How to remove VBS.Slip and W32.Mydoom.B on XP 64 bit

Welcome Guest ( Log In | Register )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide.

> Geeks to Go! » Security » Malware Removal - HijackThis� Logs Go Here

How to remove VBS.Slip and W32.Mydoom.B on XP 64 bit, NoAsware v5.0 reports the above malware in the H:\WINDOWS\sy

Options

popa View Member Profile	May 19 2008, 02:04 PM Post #1
New Member Posts: 1 OS: XP64	I have attempted to follow steps 1 through 5. I could not execute one of the suggested programs because it does not install on 64bit XP. The log files produced by the other suggested software are pasted below. Any help is of course appreciated, even if you say rebuild my system or use UBUNTU instead. Thank you, - Popa - - - - - - - - - - - - SUPERAntiSpyware Scan Log Generated 05/19/2008 at 11:03 AM Application Version : 3.6.1000 Core Rules Database Version : 3463 Trace Rules Database Version: 1454 Scan type : Complete Scan Total Scan Time : 01:04:09 Memory items scanned : 363 Memory threats detected : 0 Registry items scanned : 4715 Registry threats detected : 0 File items scanned : 62817 File threats detected : 4 Rogue.NetProject-Installer H:\SYSTEM VOLUME INFORMATION\_RESTORE{C97F5A08-0F06-4B60-B547-9D7D28F95DAD}\RP128\A0017549.EXE H:\SYSTEM VOLUME INFORMATION\_RESTORE{C97F5A08-0F06-4B60-B547-9D7D28F95DAD}\RP128\A0017605.EXE H:\SYSTEM VOLUME INFORMATION\_RESTORE{C97F5A08-0F06-4B60-B547-9D7D28F95DAD}\RP130\A0017724.EXE Rogue.VirusHeat H:\SYSTEM VOLUME INFORMATION\_RESTORE{C97F5A08-0F06-4B60-B547-9D7D28F95DAD}\RP128\A0017564.EXE - - - - - - - - - - - ;***************************************************************************** ***************************************************************************** *************** ANALYSIS: 2008-05-19 12:26:52 PROTECTIONS: 1 MALWARE: 30 SUSPECTS: 0 ;*************************************************************************** ***************************************************************************** ***************** PROTECTIONS Description Version Active Updated ;=============================================================================== ================================================================================= =================== avast! antivirus 4.8.1201 [VPS 080519-0] 4.8.1201 No Yes ;=============================================================================== ================================================================================= =================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=============================================================================== ================================================================================= =================== 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.trafficmp.com/] 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.trafficmp.com/] 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.trafficmp.com/] 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.trafficmp.com/] 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.trafficmp.com/] 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.doubleclick.net/] 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.doubleclick.net/] 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.atdmt.com/] 00145405 Cookie/RealMedia TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.247realmedia.com/] 00145405 Cookie/RealMedia TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.247realmedia.com/] 00145457 Cookie/FastClick TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.fastclick.net/] 00145457 Cookie/FastClick TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.fastclick.net/] 00145457 Cookie/FastClick TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.fastclick.net/] 00145457 Cookie/FastClick TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.fastclick.net/] 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.tribalfusion.com/] 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.tribalfusion.com/] 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.tribalfusion.com/] 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.tribalfusion.com/] 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.mediaplex.com/] 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.mediaplex.com/] 00167642 Cookie/Com.com TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.com.com/] 00167642 Cookie/Com.com TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.com.com/] 00167642 Cookie/Com.com TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.com.com/] 00167642 Cookie/Com.com TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.com.com/] 00167665 Cookie/Clicktracks TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[stats1.clicktracks.com/] 00167665 Cookie/Clicktracks TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[stats1.clicktracks.com/] 00167665 Cookie/Clicktracks TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[stats1.clicktracks.com/] 00167665 Cookie/Clicktracks TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[stats1.clicktracks.com/] 00167724 Cookie/HotLog TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.hotlog.ru/] 00167730 Cookie/Hitbox TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.ehg.hitbox.com/] 00167730 Cookie/Hitbox TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.ehg.hitbox.com/] 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.statcounter.com/] 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.statcounter.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[ad.yieldmanager.com/] 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.apmebf.com/] 00168076 Cookie/BurstNet TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.burstnet.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.serving-sys.com/] 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.bs.serving-sys.com/] 00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[server.iad.liveperson.net/] 00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[server.iad.liveperson.net/hc/11769772] 00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[server.iad.liveperson.net/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.advertising.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.advertising.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.advertising.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.advertising.com/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.advertising.com/] 00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[statse.webtrendslive.com/] 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.ads.pointroll.com/] 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.ads.pointroll.com/] 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.ads.pointroll.com/] 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.ads.pointroll.com/] 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.ads.pointroll.com/] 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.ads.pointroll.com/] 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.ads.pointroll.com/] 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.ads.pointroll.com/] 00170554 Cookie/Overture TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.overture.com/] 00170554 Cookie/Overture TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.overture.com/] 00170554 Cookie/Overture TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.overture.com/] 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.realmedia.com/] 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.questionmarket.com/] 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.questionmarket.com/] 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.questionmarket.com/] 00172221 Cookie/Zedo TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.zedo.com/] 00172221 Cookie/Zedo TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.zedo.com/] 00172221 Cookie/Zedo TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.zedo.com/] 00172221 Cookie/Zedo TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.zedo.com/] 00172221 Cookie/Zedo TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.zedo.com/] 00172221 Cookie/Zedo TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.zedo.com/] 00172221 Cookie/Zedo TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.zedo.com/] 00172221 Cookie/Zedo TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.zedo.com/] 00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.bluestreak.com/] 00182104 Cookie/Hitbox TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.phg.hitbox.com/] 00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.adrevolver.com/] 00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.adrevolver.com/] 00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.adrevolver.com/] 00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.adrevolver.com/] 00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.adrevolver.com/] 00194327 Cookie/Go TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.go.com/] 00194327 Cookie/Go TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.go.com/] 00194327 Cookie/Go TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.go.com/] 00207338 Cookie/Target TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.target.com/] 00207338 Cookie/Target TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.target.com/] 00207338 Cookie/Target TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.target.com/] 00207338 Cookie/Target TrackingCookie No 0 Yes No H:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sjhopp7o.default\cookies.txt[.target.com/] ;=============================================================================== ================================================================================= =================== SUSPECTS Sent Location [@ 3a ;=============================================================================== ================================================================================= =================== ;=============================================================================== ================================================================================= =================== VULNERABILITIES Id Severity Description [@ 3a ;=============================================================================== ================================================================================= =================== ;=============================================================================== ================================================================================= =================== - - - - - - - - - - - Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:34:40 PM, on 5/19/2008 Platform: Windows 2003 SP2 (WinNT 5.02.3790) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: H:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe H:\Program Files\Alwil Software\Avast4\ashServ.exe H:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe H:\PROGRA~2\Agnitum\OUTPOS~1.0\outpost.exe H:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe H:\Program Files (x86)\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe H:\WINDOWS\SysWOW64\ctfmon.exe H:\Program Files (x86)\BNASolutions\ezReminder\ezReminder.exe H:\Program Files (x86)\Uniblue\RegistryBooster 2\RegistryBooster.exe H:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe H:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe H:\Program Files (x86)\InterVideo\Common\Bin\WinCinemaMgr.exe H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe H:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe H:\Program Files (x86)\WinZip\WZQKPICK.EXE H:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe H:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe H:\Program Files\Alwil Software\Avast4\ashWebSv.exe H:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe H:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe H:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe H:\WINDOWS\system32\notepad.exe H:\Program Files (x86)\NoAdware5.0\NoAdware5.exe H:\Program Files (x86)\Mozilla Firefox\firefox.exe H:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\234667\launcher.exe H:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\234667\as2instff.exe H:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe H:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE H:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\AcroRd32.exe H:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - H:\Program Files (x86)\IEPro\iepro.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [avast!] H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [HP Software Update] H:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Motive SmartBridge] H:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Outpost Firewall] "H:\Program Files (x86)\Agnitum\Outpost Firewall 1.0\outpost.exe" /waitservice O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsgCenterExe] "H:\Program Files (x86)\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot O4 - HKCU\..\Run: [Gadwin PrintScreen Pro] H:\Program Files (x86)\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe /nosplash O4 - HKCU\..\Run: [Skype] "H:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Yahoo! Pager] 1 O4 - HKCU\..\Run: [ezReminder.exe] H:\Program Files (x86)\BNASolutions\ezReminder\ezReminder.exe 1 O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] H:\Program Files (x86)\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKCU\..\Run: [SUPERAntiSpyware] H:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = H:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = H:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = H:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = H:\Program Files (x86)\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = H:\Program Files (x86)\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - H:\Program Files (x86)\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - H:\Program Files (x86)\IEPro\iepro.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe O15 - ESC Trusted Zone: http://runonce.msn.com O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - H:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1200582615281 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - H:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - H:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - H:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - H:\WINDOWS\System32\dmadmin.exe (file missing) O23 - Service: Event Log (Eventlog) - Unknown owner - H:\WINDOWS\system32\services.exe (file missing) O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - H:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - H:\WINDOWS\system32\imapi.exe (file missing) O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - H:\WINDOWS\system32\msdtc.exe (file missing) O23 - Service: Net Logon (Netlogon) - Unknown owner - H:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - H:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - H:\WINDOWS\system32\nvsvc64.exe (file missing) O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - H:\PROGRA~2\Agnitum\OUTPOS~1.0\outpost.exe O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - H:\Program Files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe O23 - Service: Plug and Play (PlugPlay) - Unknown owner - H:\WINDOWS\system32\services.exe (file missing) O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - H:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - H:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - H:\WINDOWS\system32\sessmgr.exe (file missing) O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - H:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Virtual Disk Service (vds) - Unknown owner - H:\WINDOWS\System32\vds.exe (file missing) O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - H:\WINDOWS\System32\vssvc.exe (file missing) O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - H:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing) -- End of file - 9920 bytes - - - - - - - - - - - Ad-Aware 2007 Adobe Flash Player 9 ActiveX Adobe Flash Player Plugin Adobe Photoshop Elements 3.0 Adobe Reader 7.1.0 Adobe SVG Viewer 3.0 Agnitum Outpost Firewall 1.0 AlphaMetrix Mosaic AnswerWorks 4.0 Runtime - English Apple Software Update AT&T Self Support Tool AtomTime Pro 3.1a avast! Antivirus BOINC BroadJump Client Foundation eMusic - 50 Free MP3 offer EuroTalk Talk Now Plus! FeedReader Free Internet Window Washer Gadwin PrintScreen Professional getPlus®_dll Google Earth HijackThis 2.0.2 HP Photosmart Essential HP Software Update IE7Pro InterVideo WinDVD Java™ 6 Update 3 Kcast Beta 1.1.3 Macromedia Shockwave Player Magic ISO Maker v5.4 (build 0256) Malwarebytes' Anti-Malware Microsoft Office Standard Edition 2003 Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft� Stock Actions for the Research Task Pane Mozilla Firefox (2.0.0.14) Mozilla Thunderbird (1.5.0.14) MPM MSXML 4.0 SP2 (KB936181) NETGEAR WG111v3 wireless USB 2.0 adapter NoAdware v5.0 Panda ActiveScan 2.0 QuickTime Security Update for Microsoft .NET Framework 2.0 (x64) (KB928365) Security Update for Windows XP (KB923789) SimCity 4 Skype� 3.6 Smart PC Recorder - by freebird SpywareBlaster 4.0 StreetSmart Pro SUPERAntiSpyware Free Edition TrueCrypt TurboTax Deluxe Deduction Maximizer 2006 TurboTax ItsDeductible 2006 TurboTax Premier 2007 Uniblue RegistryBooster 2 WexTech AnswerWorks Winamp (remove only) Windows Media Player Firefox Plugin WinZip Yahoo! Install Manager

« Next Oldest · Malware Removal - HijackThis� Logs Go Here · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Malware Removal - HijackThis� Logs Go Here How-to remove malware guides and tutorials	0 / 71,754	28th December 2005 - 02:11 PM admin started - last by admin
Malware Removal - HijackThis� Logs Go Here How to remove Drive Cleaner and Adware.Sogou?	1 / 619	21st March 2007 - 07:48 AM maxijanko started - last by maxijanko
Malware Removal - HijackThis� Logs Go Here Need help getting rid of vbs.slip@mm and w32.mydoom.b [RESOLVED] 12	16 / 1,469	22nd February 2008 - 03:14 PM bcrab started - last by Rorschach112
Malware Removal - HijackThis� Logs Go Here How to remove darksma grokster and others	9 / 127	Yesterday, 07:05 AM kenny_turner52 started - last by kahdah