))))))))))))))))))
      .

      2010-09-28 21:33:19 . 2010-09-28 21:30:24   53632   ----a-w-   C:\Documents and Settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
      2010-09-28 21:32:14 . 2010-09-28 21:32:14   --------   d-----w-   C:\Program Files\Common Files\Adobe AIR
      2010-09-28 21:29:47 . 2010-09-28 21:29:48   --------   d-----w-   C:\Documents and Settings\All Users\Application Data\McAfee
      2010-09-28 21:29:42 . 2010-09-28 21:29:46   --------   d-----w-   C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
      2010-09-28 21:26:59 . 2010-09-28 21:27:00   --------   d-----w-   C:\Program Files\McAfee Security Scan
      2010-09-28 21:26:59 . 2010-09-28 21:26:59   --------   d-----w-   C:\Documents and Settings\Owner\Local Settings\Application Data\Adobe
      2010-09-28 21:26:58 . 2010-09-28 21:26:58   --------   d-----w-   C:\Documents and Settings\Owner\Local Settings\Application Data\NOS
      2010-09-28 21:22:40 . 2010-09-28 21:22:40   --------   d-sh--w-   C:\Documents and Settings\Owner\IECompatCache
      2010-09-28 21:11:38 . 2010-09-28 21:11:38   --------   d-----w-   C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla
      2010-09-27 21:39:57 . 2010-09-27 21:39:58   388096   ----a-r-   C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
      2010-09-27 21:39:55 . 2010-09-27 22:42:32   --------   d-----w-   C:\Program Files\Trend Micro
      2010-09-27 16:09:33 . 2010-09-27 16:09:33   4093792   ----a-w-   C:\Documents and Settings\All Users\Application Data\avg9\update\backup\avgui.exe
      2010-09-27 16:09:32 . 2010-09-27 16:09:32   3586912   ----a-w-   C:\Documents and Settings\All Users\Application Data\avg9\update\backup\setup.exe
      2010-09-27 16:09:28 . 2010-09-27 16:09:28   598368   ----a-w-   C:\Documents and Settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll
      2010-09-27 16:09:27 . 2010-09-27 16:09:27   942432   ----a-w-   C:\Documents and Settings\All Users\Application Data\avg9\update\backup\avgcfgx.dll
      2010-09-27 16:09:27 . 2010-09-27 16:09:27   4371296   ----a-w-   C:\Documents and Settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
      2010-09-27 16:09:25 . 2010-09-27 16:09:25   300896   ----a-w-   C:\Documents and Settings\All Users\Application Data\avg9\update\backup\avgchclx.dll
      2010-09-27 16:02:31 . 2010-09-27 16:02:31   1690952   ----a-w-   C:\Documents and Settings\All Users\Application Data\avg9\update\backup\avgupd.dll
      2010-09-27 15:43:39 . 2010-09-27 15:43:40   12536   ----a-w-   C:\WINDOWS\system32\avgrsstx.dll
      2010-09-27 15:42:55 . 2010-09-27 15:42:55   216400   ----a-w-   C:\WINDOWS\system32\drivers\avgldx86.sys
      2010-09-27 15:42:51 . 2010-09-27 15:42:51   29584   ----a-w-   C:\WINDOWS\system32\drivers\avgmfx86.sys
      2010-09-27 15:42:27 . 2010-09-28 22:25:36   --------   d-----w-   C:\WINDOWS\system32\drivers\Avg
      2010-09-27 15:42:01 . 2010-09-27 15:42:01   --------   d-----w-   C:\Program Files\AVG
      2010-09-27 15:41:57 . 2010-09-27 15:42:01   --------   d-----w-   C:\Documents and Settings\All Users\Application Data\avg9
      2010-09-27 13:46:10 . 2010-09-27 19:40:56   63488   ----a-w-   C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
      2010-09-27 13:44:36 . 2010-09-27 13:44:36   52224   ----a-w-   C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
      2010-09-27 13:44:08 . 2010-09-27 19:40:01   117760   ----a-w-   C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
      2010-09-27 13:42:56 . 2010-09-27 13:42:56   --------   d-----w-   C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
      2010-09-27 13:42:32 . 2010-09-27 13:43:02   --------   d-----w-   C:\Program Files\SUPERAntiSpyware
      2010-09-27 13:08:42 . 2010-09-27 13:08:42   --------   d-----w-   C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
      2010-09-27 00:40:00 . 2010-09-27 00:40:04   --------   d-----w-   C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
      2010-09-27 00:39:59 . 2010-09-27 00:40:05   --------   d-----w-   C:\Program Files\TeaTimer (Spybot - Search & Destroy)
      2010-09-27 00:39:59 . 2010-09-27 00:40:05   --------   d-----w-   C:\Program Files\SDHelper (Spybot - Search & Destroy)
      2010-09-27 00:39:59 . 2010-09-27 00:40:03   --------   d-----w-   C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
      2010-09-27 00:04:09 . 2009-11-21 15:51:04   471552   -c----w-   C:\WINDOWS\system32\dllcache\aclayers.dll
      2010-09-27 00:03:23 . 2010-06-14 14:31:20   744448   -c----w-   C:\WINDOWS\system32\dllcache\helpsvc.exe
      2010-09-27 00:00:35 . 2010-06-24 12:21:56   743424   -c----w-   C:\WINDOWS\system32\dllcache\iedvtool.dll
      2010-09-26 23:56:24 . 2010-06-18 13:36:12   3558912   -c----w-   C:\WINDOWS\system32\dllcache\moviemk.exe
      2010-09-26 21:02:18 . 2008-04-13 18:45:38   26368   -c--a-w-   C:\WINDOWS\system32\dllcache\usbstor.sys
      2010-09-26 00:23:40 . 2008-04-13 18:39:48   14592   -c--a-w-   C:\WINDOWS\system32\dllcache\kbdhid.sys
      2010-09-26 00:23:40 . 2008-04-13 18:39:48   14592   ----a-w-   C:\WINDOWS\system32\drivers\kbdhid.sys
      2010-09-26 00:23:04 . 2008-04-13 18:45:28   10368   -c--a-w-   C:\WINDOWS\system32\dllcache\hidusb.sys
      2010-09-26 00:23:04 . 2008-04-13 18:45:28   10368   ----a-w-   C:\WINDOWS\system32\drivers\hidusb.sys

      .
      ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2010-09-28 23:30:18 . 2006-03-20 03:55:56   --------   d-----w-   C:\Documents and Settings\All Users\Application Data\Viewpoint
      2010-09-27 13:38:58 . 2006-01-07 03:40:06   --------   d-----w-   C:\Documents and Settings\Owner\Application Data\Lavasoft
      2010-09-27 12:57:09 . 2006-03-18 21:27:37   --------   d-----w-   C:\Program Files\ewido anti-malware
      2010-09-27 12:57:09 . 2006-01-07 03:50:07   --------   d-----w-   C:\Program Files\Spybot - Search & Destroy
      2010-09-27 12:51:34 . 2006-01-07 03:50:10   --------   d-----w-   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2010-09-27 01:17:52 . 2006-01-06 03:04:04   --------   d-----w-   C:\Program Files\Common Files\Real
      2010-09-27 01:17:14 . 2006-01-06 02:37:45   --------   d-----w-   C:\Program Files\Gateway
      2010-09-27 01:17:12 . 2006-01-06 02:59:12   --------   d-----w-   C:\Program Files\pc-doctor for windows
      2010-09-27 00:34:38 . 2009-06-20 08:41:11   --------   d-----w-   C:\Program Files\CCleaner
      2010-08-17 13:17:06 . 2005-06-10 23:55:46   58880   ----a-w-   C:\WINDOWS\system32\spoolsv.exe
      2010-07-22 15:49:15 . 2004-03-06 02:16:11   590848   ----a-w-   C:\WINDOWS\system32\rpcrt4.dll
      2010-07-22 05:57:20 . 2009-06-20 10:09:43   5120   ----a-w-   C:\WINDOWS\system32\xpsp4res.dll
      .

      (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4

      C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
      McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
      "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 17:13:36 77824]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
      2010-09-27 15:42:14   2065760   ----a-w-   C:\PROGRA~1\AVG\AVG9\avgtray.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
      2006-01-06 02:37:59   114688   ----a-w-   C:\WINDOWS\system32\hkcmd.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
      2006-01-06 02:38:02   155648   ----a-w-   C:\WINDOWS\system32\igfxtray.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
      2010-09-10 16:20:20   2424560   ----a-w-   C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

      R3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 12:49:20 227232]
      R3 PCDRDRV;Pcdr Helper Driver;C:\PROGRA~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys

      S1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2010-09-27 15:42:55 216400]
      S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 18:25:48 12872]
      S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 18:41:30 67656]
      S2 avg9wd;AVG Free WatchDog;C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-09-27 15:42:07 308136]

      .
      .
      ------- Supplementary Scan -------
      .
      uStart Page = hxxp://www.yahoo.com/
      uInternet Settings,ProxyOverride = <local>
      uSearchAssistant = hxxp://www.google.com/ie
      uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
      DPF: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
      DPF: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
      FF - ProfilePath - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n08om8ce.default\
      FF - prefs.js: browser.startup.homepage - www.yahoo.com

      ---- FIREFOX POLICIES ----
      C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
      C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
      C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
      .
      - - - - ORPHANS REMOVED - - - -

      MSConfigStartUp-AVG7_CC - C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
      MSConfigStartUp-GWMDMMSG - GWMDMMSG.exe
      MSConfigStartUp-RealTray - C:\Program Files\Real\RealPlayer\RealPlay.exe


      Dream untill your dreams come true.

      SuperDave

      • Malware Removal Specialist
      • Moderator


      • Genius
      • Thanked: 1020
      • Certifications: List
      • Experience: Expert
      • OS: Windows 10
      Re: Hijackthis log file please help.
      « Reply #3 on: September 29, 2010, 04:22:34 PM »
      Please download 7-Zip and install it. If you already have it, no need to reinstall.

      Then, download RootkitUnhooker and save the setup to your Desktop.

      • Right-click on the RootkitUnhooker setup and mouse-over 7-Zip then click Extract to "RKU***"
      • Once that is done, enter the folder, and double-click on the setup file. Navigate through setup and finish.
      • Once that is done, you will see another folder that was created inside the RKU folder. Enter that folder, and double-click on the randomly named file. (It will be alpha-numeric and have an EXE extension on it.)
      • It will initialize itself and load the scanner. It will also install its driver. Please wait for the interface to begin.
      • Once inside the interface, do not fix anything. Click on the Report tab.
      • Next, click on the Scan button and a popup will show. Make sure all are checked, then click on OK. It will begin scanning. When it gets to the Files tab, it will ask you what drives to scan. Just select C:\ and hit OK.
      • It will finish in about 5 minutes or a little longer depending on how badly infected the system is, or if your security software is enabled.
      • When finished, it will show the report in the Report tab. Please copy all of it, and post it in your next reply. Depending on how large the log is, you may have to use two or three posts to get all the information in.
      Windows 8 and Windows 10 dual boot with two SSD's

      MP1975

        Topic Starter


        Apprentice
        Re: Hijackthis log file please help.
        « Reply #4 on: September 30, 2010, 07:58:41 AM »
        Windows cannot open the RKU file. Which software should I use to open it ?

        Thanks,
        MP.
        Dream untill your dreams come true.

        SuperDave

        • Malware Removal Specialist
        • Moderator


        • Genius
        • Thanked: 1020
        • Certifications: List
        • Experience: Expert
        • OS: Windows 10
        Re: Hijackthis log file please help.
        « Reply #5 on: September 30, 2010, 01:16:53 PM »
        Please try this instead.

        Download the GMER Rootkit Scanner. Unzip it to your Desktop.

        Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

        Double-click gmer.exe. The program will begin to run.

        **Caution**
        These types of scans can produce false positives. Do NOT take any action on any
        "<--- ROOKIT" entries unless advised!

        If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
        • Click NO
        • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
        • Now click the Scan button.
        • Once the scan is complete, you may receive another notice about rootkit activity.
        • Click OK.
        • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
        • Save it where you can easily find it, such as your desktop.
        Windows 8 and Windows 10 dual boot with two SSD's

        MP1975

          Topic Starter


          Apprentice
          Re: Hijackthis log file please help.
          « Reply #6 on: September 30, 2010, 03:49:28 PM »
          Dave ,

          Before I forget, when I switched over to firefox it also downloaded McAfee which I am going to uninstall. FYI

          Gmer is running now results when I get em.

          Thanks again,
          MP.
          Dream untill your dreams come true.

          MP1975

            Topic Starter


            Apprentice
            Re: Hijackthis log file please help.
            « Reply #7 on: September 30, 2010, 04:47:33 PM »
            GMER 1.0.15.15281 - http://www.gmer.net
            Rootkit scan 2010-09-30 18:46:29
            Windows 5.1.2600 Service Pack 3
            Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kfdiyfod.sys


            ---- User code sections - GMER 1.0.15 ----

            .text           C:\Program Files\Mozilla Firefox\firefox.exe[496] ntdll.dll!LdrLoadDll               7C9163C3 5 Bytes  JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

            ---- Devices - GMER 1.0.15 ----

            AttachedDevice  \FileSystem\Fastfat \Fat                                                             fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

            ---- Registry - GMER 1.0.15 ----

            Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout   15
            Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota      10000
            Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler                    yes
            Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk                   
            Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout   90
            Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota     10000
            Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@RequireSignedAppInit_DLLs  1

            ---- EOF - GMER 1.0.15 ----
            Dream untill your dreams come true.

            SuperDave

            • Malware Removal Specialist
            • Moderator


            • Genius
            • Thanked: 1020
            • Certifications: List
            • Experience: Expert
            • OS: Windows 10
            Re: Hijackthis log file please help.
            « Reply #8 on: September 30, 2010, 06:54:08 PM »
            I'd like to scan your machine with ESET OnlineScan

            •Hold down Control and click on the following link to open ESET OnlineScan in a new window.
            ESET OnlineScan
            •Click the button.
            •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
            • Click on to download the ESET Smart Installer. Save it to your desktop.
            • Double click on the icon on your desktop.
            •Check
            •Click the button.
            •Accept any security warnings from your browser.
            •Check
            •Push the Start button.
            •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
            •When the scan completes, push
            •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
            •Push the button.
            •Push
            A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

            Windows 8 and Windows 10 dual boot with two SSD's

            MP1975

              Topic Starter


              Apprentice
              Re: Hijackthis log file please help.
              « Reply #9 on: October 01, 2010, 08:22:06 AM »
              Wierd, Booted the tower up and it seems to be caught in a loop, the Gateway screen comes up then the microsoft screen and it continues that way. Is the above alright to run in safe mode?

              I did also try to start it up using the last known good start up but that diidn't work. Now its just powered down.
              Dream untill your dreams come true.

              SuperDave

              • Malware Removal Specialist
              • Moderator


              • Genius
              • Thanked: 1020
              • Certifications: List
              • Experience: Expert
              • OS: Windows 10
              Re: Hijackthis log file please help.
              « Reply #10 on: October 01, 2010, 01:40:33 PM »
              Did you try booting with your OS disk in?
              Windows 8 and Windows 10 dual boot with two SSD's

              MP1975

                Topic Starter


                Apprentice
                Re: Hijackthis log file please help.
                « Reply #11 on: October 01, 2010, 02:08:47 PM »
                divorced, moved, moved again no disc! lol
                Dream untill your dreams come true.

                SuperDave

                • Malware Removal Specialist
                • Moderator


                • Genius
                • Thanked: 1020
                • Certifications: List
                • Experience: Expert
                • OS: Windows 10
                Re: Hijackthis log file please help.
                « Reply #12 on: October 01, 2010, 04:45:25 PM »
                We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.

                Download the OTLPE Standard REATOGO Windows Recovery Environment.
                  Place a blank CD-R disc in to your CD burning drive.Download
                OTLPEStd.exe and double-click on it to burn to a CD using the ISO Burner.Reboot your system using the boot CD you just created.

                Note : If you do not know how to set your computer to boot from CD follow the steps here
                Your system should now display a REATOGO-X-PE desktop.
                Double-click on the OTLPE icon.
                When asked "Do you wish to load the remote registry", select Yes
                When asked "Do you wish to load remote user profile(s) for scanning", select Yes
                Ensure the box "Automatically Load All Remaining Users" is checked and press OK
                OTL should now start. Change the following settings
                • Change Drivers to Non-Microsoft
                  Press Run Scan to start the scan.
                  When finished, the file will be saved  in drive C:\_OTL\MovedFiles
                  Copy this file to your USB drive if you do not have internet connection on this system
                  Please post the contents of the OTL.txt file in your reply.
                [/list]
                Windows 8 and Windows 10 dual boot with two SSD's

                MP1975

                  Topic Starter


                  Apprentice
                  Re: Hijackthis log file please help.
                  « Reply #13 on: October 05, 2010, 09:33:19 AM »
                  Sorry for the delayed response. Had a flood here Friday and went away the next two days.

                  For some reason the computer comes up now ? So I started the procedure from eset as originally requested.
                  At the end of the scan it did not give me the option to produce a report. There were no bugs found and all I could do was press finished.
                  I also took the uninstall option which was a check mark after the scan results.

                  It boots super fast now for some reason but any request at all, open fire fox or to run SAS, takes minutes and if you try to do more then one thing at a time you have to right click to close one and it always comes up programs not responding etc etc. Then you have to do that 4 or 5 times?



                  Thanks for the help again,
                  MP.



                  Dream untill your dreams come true.

                  SuperDave

                  • Malware Removal Specialist
                  • Moderator


                  • Genius
                  • Thanked: 1020
                  • Certifications: List
                  • Experience: Expert
                  • OS: Windows 10
                  Re: Hijackthis log file please help.
                  « Reply #14 on: October 05, 2010, 01:47:44 PM »
                  Quote
                  Had a flood here Friday and went away the next two days.
                  I hope it didn't cause you too much damage. It looks like your computer is clean. As for the slowness, it could be a number of things. I will include a link below to trouble-shoot slowness in a computer. Let's do some clean-up.

                  * Click START then RUN - Vista users press the Windows Key and the R keys together for the Run box.
                  * Now type commy /uninstall in the runbox
                  * Make sure there's a space between commy and /Uninstall
                  * Then hit Enter

                  * The above procedure will:
                  * Delete the following:
                  * ComboFix and its associated files and folders.
                  * Reset the clock settings.
                  * Hide file extensions, if required.
                  * Hide System/Hidden files, if required.
                  * Set a new, clean Restore Point.

                  *********************************
                  Clean out your temporary internet files and temp files.

                  Download TFC by OldTimer to your desktop.

                  Double-click TFC.exe to run it.

                  Note: If you are running on Vista, right-click on the file and choose Run As Administrator

                  TFC will close all programs when run, so make sure you have saved all your work before you begin.

                  * Click the Start button to begin the cleaning process.
                  * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
                  * Please let TFC run uninterrupted until it is finished.

                  Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

                  *************************************
                  In case you don't have a third-party firewall.

                  Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

                  Remember only install ONE firewall

                  1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
                  2) Online Armor
                  3) Agnitum Outpost
                  4) PC Tools Firewall Plus

                  If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
                  ***************************************
                  Use the Secunia Software Inspector to check for out of date software.

                  •Click Start Now

                  •Check the box next to Enable thorough system inspection.

                  •Click Start

                  •Allow the scan to finish and scroll down to see if any updates are needed.
                  •Update anything listed.
                  .
                  ----------

                  Go to Microsoft Windows Update and get all critical updates.

                  ----------

                  I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

                  SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
                  * Using SpywareBlaster to protect your computer from Spyware and Malware
                  * If you don't know what ActiveX controls are, see here

                  Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

                  Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

                  Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
                  Safe Surfing!
                  Windows 8 and Windows 10 dual boot with two SSD's