1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Virus Removal...Hijackthis Log included

Discussion in 'Virus & Other Malware Removal' started by kickrz, Feb 11, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. kickrz

    kickrz Thread Starter

    Joined:
    Jul 30, 2003
    Messages:
    365
    I am trying to figure out how to remove a couple problems from my moms computer. Norton has detected a virus Bloodhound.packed.10 and a Trojan Horse that can NOT be removed. My mom basically uses the computer for email and playing pogo. The computer has been recently reformatted. Here is the hijack this log:

    Logfile of HijackThis v1.99.1
    Scan saved at 12:44:14 PM, on 2/11/07
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINNT\system32\internat.exe
    C:\WINNT\Downloaded Program Files\UWA7P_0001_N91M0809NetInstaller.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Pat\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pogo.com/home/home.do
    O2 - BHO: (no name) - {0F223320-D48F-4C3C-8A75-57CA1FC3C862} - C:\WINNT\system32\iiijj.dll
    O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\WINNT\system32\ilfqmush.dll (file missing)
    O2 - BHO: (no name) - {B22CE870-2D05-4FDA-99EE-7A101875189A} - C:\WINNT\system32\efccayy.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [NI.UWA7P_0001_N91M0809] "C:\WINNT\Downloaded Program Files\UWA7P_0001_N91M0809NetInstaller.exe" -nag
    O4 - HKCU\..\Run: [internat.exe] internat.exe
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.9.0.61/aces/aces-en_US.cab
    O16 - DPF: Hog Heaven Slots by pogo - http://game1.pogo.com/applet-6.9.1.38/fancy/fancy-en_US.cab
    O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.9.0.61/lottso/lottso-en_US.cab
    O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.9.1.32/mahjong/mahjong-en_US.cab
    O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-6.9.1.32/poppazoppa/poppazoppa-en_US.cab
    O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.9.0.61/wordwhomp2/whomp2-en_US.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169842205448
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8CC8026B-0591-4BAD-9FF4-705605F0B85C}: NameServer = 199.166.6.2 209.239.11.98
    O20 - Winlogon Notify: efccayy - C:\WINNT\SYSTEM32\efccayy.dll
    O20 - Winlogon Notify: iiijj - C:\WINNT\system32\iiijj.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Windows Host Services (DLLHOST32) - Unknown owner - C:\WINNT\system\dllhost.exe (file missing)
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe (file missing)
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

    Any help is appreciated.
    Thanks
     
  2. kickrz

    kickrz Thread Starter

    Joined:
    Jul 30, 2003
    Messages:
    365
    Also...I just noticed that the CPU Usage is at 100% and NEVER budges. The one running the most is WINLOGON.EXE.
     
  3. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Please download http://www.atribune.org/ccount/click.php?id=4 to C:\
    Double-click VundoFix.exe to run it.
    click the Scan for Vundo button.
    Once it's done scanning, click the Remove Vundo button.
    You will receive a prompt asking if you want to remove the files, click YES.
    Once you click yes, your desktop will go blank as it starts removing Vundo.
    When completed, it will prompt that it will shutdown your computer, click OK.
    Turn your computer back on.
    Please post the contents of C:\vundofix.txt and a new HijackThis log.
    Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.
    ====================

    Download Superantispyware (SAS)

    http://www.superantispyware.com/superantispywarefreevspro.html

    Install it and double-click the icon on your desktop to run it.
    · It will ask if you want to update the program definitions, click Yes.
    · Under Configuration and Preferences, click the Preferences button.
    · Click the Scanning Control tab.
    · Under Scanner Options make sure the following are checked:
    o Close browsers before scanning
    o Scan for tracking cookies
    o Terminate memory threats before quarantining.
    o Please leave the others unchecked.
    o Click the Close button to leave the control center screen.
    · On the main screen, under Scan for Harmful Software click Scan your computer.
    · On the left check C:\Fixed Drive.
    · On the right, under Complete Scan, choose Perform Complete Scan.
    · Click Next to start the scan. Please be patient while it scans your computer.
    · After the scan is complete a summary box will appear. Click OK.
    · Make sure everything in the white box has a check next to it, then click Next.
    · It will quarantine what it found and if it asks if you want to reboot, click Yes.
    · To retrieve the removal information for me please do the following:
    o After reboot, double-click the SUPERAntispyware icon on your desktop.
    o Click Preferences. Click the Statistics/Logs tab.
    o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    o It will open in your default text editor (such as Notepad/Wordpad).
    o Please highlight everything in the notepad, then right-click and choose copy.
    · Click close and close again to exit the program.
    · Please paste that information here for me with a new HijackThis log.
     
  4. kickrz

    kickrz Thread Starter

    Joined:
    Jul 30, 2003
    Messages:
    365
    Thanks it is slow going...I am searching now in VundoFix but it seems to be taking awhile. I appreciate the help and will post the results as soon as this slooww computer can.
     
  5. kickrz

    kickrz Thread Starter

    Joined:
    Jul 30, 2003
    Messages:
    365
    Ok here is what I have so far.
    Vundofix Log:

    VundoFix V6.3.6

    Checking Java version...

    Sun Java not detected
    Scan started at 1:56:25 PM 2/11/07

    Listing files found while scanning....


    VundoFix V6.3.6

    Checking Java version...

    Sun Java not detected
    Scan started at 2:13:02 PM 2/15/07

    Listing files found while scanning....


    VundoFix V6.3.6

    Checking Java version...

    Sun Java not detected
    Scan started at 3:20:44 PM 2/15/07

    Listing files found while scanning....

    C:\WINNT\system32\efccayy.dll
    C:\WINNT\system32\iiijj.dll
    C:\WINNT\system32\ilfqmush.dll
    C:\WINNT\system32\jjiii.bak1
    C:\WINNT\system32\jjiii.bak2
    C:\WINNT\system32\jjiii.ini

    Beginning removal...

    Attempting to delete C:\WINNT\system32\efccayy.dll
    C:\WINNT\system32\efccayy.dll Has been deleted!

    Attempting to delete C:\WINNT\system32\iiijj.dll
    C:\WINNT\system32\iiijj.dll Has been deleted!

    Attempting to delete C:\WINNT\system32\jjiii.bak1
    C:\WINNT\system32\jjiii.bak1 Has been deleted!

    Attempting to delete C:\WINNT\system32\jjiii.bak2
    C:\WINNT\system32\jjiii.bak2 Has been deleted!

    Attempting to delete C:\WINNT\system32\jjiii.ini
    C:\WINNT\system32\jjiii.ini Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.3.6

    Checking Java version...

    Sun Java not detected
    Scan started at 3:29:29 PM 2/15/07

    Listing files found while scanning....

    C:\WINNT\system32\efccayy.dll
    C:\WINNT\system32\ilfqmush.dll

    Beginning removal...

    Performing Repairs to the registry.
    Done!

    VundoFix V6.3.6

    Checking Java version...

    Sun Java not detected
    Scan started at 4:23:41 PM 2/15/07

    Listing files found while scanning....



    SUPERAntiVirus Log:

    SUPERAntiSpyware Scan Log
    Generated 02/15/2007 at 04:27 PM

    Application Version : 3.5.1016

    Core Rules Database Version : 3165
    Trace Rules Database Version: 1176

    Scan type : Complete Scan
    Total Scan Time : 00:28:47

    Memory items scanned : 290
    Memory threats detected : 0
    Registry items scanned : 2530
    Registry threats detected : 24
    File items scanned : 9397
    File threats detected : 15

    Trojan.WinAntiSpyware/WinAntiVirus 2006/2007
    HKLM\SYSTEM\CurrentControlSet\Services\vspf
    HKLM\SYSTEM\CurrentControlSet\Services\vspf#Type
    HKLM\SYSTEM\CurrentControlSet\Services\vspf#Start
    HKLM\SYSTEM\CurrentControlSet\Services\vspf#ErrorControl
    HKLM\SYSTEM\CurrentControlSet\Services\vspf#Tag
    HKLM\SYSTEM\CurrentControlSet\Services\vspf#ImagePath
    HKLM\SYSTEM\CurrentControlSet\Services\vspf#DisplayName
    HKLM\SYSTEM\CurrentControlSet\Services\vspf#Group
    HKLM\SYSTEM\CurrentControlSet\Services\vspf#DependOnService
    HKLM\SYSTEM\CurrentControlSet\Services\vspf#DependOnGroup
    HKLM\SYSTEM\CurrentControlSet\Services\vspf\Security
    HKLM\SYSTEM\CurrentControlSet\Services\vspf\Security#Security
    HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk
    HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk#Type
    HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk#Start
    HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk#ErrorControl
    HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk#Tag
    HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk#ImagePath
    HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk#DisplayName
    HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk#Group
    HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Security
    HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Security#Security
    HKU\S-1-5-21-1960408961-152049171-1957994488-1000\Software\WinAntiVirus Pro 2007
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\Program Files\Common Files\WinAntiVirus Pro 2007\WAPChk.dll [  ]
    C:\WINNT\system32\av.cpl
    C:\Program Files\Common Files\WinAntiVirus Pro 2007\atl71.dll
    C:\Program Files\Common Files\WinAntiVirus Pro 2007\err.log
    C:\Program Files\Common Files\WinAntiVirus Pro 2007\mfc71.dll
    C:\Program Files\Common Files\WinAntiVirus Pro 2007\msvcp71.dll
    C:\Program Files\Common Files\WinAntiVirus Pro 2007\msvcr71.dll
    C:\Program Files\Common Files\WinAntiVirus Pro 2007\SpOrder.dll
    C:\Program Files\Common Files\WinAntiVirus Pro 2007\uwa7pcw.exe
    C:\Program Files\Common Files\WinAntiVirus Pro 2007\WAPChk.dll
    C:\Program Files\Common Files\WinAntiVirus Pro 2007
    C:\Documents and Settings\Pat\Application Data\WinAntiVirus Pro 2007\Logs\winav.log
    C:\Documents and Settings\Pat\Application Data\WinAntiVirus Pro 2007\Logs
    C:\Documents and Settings\Pat\Application Data\WinAntiVirus Pro 2007
    C:\DOCUMENTS AND SETTINGS\PAT\LOCAL SETTINGS\TEMP\NI.UWA7P_0001_N91M0809\SETUP.EXE

    Trojan.Downloader-WBRock
    C:\VUNDOFIX BACKUPS\EFCCAYY.DLL.BAD


    And Hijackthis Log:

    Logfile of HijackThis v1.99.1
    Scan saved at 4:43:48 PM, on 2/15/07
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINNT\system32\internat.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINNT\system32\NOTEPAD.EXE
    C:\WINNT\system32\NOTEPAD.EXE
    C:\WINNT\system32\notepad.exe
    C:\Documents and Settings\Pat\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pogo.com/home/home.do
    O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\WINNT\system32\ilfqmush.dll (file missing)
    O2 - BHO: (no name) - {B22CE870-2D05-4FDA-99EE-7A101875189A} - C:\WINNT\system32\efccayy.dll (file missing)
    O2 - BHO: (no name) - {E8C54B2A-5128-4AF6-BB6B-B1D06404F4CE} - C:\WINNT\system32\iiijj.dll (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [internat.exe] internat.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.9.0.61/aces/aces-en_US.cab
    O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.9.0.61/lottso/lottso-en_US.cab
    O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.9.2.22/wordwhomp2/whomp2-en_US.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169842205448
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Windows Host Services (DLLHOST32) - Unknown owner - C:\WINNT\system\dllhost.exe (file missing)
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe (file missing)

    I also notice when I start Vundofix there are always the same 3 files there when I start. I also got an error message:
    Cannot import c:\\vundofix.reg: Error opening the file. There may be a disk or file system error

    Hope this helps...all is does for me is give me a massive headache!

    Thanks
     
  6. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Not sure what you are saying there at the end - What 3 files

    Fix these with HiJackThis – mark them, close IE, click fix checked

    O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\WINNT\system32\ilfqmush.dll (file missing)

    O2 - BHO: (no name) - {B22CE870-2D05-4FDA-99EE-7A101875189A} - C:\WINNT\system32\efccayy.dll (file missing)

    O2 - BHO: (no name) - {E8C54B2A-5128-4AF6-BB6B-B1D06404F4CE} - C:\WINNT\system32\iiijj.dll (file missing)

    O23 - Service: Windows Host Services (DLLHOST32) - Unknown owner - C:\WINNT\system\dllhost.exe (file missing)
    ============
    Click Start > Run > and type in:

    services.msc

    Click OK.

    In the services window find this exact name

    Windows Host Services

    Rightclick and choose "Properties". Beside "Startup Type" in the dropdown menu select "Disabled". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Click Apply then OK. File-Exit the Services utility.

    START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

    Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

    Not all temp files will delete and that is normal
    Empty the recycle bin
    Boot and post a new hijack log from normal NOT safe mode

    Please give feedback on what worked/didn’t work and the current status of your system
     
  7. kickrz

    kickrz Thread Starter

    Joined:
    Jul 30, 2003
    Messages:
    365
    Sorry when I start up vundofix these are the files I see:

    C:\WINNT\system32\efccayy.dll
    C:\WINNT\system32\ilfqmush.dll
    C:\WINNT\system32\ilfqmush.dll

    Looks just like that once I click scan and even though it says above they were removed.
     
  8. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    DownLoad http://www.downloads.subratam.org/KillBox.zip or
    http://www.thespykiller.co.uk/files/killbox.exe


    Double-click on Killbox.exe to run it. Now put a tick by DELETE ON REBOOT. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

    C:\WINNT\system32\efccayy.dll
    C:\WINNT\system32\ilfqmush.dll
     
  9. kickrz

    kickrz Thread Starter

    Joined:
    Jul 30, 2003
    Messages:
    365
    Ok before that here is the hijack this log:
    Logfile of HijackThis v1.99.1
    Scan saved at 5:07:12 PM, on 2/15/07
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINNT\system32\internat.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Documents and Settings\Pat\Desktop\HijackThis.exe
    C:\Documents and Settings\Pat\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pogo.com/home/home.do
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [internat.exe] internat.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.9.0.61/aces/aces-en_US.cab
    O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.9.0.61/lottso/lottso-en_US.cab
    O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.9.2.22/wordwhomp2/whomp2-en_US.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169842205448
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe (file missing)

    Off to do the rest.
     
  10. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
  11. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    martingreg3 the log is clean - the work is done, stay out of others threads please!
     
  12. kickrz

    kickrz Thread Starter

    Joined:
    Jul 30, 2003
    Messages:
    365
    YOU ROCK!!!!

    Thanks so much!
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/543180

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice