popsfl

Members
 View Profile  See their activity

  • Content Count

    1

  • Joined

  • Last visited

 Content Type 

Posts posted by popsfl

  1. Something To See

    in Malware Removal

    Posted

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 9:54:58 PM, on 10/21/2008

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

    C:\Program Files\Alwil Software\Avast4\ashServ.exe

    C:\WINDOWS\Explorer.EXE

    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

    C:\ibmtools\aptezbtn\aptezbp.exe

    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    C:\Program Files\wmconnect\wmtray.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\system32\PackethSvc.exe

    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

    C:\Program Files\wmconnect\wwm.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

    O4 - HKLM\..\Run: [AEZBProc] c:\ibmtools\aptezbtn\aptezbp.exe

    O4 - HKLM\..\RunOnce: [spybotDeletingA3369] command /c del "C:\WINDOWS\SchedLgU.Txt"

    O4 - HKLM\..\RunOnce: [spybotDeletingC1348] cmd /c del "C:\WINDOWS\SchedLgU.Txt"

    O4 - HKLM\..\RunOnce: [spybotDeletingA3307] command /c del "C:\WINDOWS\SchedLgU.Txt"

    O4 - HKLM\..\RunOnce: [spybotDeletingC7808] cmd /c del "C:\WINDOWS\SchedLgU.Txt"

    O4 - HKLM\..\RunOnce: [spybotDeletingA8107] command /c del "C:\WINDOWS\SchedLgU.Txt"

    O4 - HKLM\..\RunOnce: [spybotDeletingC675] cmd /c del "C:\WINDOWS\SchedLgU.Txt"

    O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    O4 - HKCU\..\RunOnce: [spybotDeletingB4492] command /c del "C:\WINDOWS\SchedLgU.Txt"

    O4 - HKCU\..\RunOnce: [spybotDeletingD813] cmd /c del "C:\WINDOWS\SchedLgU.Txt"

    O4 - HKCU\..\RunOnce: [spybotDeletingD5172] cmd /c del "C:\WINDOWS\SchedLgU.Txt"

    O4 - HKCU\..\RunOnce: [spybotDeletingB1126] command /c del "C:\WINDOWS\SchedLgU.Txt"

    O4 - HKCU\..\RunOnce: [spybotDeletingD2958] cmd /c del "C:\WINDOWS\SchedLgU.Txt"

    O4 - Global Startup: Netscape Connect Tray Icon.lnk = C:\Program Files\wmconnect\wmtray.exe

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1216343564275

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1216344284741

    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{AC2B1A70-7D1B-4C3D-BCD4-DAE73E3568B5}: NameServer = 205.188.146.145

    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

    O23 - Service: getPlusĀ® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

    O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\system32\PackethSvc.exe

    --

    End of file - 5030 bytes