MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: HijackThis
April 06, 2020, 06:44:43 PM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
April 06, 2020, 06:44:43 PM

Login with username, password and session length
 Featured Sites:
News
New  Looking for cheap hardware and/or software?
Visit our new Online Store where you will be able to purchase from a reputable vendor by country.
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: HijackThis  (Read 961 times)
scypher84
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 11


Bookmark and Share

View Profile
« on: April 06, 2007, 09:11:23 AM »

I've been getting a lot of sporadic popups and am looking for help. I've already run Ad-Aware and Spybot on the settings specified by the sticky and a-squared Free on default settings. Here is my HijackThis log:


Logfile of HijackThis v1.99.1
Scan saved at 2:05:42 AM, on 4/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\BridgeDeCor.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\CTHELPER.EXE
C:\DOCUME~1\DANIEL~1\MYDOCU~1\MBOLS~1\smss.exe
C:\WINDOWS\s?curity\m?config.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Gaim\gaim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1EB78012-68F8-6D27-A34A-6BE33BE9F99A} - C:\WINDOWS\system32\erkuulgd.dll
O2 - BHO: (no name) - {46E2F213-68A3-3E74-F049-6FE34A9EA89A} - C:\WINDOWS\system32\ylgqzfd.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: OIN Search - {B9F6E8EB-A4E3-478E-88A4-D3995B5C45C8} - C:\Program Files\OIN Search\OINSearch.dll
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [BridgeDeCor] BridgeDeCor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKCU\..\Run: [Citrus Alarm Clock] C:\Program Files\Citrus Alarm Clock\citrusac.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Maum] "C:\DOCUME~1\DANIEL~1\MYDOCU~1\MBOLS~1\smss.exe" -vt yazb
O4 - HKCU\..\Run: [
Logged

 
dahli
Global Moderator
Sr. Member
*****

Karma: +5/-0
Offline Offline

Gender: Male
Posts: 152


Bookmark and Share

View Profile
« Reply #1 on: April 08, 2007, 07:05:54 PM »

Hello,

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
Do not proceed with the rest of the fix if you fail to run combofix
Disable script blocking if you have Norton Antivirus installed so it will not interfere with the fix. Trojan Hunter has been reported to detect combofix as Worm.Qiv.100.
 
Logged

Steve
scypher84
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 11


Bookmark and Share

View Profile
« Reply #2 on: April 12, 2007, 07:30:38 AM »

Here is the log:
 "Daniel  Xiao" - 07-04-12  0:23:35    Service Pack 2
ComboFix 07-04-05 - Running from: "C:\Documents and Settings\Daniel  Xiao\Desktop"


((((((((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\keyboard1.dat
C:\Program Files\Common Files\Yazzle1122OinAdmin.exe
C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\Program Files\oin search\OINSearch.dll
C:\Program Files\oin search\Uninstall.exe
C:\Program Files\outerinfo\OiUninstaller.exe
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\outerinfo\Terms.rtf
C:\WINDOWS\system32\setup.exe.tmp
C:\WINDOWS\system32\unsvchosts.lzma
C:\Program Files\oin search
C:\Program Files\outerinfo
C:\Program Files\winupdate
C:\Program Files\Common Files\{5839C~1
C:\Program Files\Common Files\{5839C~2
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~    Purity    ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\DOCUME~1
C:\qoobox\purity\DOCUME~1\DANIEL~1
C:\qoobox\purity\DOCUME~1\DANIEL~1\APPLIC~1
C:\qoobox\purity\DOCUME~1\DANIEL~1\MYDOCU~1
C:\qoobox\purity\DOCUME~1\DANIEL~1\APPLIC~1\FNTS~1
C:\qoobox\purity\DOCUME~1\DANIEL~1\APPLIC~1\FNTS~2
C:\qoobox\purity\DOCUME~1\DANIEL~1\APPLIC~1\from.txt
C:\qoobox\purity\DOCUME~1\DANIEL~1\APPLIC~1\SMANTE~1
C:\qoobox\purity\DOCUME~1\DANIEL~1\MYDOCU~1\from.txt
C:\qoobox\purity\DOCUME~1\DANIEL~1\MYDOCU~1\MBOLS~1
C:\qoobox\purity\DOCUME~1\DANIEL~1\MYDOCU~1\PPATCH~1
C:\qoobox\purity\DOCUME~1\DANIEL~1\MYDOCU~1\SSTEM3~1
C:\qoobox\purity\DOCUME~1\DANIEL~1\MYDOCU~1\STEM32~1
C:\qoobox\purity\DOCUME~1\DANIEL~1\MYDOCU~1\MBOLS~1\smss.exe
C:\qoobox\purity\DOCUME~1\DANIEL~1\MYDOCU~1\MBOLS~1\??mbols
C:\qoobox\purity\DOCUME~1\DANIEL~1\MYDOCU~1\MBOLS~1\??mbols\ctxad-538.0000
C:\qoobox\purity\DOCUME~1\DANIEL~1\MYDOCU~1\MBOLS~1\??mbols\ctxad-538.0001
C:\qoobox\purity\DOCUME~1\DANIEL~1\MYDOCU~1\MBOLS~1\??mbols\ctxad-538.0002
C:\qoobox\purity\DOCUME~1\DANIEL~1\MYDOCU~1\MBOLS~1\??mbols\ctxad-538.0003
C:\qoobox\purity\DOCUME~1\DANIEL~1\MYDOCU~1\MBOLS~1\??mbols\ctxad-538.0004
C:\qoobox\purity\DOCUME~1\DANIEL~1\MYDOCU~1\MBOLS~1\??mbols\ctxad-538.0005
C:\qoobox\purity\Program Files\ASKS~1
C:\qoobox\purity\Program Files\DOBE~1
C:\qoobox\purity\Program Files\RACLE~1
C:\qoobox\purity\Program Files\SSTEM3~1
C:\qoobox\purity\Program Files\SSTEM~1
C:\qoobox\purity\Program Files\Common Files\FNTS~1
C:\qoobox\purity\Program Files\Common Files\ICROSO~1.NET
C:\qoobox\purity\Program Files\Common Files\MCROSO~1
C:\qoobox\purity\Program Files\Common Files\SMANTE~1
C:\qoobox\purity\Program Files\Common Files\STEM~1
C:\qoobox\purity\WINDOWS\FNTS~1
C:\qoobox\purity\WINDOWS\FNTS~2
C:\qoobox\purity\WINDOWS\ICROSO~1
C:\qoobox\purity\WINDOWS\PPATCH~1
C:\qoobox\purity\WINDOWS\SCURIT~1
C:\qoobox\purity\WINDOWS\SCURIT~1\m?config.exe
C:\qoobox\purity\WINDOWS\system32\DOBE~1
C:\qoobox\purity\WINDOWS\system32\SEMBLY~1


(((((((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))


-------\COM+ Messages
-------\LEGACY_COM+_MESSAGES


(((((((((((((((((((((((((((((((   Files Created from 2007-03-12 to 2007-04-12  ))))))))))))))))))))))))))))))))))


2007-04-10 03:34   <DIR>   d--------   C:\Program Files\Switch Off
2007-04-05 17:01   76,560   --a------   C:\WINDOWS\system32\drivers\tmcomm.sys
2007-04-01 02:19   <DIR>   d--------   C:\Program Files\Real Alternative
2007-04-01 02:19   <DIR>   d--------   C:\Program Files\Media Player Classic
2007-04-01 02:19   <DIR>   d--------   C:\DOCUME~1\DANIEL~1\APPLIC~1\Real
2007-04-01 02:19   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real
2007-03-31 23:07   <DIR>   d--------   C:\DOCUME~1\DANIEL~1\.housecall6.6
2007-03-29 15:02   60,928   --a------   C:\WINDOWS\system32\erkuulgd.dll
2007-03-25 12:32   967   --a------   C:\WINDOWS\ScUnin.pif
2007-03-25 12:32   94,208   --a------   C:\WINDOWS\ScUnin.exe
2007-03-25 12:32   35,190   --a------   C:\WINDOWS\scunin.dat
2007-03-25 12:31   <DIR>   d--------   C:\Program Files\Starcraft
2007-03-15 00:14   2   --a------   C:\WINDOWS\system32\wcpicomsv.exe
2007-03-14 01:00   <DIR>   d--------   C:\Program Files\iTunes
2007-03-14 00:59   <DIR>   d--------   C:\Program Files\QuickTime
 
 
((((((((((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-11 22:51   --------   d--------   C:\DOCUME~1\DANIEL~1\APPLIC~1\utorrent
2007-04-11 22:40   28420   --a------   C:\WINDOWS\system32\tablet.dat
2007-03-25 21:42   --------   d--------   C:\DOCUME~1\DANIEL~1\APPLIC~1\hamachi
2007-03-24 13:26   17480   --a------   C:\WINDOWS\system32\drivers\hamachi.sys
2007-03-24 12:58   --------   d--------   C:\Program Files\diablo ii
2007-03-24 12:54   43520   --a------   C:\WINDOWS\system32\cmdlineext03.dll
2007-03-18 14:53   --------   d--------   C:\Program Files\ipod
2007-03-17 06:43   292864   --a------   C:\WINDOWS\system32\winsrv.dll
2007-03-12 01:13   --------   d--------   C:\Program Files\tablet
2007-03-08 08:36   577536   --a------   C:\WINDOWS\system32\user32.dll
2007-03-08 08:36   40960   --a------   C:\WINDOWS\system32\mf3216.dll
2007-03-08 08:36   281600   --a------   C:\WINDOWS\system32\gdi32.dll
2007-03-08 06:47   1843584   --a------   C:\WINDOWS\system32\win32k.sys
2007-03-03 13:11   --------   d--------   C:\Program Files\exact audio copy
2007-03-03 12:59   --------   d--------   C:\Program Files\flac
2007-02-25 14:43   --------   d--------   C:\DOCUME~1\DANIEL~1\APPLIC~1\netscape
2007-02-25 00:47   2   --a------   C:\WINDOWS\system32\wcpcc.exe
2007-02-24 23:52   --------   d--------   C:\DOCUME~1\DANIEL~1\APPLIC~1\
Logged

 
dahli
Global Moderator
Sr. Member
*****

Karma: +5/-0
Offline Offline

Gender: Male
Posts: 152


Bookmark and Share

View Profile
« Reply #3 on: April 12, 2007, 03:25:50 PM »

Download ATF (Atribune Temp File) Cleaner
Logged

Steve
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page June 29, 2018, 11:21:35 PM