Solved: Virus Removal...Hijackthis Log included

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

kickrz

Thread Starter
Joined
Jul 30, 2003
Messages
365
I am trying to figure out how to remove a couple problems from my moms computer. Norton has detected a virus Bloodhound.packed.10 and a Trojan Horse that can NOT be removed. My mom basically uses the computer for email and playing pogo. The computer has been recently reformatted. Here is the hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 12:44:14 PM, on 2/11/07
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\system32\internat.exe
C:\WINNT\Downloaded Program Files\UWA7P_0001_N91M0809NetInstaller.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Pat\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pogo.com/home/home.do
O2 - BHO: (no name) - {0F223320-D48F-4C3C-8A75-57CA1FC3C862} - C:\WINNT\system32\iiijj.dll
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\WINNT\system32\ilfqmush.dll (file missing)
O2 - BHO: (no name) - {B22CE870-2D05-4FDA-99EE-7A101875189A} - C:\WINNT\system32\efccayy.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NI.UWA7P_0001_N91M0809] "C:\WINNT\Downloaded Program Files\UWA7P_0001_N91M0809NetInstaller.exe" -nag
O4 - HKCU\..\Run: [internat.exe] internat.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.9.0.61/aces/aces-en_US.cab
O16 - DPF: Hog Heaven Slots by pogo - http://game1.pogo.com/applet-6.9.1.38/fancy/fancy-en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.9.0.61/lottso/lottso-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.9.1.32/mahjong/mahjong-en_US.cab
O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-6.9.1.32/poppazoppa/poppazoppa-en_US.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.9.0.61/wordwhomp2/whomp2-en_US.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169842205448
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8CC8026B-0591-4BAD-9FF4-705605F0B85C}: NameServer = 199.166.6.2 209.239.11.98
O20 - Winlogon Notify: efccayy - C:\WINNT\SYSTEM32\efccayy.dll
O20 - Winlogon Notify: iiijj - C:\WINNT\system32\iiijj.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Windows Host Services (DLLHOST32) - Unknown owner - C:\WINNT\system\dllhost.exe (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

Any help is appreciated.
Thanks
 

kickrz

Thread Starter
Joined
Jul 30, 2003
Messages
365
Also...I just noticed that the CPU Usage is at 100% and NEVER budges. The one running the most is WINLOGON.EXE.
 
Joined
Sep 7, 2004
Messages
49,014
Please download http://www.atribune.org/ccount/click.php?id=4 to C:\
Double-click VundoFix.exe to run it.
click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES.
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Please post the contents of C:\vundofix.txt and a new HijackThis log.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.
====================

Download Superantispyware (SAS)

http://www.superantispyware.com/superantispywarefreevspro.html

Install it and double-click the icon on your desktop to run it.
· It will ask if you want to update the program definitions, click Yes.
· Under Configuration and Preferences, click the Preferences button.
· Click the Scanning Control tab.
· Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
· On the main screen, under Scan for Harmful Software click Scan your computer.
· On the left check C:\Fixed Drive.
· On the right, under Complete Scan, choose Perform Complete Scan.
· Click Next to start the scan. Please be patient while it scans your computer.
· After the scan is complete a summary box will appear. Click OK.
· Make sure everything in the white box has a check next to it, then click Next.
· It will quarantine what it found and if it asks if you want to reboot, click Yes.
· To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
· Click close and close again to exit the program.
· Please paste that information here for me with a new HijackThis log.
 

kickrz

Thread Starter
Joined
Jul 30, 2003
Messages
365
Thanks it is slow going...I am searching now in VundoFix but it seems to be taking awhile. I appreciate the help and will post the results as soon as this slooww computer can.
 

kickrz

Thread Starter
Joined
Jul 30, 2003
Messages
365
Ok here is what I have so far.
Vundofix Log:

VundoFix V6.3.6

Checking Java version...

Sun Java not detected
Scan started at 1:56:25 PM 2/11/07

Listing files found while scanning....


VundoFix V6.3.6

Checking Java version...

Sun Java not detected
Scan started at 2:13:02 PM 2/15/07

Listing files found while scanning....


VundoFix V6.3.6

Checking Java version...

Sun Java not detected
Scan started at 3:20:44 PM 2/15/07

Listing files found while scanning....

C:\WINNT\system32\efccayy.dll
C:\WINNT\system32\iiijj.dll
C:\WINNT\system32\ilfqmush.dll
C:\WINNT\system32\jjiii.bak1
C:\WINNT\system32\jjiii.bak2
C:\WINNT\system32\jjiii.ini

Beginning removal...

Attempting to delete C:\WINNT\system32\efccayy.dll
C:\WINNT\system32\efccayy.dll Has been deleted!

Attempting to delete C:\WINNT\system32\iiijj.dll
C:\WINNT\system32\iiijj.dll Has been deleted!

Attempting to delete C:\WINNT\system32\jjiii.bak1
C:\WINNT\system32\jjiii.bak1 Has been deleted!

Attempting to delete C:\WINNT\system32\jjiii.bak2
C:\WINNT\system32\jjiii.bak2 Has been deleted!

Attempting to delete C:\WINNT\system32\jjiii.ini
C:\WINNT\system32\jjiii.ini Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.6

Checking Java version...

Sun Java not detected
Scan started at 3:29:29 PM 2/15/07

Listing files found while scanning....

C:\WINNT\system32\efccayy.dll
C:\WINNT\system32\ilfqmush.dll

Beginning removal...

Performing Repairs to the registry.
Done!

VundoFix V6.3.6

Checking Java version...

Sun Java not detected
Scan started at 4:23:41 PM 2/15/07

Listing files found while scanning....



SUPERAntiVirus Log:

SUPERAntiSpyware Scan Log
Generated 02/15/2007 at 04:27 PM

Application Version : 3.5.1016

Core Rules Database Version : 3165
Trace Rules Database Version: 1176

Scan type : Complete Scan
Total Scan Time : 00:28:47

Memory items scanned : 290
Memory threats detected : 0
Registry items scanned : 2530
Registry threats detected : 24
File items scanned : 9397
File threats detected : 15

Trojan.WinAntiSpyware/WinAntiVirus 2006/2007
HKLM\SYSTEM\CurrentControlSet\Services\vspf
HKLM\SYSTEM\CurrentControlSet\Services\vspf#Type
HKLM\SYSTEM\CurrentControlSet\Services\vspf#Start
HKLM\SYSTEM\CurrentControlSet\Services\vspf#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\vspf#Tag
HKLM\SYSTEM\CurrentControlSet\Services\vspf#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\vspf#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\vspf#Group
HKLM\SYSTEM\CurrentControlSet\Services\vspf#DependOnService
HKLM\SYSTEM\CurrentControlSet\Services\vspf#DependOnGroup
HKLM\SYSTEM\CurrentControlSet\Services\vspf\Security
HKLM\SYSTEM\CurrentControlSet\Services\vspf\Security#Security
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk#Type
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk#Start
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk#Tag
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk#Group
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Security
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Security#Security
HKU\S-1-5-21-1960408961-152049171-1957994488-1000\Software\WinAntiVirus Pro 2007
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\Program Files\Common Files\WinAntiVirus Pro 2007\WAPChk.dll [  ]
C:\WINNT\system32\av.cpl
C:\Program Files\Common Files\WinAntiVirus Pro 2007\atl71.dll
C:\Program Files\Common Files\WinAntiVirus Pro 2007\err.log
C:\Program Files\Common Files\WinAntiVirus Pro 2007\mfc71.dll
C:\Program Files\Common Files\WinAntiVirus Pro 2007\msvcp71.dll
C:\Program Files\Common Files\WinAntiVirus Pro 2007\msvcr71.dll
C:\Program Files\Common Files\WinAntiVirus Pro 2007\SpOrder.dll
C:\Program Files\Common Files\WinAntiVirus Pro 2007\uwa7pcw.exe
C:\Program Files\Common Files\WinAntiVirus Pro 2007\WAPChk.dll
C:\Program Files\Common Files\WinAntiVirus Pro 2007
C:\Documents and Settings\Pat\Application Data\WinAntiVirus Pro 2007\Logs\winav.log
C:\Documents and Settings\Pat\Application Data\WinAntiVirus Pro 2007\Logs
C:\Documents and Settings\Pat\Application Data\WinAntiVirus Pro 2007
C:\DOCUMENTS AND SETTINGS\PAT\LOCAL SETTINGS\TEMP\NI.UWA7P_0001_N91M0809\SETUP.EXE

Trojan.Downloader-WBRock
C:\VUNDOFIX BACKUPS\EFCCAYY.DLL.BAD


And Hijackthis Log:

Logfile of HijackThis v1.99.1
Scan saved at 4:43:48 PM, on 2/15/07
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINNT\system32\internat.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\WINNT\system32\NOTEPAD.EXE
C:\WINNT\system32\notepad.exe
C:\Documents and Settings\Pat\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pogo.com/home/home.do
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\WINNT\system32\ilfqmush.dll (file missing)
O2 - BHO: (no name) - {B22CE870-2D05-4FDA-99EE-7A101875189A} - C:\WINNT\system32\efccayy.dll (file missing)
O2 - BHO: (no name) - {E8C54B2A-5128-4AF6-BB6B-B1D06404F4CE} - C:\WINNT\system32\iiijj.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.9.0.61/aces/aces-en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.9.0.61/lottso/lottso-en_US.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.9.2.22/wordwhomp2/whomp2-en_US.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169842205448
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Windows Host Services (DLLHOST32) - Unknown owner - C:\WINNT\system\dllhost.exe (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe (file missing)

I also notice when I start Vundofix there are always the same 3 files there when I start. I also got an error message:
Cannot import c:\\vundofix.reg: Error opening the file. There may be a disk or file system error

Hope this helps...all is does for me is give me a massive headache!

Thanks
 
Joined
Sep 7, 2004
Messages
49,014
Not sure what you are saying there at the end - What 3 files

Fix these with HiJackThis – mark them, close IE, click fix checked

O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\WINNT\system32\ilfqmush.dll (file missing)

O2 - BHO: (no name) - {B22CE870-2D05-4FDA-99EE-7A101875189A} - C:\WINNT\system32\efccayy.dll (file missing)

O2 - BHO: (no name) - {E8C54B2A-5128-4AF6-BB6B-B1D06404F4CE} - C:\WINNT\system32\iiijj.dll (file missing)

O23 - Service: Windows Host Services (DLLHOST32) - Unknown owner - C:\WINNT\system\dllhost.exe (file missing)
============
Click Start > Run > and type in:

services.msc

Click OK.

In the services window find this exact name

Windows Host Services

Rightclick and choose "Properties". Beside "Startup Type" in the dropdown menu select "Disabled". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Click Apply then OK. File-Exit the Services utility.

START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Not all temp files will delete and that is normal
Empty the recycle bin
Boot and post a new hijack log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system
 

kickrz

Thread Starter
Joined
Jul 30, 2003
Messages
365
Sorry when I start up vundofix these are the files I see:

C:\WINNT\system32\efccayy.dll
C:\WINNT\system32\ilfqmush.dll
C:\WINNT\system32\ilfqmush.dll

Looks just like that once I click scan and even though it says above they were removed.
 
Joined
Sep 7, 2004
Messages
49,014
DownLoad http://www.downloads.subratam.org/KillBox.zip or
http://www.thespykiller.co.uk/files/killbox.exe


Double-click on Killbox.exe to run it. Now put a tick by DELETE ON REBOOT. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\WINNT\system32\efccayy.dll
C:\WINNT\system32\ilfqmush.dll
 

kickrz

Thread Starter
Joined
Jul 30, 2003
Messages
365
Ok before that here is the hijack this log:
Logfile of HijackThis v1.99.1
Scan saved at 5:07:12 PM, on 2/15/07
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINNT\system32\internat.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Pat\Desktop\HijackThis.exe
C:\Documents and Settings\Pat\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pogo.com/home/home.do
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.9.0.61/aces/aces-en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.9.0.61/lottso/lottso-en_US.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.9.2.22/wordwhomp2/whomp2-en_US.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169842205448
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe (file missing)

Off to do the rest.
 
Joined
Sep 7, 2004
Messages
49,014
martingreg3 the log is clean - the work is done, stay out of others threads please!
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top