Another Hijack Log - Techist - Tech Forum

Go Back   Techist - Tech Forum > Security | Computer, Devices, Software and Systems > Viruses, Spyware and Malware > HijackThis Logs (finished)
Click Here to Login
 
 
Thread Tools Display Modes
 
Old 05-27-2007, 12:15 PM   #1 (permalink)
boo
Super Techie
 
Join Date: Apr 2005
Posts: 325
Default Another Hijack Log

Logfile of HijackThis v1.99.1
Scan saved at 1:15:02 PM, on 5/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Windows Defender\MsMpEng.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\MsPMSPSv.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\SYSTEM32\USRmlnkA.exe
D:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
D:\Program Files\Classic PhoneTools\CapFax.EXE
D:\WINDOWS\SYSTEM32\USRshutA.exe
D:\WINDOWS\SYSTEM32\USRmlnkA.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Windows Defender\MSASCui.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
D:\Program Files\Nikon\PictureProject\NkbMonitor.exe
D:\Program Files\SwiftSwitch\SwiftSwitch.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Search
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {08274350-6355-400D-A6AB-6886546B44BF} - (no file)
O2 - BHO: (no name) - {4B646AFB-9341-4330-8FD1-C32485AEE619} - D:\WINDOWS\system32\kkbrsqbb.dll
O2 - BHO: (no name) - {65D711CB-7760-4F0B-9F7C-7186D0E9E117} - (no file)
O2 - BHO: (no name) - {749B60D8-E1B6-4998-84C2-38CE83649CBB} - D:\WINDOWS\system32\vtsts.dll
O2 - BHO: (no name) - {AE025DED-C75C-4E3F-923D-689DE8274960} - (no file)
O4 - HKLM\..\Run: [USRpdA] D:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] D:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [CapFax] D:\Program Files\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSConfig] D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [runner1] D:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661 AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [setup] rundll32.exe "D:\WINDOWS\system32\lospkqnw.dll",realset
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 2.lnk = D:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = D:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/...dsolutions.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B849D5BC-6FF1-40C5-99B9-6C4692573785}: NameServer = 66.63.192.2 66.63.192.3
O20 - AppInit_DLLs: D:\WINDOWS\system32\cmcache.dat
O20 - Winlogon Notify: mljhihe - mljhihe.dll (file missing)
O20 - Winlogon Notify: tuvsrpm - D:\WINDOWS\SYSTEM32\tuvsrpm.dll
O20 - Winlogon Notify: vtsts - D:\WINDOWS\system32\vtsts.dll
O20 - Winlogon Notify: WB - D:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dl l
O20 - Winlogon Notify: winkve32 - D:\WINDOWS\SYSTEM32\winkve32.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - D:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
__________________

__________________
` bo0
Signature
boo is offline  
Old 05-27-2007, 12:30 PM   #2 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default Re: Another Hijack Log

remove these entries

O2 - BHO: (no name) - {08274350-6355-400D-A6AB-6886546B44BF} - (no file)

O2 - BHO: (no name) - {4B646AFB-9341-4330-8FD1-C32485AEE619} - D:\WINDOWS\system32\kkbrsqbb.dll

O2 - BHO: (no name) - {65D711CB-7760-4F0B-9F7C-7186D0E9E117} - (no file)

O2 - BHO: (no name) - {749B60D8-E1B6-4998-84C2-38CE83649CBB} - D:\WINDOWS\system32\vtsts.dll

O2 - BHO: (no name) - {AE025DED-C75C-4E3F-923D-689DE8274960} - (no file)

O4 - HKLM\..\Run: [runner1] D:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661 AA4EBD86D67C56389B284534F310

O4 - HKLM\..\Run: [setup] rundll32.exe "D:\WINDOWS\system32\lospkqnw.dll",realset

O17 - HKLM\System\CCS\Services\Tcpip\..\{B849D5BC-6FF1-40C5-99B9-6C4692573785}: NameServer = 66.63.192.2 66.63.192.3

O20 - AppInit_DLLs: D:\WINDOWS\system32\cmcache.dat

O20 - Winlogon Notify: mljhihe - mljhihe.dll (file missing)

O20 - Winlogon Notify: tuvsrpm - D:\WINDOWS\SYSTEM32\tuvsrpm.dll

O20 - Winlogon Notify: vtsts - D:\WINDOWS\system32\vtsts.dll

O20 - Winlogon Notify: winkve32 - D:\WINDOWS\SYSTEM32\winkve32.dll



then post a new log
__________________

__________________
Osiris is offline  
Old 05-27-2007, 06:58 PM   #3 (permalink)
boo
Super Techie
 
Join Date: Apr 2005
Posts: 325
Default Re: Another Hijack Log

Thanks for looking into this



Logfile of HijackThis v1.99.1
Scan saved at 7:57:04 PM, on 5/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Windows Defender\MsMpEng.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\MsPMSPSv.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\SYSTEM32\USRmlnkA.exe
D:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
D:\Program Files\Classic PhoneTools\CapFax.EXE
D:\WINDOWS\SYSTEM32\USRshutA.exe
D:\WINDOWS\SYSTEM32\USRmlnkA.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Windows Defender\MSASCui.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
D:\Program Files\Nikon\PictureProject\NkbMonitor.exe
D:\PROGRA~1\MI3AA1~1\rapimgr.exe
D:\Program Files\Microsoft ActiveSync\wcescomm.exe
D:\PROGRA~1\MOZILL~2\FIREFOX.EXE
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [USRpdA] D:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] D:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [CapFax] D:\Program Files\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSConfig] D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 2.lnk = D:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = D:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/...dsolutions.cab
O20 - AppInit_DLLs: D:\WINDOWS\system32\cmcache.dat
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - D:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
__________________
` bo0
Signature
boo is offline  
Old 05-27-2007, 07:01 PM   #4 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default Re: Another Hijack Log

Much better

You still having any issues?
__________________
Osiris is offline  
Old 05-28-2007, 09:16 PM   #5 (permalink)
boo
Super Techie
 
Join Date: Apr 2005
Posts: 325
Default Re: Another Hijack Log

Yeah i got some of those O2 - BHO: (no name) -

again and removed but theres still somthing that keeps putting them on there =(

Ive run Ccleaner, Ad-aware, Avast, MsConfig cleaner, VUndo Fix and still nothing!
__________________
` bo0
Signature
boo is offline  
Old 05-28-2007, 09:27 PM   #6 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default Re: Another Hijack Log

Run Spyhunter

Fighting Against-Zlob: Zlob Removal Instructions

You may have a variant of Zlob
__________________
Osiris is offline  
Old 05-30-2007, 10:56 AM   #7 (permalink)
boo
Super Techie
 
Join Date: Apr 2005
Posts: 325
Default Re: Another Hijack Log

Ill give spyhunter a try and see how that works, ill post back
__________________
` bo0
Signature
boo is offline  
Old 05-30-2007, 11:23 AM   #8 (permalink)
boo
Super Techie
 
Join Date: Apr 2005
Posts: 325
Default Re: Another Hijack Log

Ok i ran a scan it came up with 3 items, which 2 was registy items

Purityscan

here is the log it wont let me remove it unless i buy the program

Log Contents provided by Enigma Software Group, Inc.
###########################Runnning Processes DATA###########################
processName = SMSS.EXE File Size = 50688 File Path = \SystemRoot\System32\smss.exe ModuleMD5 = bd7fb0957c716f1a60333aee04de2178
processName = WINLOGON.EXE File Size = 502272 File Path = \??\D:\WINDOWS\system32\winlogon.exe ModuleMD5 = 01c3346c241652f43aed8e2149881bfe
processName = SERVICES.EXE File Size = 108032 File Path = D:\WINDOWS\system32\services.exe ModuleMD5 = c6ce6eec82f187615d1002bb3bb50ed4
processName = LSASS.EXE File Size = 13312 File Path = D:\WINDOWS\system32\lsass.exe ModuleMD5 = 84885f9b82f4d55c6146ebf6065d75d2
processName = SVCHOST.EXE File Size = 14336 File Path = D:\WINDOWS\system32\svchost.exe ModuleMD5 = 8f078ae4ed187aaabc0a305146de6716
processName = MSMPENG.EXE File Size = 13592 File Path = D:\Program Files\Windows Defender\MsMpEng.exe ModuleMD5 = f45dd1e1365d857dd08bc23563370d0e
processName = SVCHOST.EXE File Size = 14336 File Path = D:\WINDOWS\System32\svchost.exe ModuleMD5 = 8f078ae4ed187aaabc0a305146de6716
processName = ASWUPDSV.EXE File Size = 16512 File Path = D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe ModuleMD5 = 0bab87db7dac336b52ada529cf472b74
processName = ASHSERV.EXE File Size = 132736 File Path = D:\Program Files\Alwil Software\Avast4\ashServ.exe ModuleMD5 = 4c2d6f51f2a1943ef24e8c3e55267f04
processName = SPOOLSV.EXE File Size = 57856 File Path = D:\WINDOWS\system32\spoolsv.exe ModuleMD5 = da81ec57acd4cdc3d4c51cf3d409af9f
processName = PHOTOSHOPELEMENTSFILEAGENT.EXE File Size = 102400 File Path = D:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ModuleMD5 = 2486c8e3f14496341e90cf2ab8bc82ed
processName = NVSVC32.EXE File Size = 127043 File Path = D:\WINDOWS\system32\nvsvc32.exe ModuleMD5 = 43b0a0774ea90bf699d267c45d2702f9
processName = SMAGENT.EXE File Size = 45056 File Path = D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe ModuleMD5 = 3978f082274f723ad5a0a8058c2417dd
processName = SVCHOST.EXE File Size = 14336 File Path = D:\WINDOWS\system32\svchost.exe ModuleMD5 = 8f078ae4ed187aaabc0a305146de6716
processName = MSPMSPSV.EXE File Size = 53248 File Path = D:\WINDOWS\system32\MsPMSPSv.exe ModuleMD5 = 668056d5c3c11ab7d266819a96b964e8
processName = ASHMAISV.EXE File Size = 243328 File Path = D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe ModuleMD5 = 0005db55986f3b014fba24c2356476b7
processName = ASHWEBSV.EXE File Size = 345728 File Path = D:\Program Files\Alwil Software\Avast4\ashWebSv.exe ModuleMD5 = d1c26f6b1aa7ba597f435cb136e998d4
processName = WBLOAD.EXE File Size = 426496 File Path = D:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe ModuleMD5 = 2885911d968c90894c3966c838f05e0c
processName = EXPLORER.EXE File Size = 1032192 File Path = D:\WINDOWS\Explorer.EXE ModuleMD5 = a0732187050030ae399b241436565e64
processName = WKUFIND.EXE File Size = 28738 File Path = D:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe ModuleMD5 = 5ac34c17115d3818dc9c9f5b2d909858
processName = CAPFAX.EXE File Size = 20739 File Path = D:\Program Files\Classic PhoneTools\CapFax.EXE ModuleMD5 = 3f98d6efaed887bd458e433cbc93cc3d
processName = ASHDISP.EXE File Size = 75392 File Path = D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe ModuleMD5 = 41b88784128c1eb3a24a928ce58b2455
processName = MSASCUI.EXE File Size = 866584 File Path = D:\Program Files\Windows Defender\MSASCui.exe ModuleMD5 = 77c03bf23ae56b0a31ae4d5bb4b3d0ac
processName = REALSCHED.EXE File Size = 180269 File Path = D:\Program Files\Common Files\Real\Update_OB\realsched.exe ModuleMD5 = dadb538f51007d5ea5fa1ee553183f80
processName = USRMLNKA.EXE File Size = 77891 File Path = D:\WINDOWS\SYSTEM32\USRmlnkA.exe ModuleMD5 = 3455e6fbf1a7c0e97666b874642c75be
processName = SPYHUNTER.EXE File Size = 2693248 File Path = D:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe ModuleMD5 = 106556f40e0366b98ff715462aa3c3e5
processName = WCESCOMM.EXE File Size = 1207080 File Path = D:\Program Files\Microsoft ActiveSync\wcescomm.exe ModuleMD5 = 9f7129ffff7bb008fea0c11745f16553
processName = USRSHUTA.EXE File Size = 69700 File Path = D:\WINDOWS\SYSTEM32\USRshutA.exe ModuleMD5 = 7315edc07245ccf9e194f8a34da061bc
processName = USRMLNKA.EXE File Size = 77891 File Path = D:\WINDOWS\SYSTEM32\USRmlnkA.exe ModuleMD5 = 3455e6fbf1a7c0e97666b874642c75be
processName = HPOBRT07.EXE File Size = 491580 File Path = D:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe ModuleMD5 = 14a319c2ba22f7bcd66e894bae4fe6bd
processName = WKCALREM.EXE File Size = 24633 File Path = D:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe ModuleMD5 = 7084b58a098d2f83b304832251a8c6a8
processName = NKBMONITOR.EXE File Size = 118784 File Path = D:\Program Files\Nikon\PictureProject\NkbMonitor.exe ModuleMD5 = 8c920dfe944b0dce788db3cb0320b336
processName = RAPIMGR.EXE File Size = 187176 File Path = D:\PROGRA~1\MI3AA1~1\rapimgr.exe ModuleMD5 = 9fe1e108e1bfcb789294cac1d85a743b
processName = HPOEVM07.EXE File Size = 299008 File Path = D:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe ModuleMD5 = fd8ae5274e43eca24b8478562ab6e052
processName = HPOSTS07.EXE File Size = 290816 File Path = D:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe ModuleMD5 = 1c3805765b281e12407f21d2598132dd
processName = HPOIPM07.EXE File Size = 69632 File Path = D:\WINDOWS\system32\hpoipm07.exe ModuleMD5 = 42b51aa4c92b3a2b0f8fa65a8b952493
processName = FIREFOX.EXE File Size = 7633008 File Path = D:\Program Files\Mozilla Firefox\firefox.exe ModuleMD5 = 7b4eff333f1b963812f6bedc06ca2758
processName = IEXPLORE.EXE File Size = 93184 File Path = D:\Program Files\Internet Explorer\iexplore.exe ModuleMD5 = e7484514c0464642be7b4dc2689354c8
__________________
` bo0
Signature
boo is offline  
Old 05-31-2007, 07:52 AM   #9 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default Re: Another Hijack Log

go thru a few of these here

Zlob Removal Instructions For Windows XP/Vista

when you try to unregister the .dll files and after 10 or so no files are being unregistered stop and go to the next step with the registry. If you dont find those entries after 10 or so attempts, let me know and we will need to go a different route
__________________
Osiris is offline  
Old 05-31-2007, 09:54 AM   #10 (permalink)
boo
Super Techie
 
Join Date: Apr 2005
Posts: 325
Default Re: Another Hijack Log

I Tryed Unregistering Zlob DLL Files, And when ever i went to do it the file could not be found... so i guess thats a good thing?

I tryed the reg values and nothing

and searched for files/folders nothing
__________________

__________________
` bo0
Signature
boo is offline  
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Hijack log help =0 boo HijackThis Logs (finished) 5 05-23-2007 11:32 AM
my hijack log...really need help quixotic115 HijackThis Logs (finished) 3 05-21-2007 07:51 AM
Hijack this log SHNAPPS HijackThis Logs (finished) 15 05-02-2007 09:08 AM
Hijack This Log Sobriquet. HijackThis Logs (finished) 25 04-27-2007 01:07 PM
hijack this log soulafien Viruses, Spyware and Malware 4 04-24-2007 10:55 PM



Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 02:25 AM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2018, vBulletin Solutions, Inc.