Spyware[INACTIVE]

mitrovic · October 2, 2007

Here is the Hijack This Log:

Logfile of HijackThis v1.99.1

Scan saved at 19:42:39, on 10/2/2007

Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Online Add-on\icthis.exe

C:\Program Files\Online Add-on\isfmntr.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Online Add-on\icmntr.exe

C:\Program Files\Online Add-on\isfmm.exe

C:\Program Files\Executive Software\DiskeeperLite\DKService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_SICN03.EXE

C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\ALEKSANDAR\Application Data\U300016215272E2FD\LaunchPad.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\DOCUME~1\ALEKSA~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: JugoStar_Radio toolbar - {49bdc432-33b3-4195-abf9-8628e540616b} - C:\Program Files\JugoStar_Radio\tbJug1.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: (no name) - {D579A683-0CC7-4023-BAE7-0544D0D1DA3A} - C:\Program Files\Online Add-on\isfmdl.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: JugoStar_Radio toolbar - {49bdc432-33b3-4195-abf9-8628e540616b} - C:\Program Files\JugoStar_Radio\tbJug1.dll

O3 - Toolbar: IE Custom Tools - {41F6170D-6AF8-4188-8D92-9DDAB3C71A78} - C:\Program Files\Online Add-on\ictmdl.dll

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe

Thank you

rmurphy · October 3, 2007

Welcome to BestTechie. I'm Ryan, and I'll be helping you clean your computer.

I would like to see an Uninstall list.

Open HijackThis, click Config, click Misc Tools

Click "Open Uninstall Manager"

Click "Save List" (generates uninstall_list.txt)

-Ryan

mitrovic · October 3, 2007

Ad-Aware SE Personal

Adobe Reader 8.1.0

Diskeeper Lite

DivX Codec

DivX Content Uploader

DivX Converter

DivX Player

DivX Web Player

eMule

EPSON Printer Software

Google Earth

Google Toolbar for Internet Explorer

HijackThis 2.0.0

HP OrderReminder

IE Custom Tools

IE Safety Features

Information Center

J2SE Runtime Environment 5.0 Update 3

JugoStar_Radio Toolbar

LaserJet 1018

LiveUpdate 2.7 (Symantec Corporation)

Macromedia Flash Player 8

Microsoft Works 7.0

Mozilla Firefox (2.0.0.7)

RealPlayer

Spybot - Search & Destroy

Spybot - Search & Destroy 1.4

SpywareBlaster v3.5.1

Winamp (remove only)

Windows Installer 3.1 (KB893803)

Windows Live Messenger

Thanks again

rmurphy · October 3, 2007

== Remove Programs ==

Please go to Add/Remove Programs in the Control Panel, and remove the following programs

IE Custom Tools
IE Safety Features
Information Center
J2SE Runtime Environment 5.0 Update 3

Reboot your computer.

== Install Latest Java ==

Please go to THIS page, and click on the Download link that is in the Java Runtime Environment (JRE) 6 section.

Click the radio button next to Accept License Agreement after reviewing it. The page will refresh - this is normal.

Download the Windows Offline Installation, Multi-language. You will want to save this to a location you will remember.

Once it has finished downloading, double click it, and follow the prompts to install.

If it asks to reboot, select Yes.

== SmitFraud Scan ==

Please download SmitfraudFix (by S!Ri)

Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd

Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).

Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

http://www.beyondlogic.org/consulting/proc...processutil.htm

-Ryan

mitrovic · October 3, 2007

thx buddy

Sign In

Spyware[INACTIVE]

Recommended Posts

mitrovic

Link to post

Share on other sites

rmurphy

Link to post

Share on other sites

mitrovic

Link to post

Share on other sites

rmurphy

Link to post

Share on other sites

mitrovic

Link to post

Share on other sites

Browse

Activity