Tech Support Guy banner
  • Please post in our Community Feedback thread for help with the new forum software! If you are having trouble logging in, please Contact Us for assistance.
Status
Not open for further replies.
1 - 6 of 6 Posts

·
Registered
Joined
·
79 Posts
Discussion Starter · #1 ·
I stupidly downloaded a program called bit grabber and now im swamped with pop ups every few minutes while browsing with IE. Can anyone help please ?
This is my log.
Thanks in advance

Logfile of HijackThis v1.99.1
Scan saved at 09:08:10, on 14/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\HP DVD\Umbrella\DVDTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\windows\hffext\hffsrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Lexmark 5400 Series\lxctmon.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashserv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\lxctcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\System32\alg.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Creative\MediaSource\RemoteControl\OSDMenu.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe
C:\Program Files\FotoStation Easy\FotoStation Easy AutoLaunch.exe
C:\Program Files\Nikon\NkView5\NkvMon.exe
C:\Program Files\No-IP\DUC20.exe
C:\Program Files\BT Home Hub\Help\bin\BTHelp.exe
C:\Program Files\BT Home Hub\Help\bin\mpbtn.exe
C:\PROGRA~1\Motive\ASSTCO~1\MOTIVE~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Owner\Local Settings\Temp\wzbd1f\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.co

m/info/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.

com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =

http://gloses.net/search/?ref=2381
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.

com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride

= 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program

Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -

C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} -

C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} -

C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} -

C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update

Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser

Mouse\1.0\lwbwheel.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\HP DVD\Umbrella\DVDTray.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera

301x
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBLive 24-Bit External\Surround

Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [hffsrv] c:\windows\hffext\hffsrv.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control

Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400

Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCTCATS] rundll32

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,[email protected]
O4 - HKLM\..\Run: [V0230Mon.exe] F:\DRIVERS\English\V0230Mon.exe
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live!

Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [PCPitStopEraser] C:\Program Files\PCPitstop\Erase\PCPitStopErase.exe

/remindme
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program

Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Flagbashadminlite] C:\Documents and Settings\All Users\Application

Data\Delete tons flag bash\datepure.exe
O4 - HKLM\..\Run: [Motive SmartBridge]

C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BlockChecker] C:\Program Files\Block Checker\block-checker.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch

USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [winlogons.exe] C:\Program Files\KGB Keylogger\winlogons.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RamBooster] C:\Program Files\RamBooster 2.0\Rambooster.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft

ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program

Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program

Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [RemoteCenter] C:\Program

Files\Creative\MediaSource\RemoteControl\RcMan.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang

1033
O4 - HKCU\..\Run: [readme grim]

C:\DOCUME~1\Owner\APPLIC~1\SLOWWAIT\ballclock.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe"

/RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [eyeBeam SIP Client] "C:\Program Files\BT Broadband Talk

Softphone\BTSoftphone.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program

Files\Creative\MediaSource5\Go\CTCMSGoU.exe" /SCB
O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat

7.0\Reader\reader_sl.exe
O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Home

Hub\Help\bin\matcli.exe
O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -

C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} -

C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program

Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... -

{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft

ActiveSync\INETREPL.DLL
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -

C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} -

C:\PROGRA~1\PACIFI~1\pacificpoker.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -

C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com -

{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program

Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} -

C:\Program Files\ladbrokesMPP\MPPoker.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

%windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.btopenworld.com/
O16 - DPF: PCPitstop-Tracks-Checker - http://www.pcpitstop.com/privacy/PCPTracks.cab
O16 - DPF: RaptisoftGameLoader -

http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -

http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program

Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} -

http://81.174.181.231:9000/activex/AxisCamControl.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} -

http://download.abacast.com/download/files/abasetup152.cab
O16 - DPF: {F2D35D99-63B1-46D3-970C-6E22320D5DCB} (kSoloCntrlIE Class) -

http://www.ksolo.com/playerBase/kSoloIEHDSD.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O19 - User stylesheet: (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program

Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil

Software\Avast4\ashserv.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil

Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil

Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program

Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -

C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -

C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -

C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd -

C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program

Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -

C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
 

·
Administrator
Joined
·
123,536 Posts
Before you proceed with these instructions, please move HijackThis into a separate folder of its own in program files or my documents but not in the temporary files, so that it can create proper back-ups which can be restored, if necessary.

Download and unzip the following to a new folder:
http://metallica.geekstogo.com/findlop.zip

Inside the folder locate findlop.bat

Double click it and it will create the file C:\findlop.txt
Find that file and copy and paste the contents into your next post.

Also, copy the part in bold below into notepad and save it as direxie.bat
Set File type to "All files"

cd\
cd C:\Documents and Settings\%UserName%\Application Data
dir /x > C:\directory.txt
cd C:\Documents and Settings\All Users\Application Data
dir /x >> C:\directory.txt
cd C:\Program Files
dir /x >> C:\directory.txt
start notepad C:\directory.txt


Start the file by double clicking direxie.bat
That will open a file called directory.txt. Post the content of that file.
 

·
Registered
Joined
·
79 Posts
Discussion Starter · #3 ·
Thanks for your help, I have done as you asked. This is the first log you required...

[TRACE] Enumerating jobs and queues
[TRACE] Activating job 'A571975791920A73.job'
[TRACE] Printing all job properties

ApplicationName: 'c:\docume~1\owner\applic~1\slowwait\Okay roam jugs.exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'Owner'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 01/14/2007 20:00:00
NextRun: 01/14/2007 21:00:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 02/27/2000
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

[TRACE] Activating job 'AppleSoftwareUpdate.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\Program Files\Apple Software Update\SoftwareUpdate.exe'
Parameters: '-Task'
WorkingDirectory: ''
Comment: ''
Creator: 'SYSTEM'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 01/11/2007 22:53:00
NextRun: 01/18/2007 22:53:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 0
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Weekly
WeeksInterval: 1
DaysOfTheWeek: ....R..
StartDate: 12/25/2006
EndDate: 00/00/0000
StartTime: 22:53
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

And this is the 2nd log you required....

Volume in drive C has no label.
Volume Serial Number is 1CB1-E8D3

Directory of C:\Documents and Settings\Owner\Application Data

12/01/2007 16:23 .
12/01/2007 16:23 ..
28/12/2006 20:15 5400SE~1 5400 Series
19/10/2006 21:08 Adobe
14/01/2007 13:29 AdobeUM
08/12/2006 11:32 Ahead
10/01/2006 17:34 Aim
25/01/2004 18:01 ANVILS~1 Anvil Studio
25/12/2006 15:26 APPLEC~1 Apple Computer
20/05/2006 20:07 ArcSoft
03/12/2006 15:13 Azureus
12/01/2007 16:23 BITGRA~1 BitGrabber
17/09/2005 12:21 BLOCKC~1 Block Checker
09/01/2007 18:31 Creative
29/02/2004 09:24 DVDSHR~1 DVD Shrink
03/01/2007 14:08 60,784 GDIPFO~1.DAT GDIPFONTCACHEV1.DAT
27/07/2005 20:13 Google
23/02/2003 17:55 Help
23/02/2003 18:24 IDENTI~1 Identities
30/03/2003 19:07 INTERV~1 InterVideo
07/10/2004 19:04 Kontiki
21/10/2005 22:20 Lavasoft
11/02/2004 08:20 LEADER~1 Leadertech
02/07/2004 15:44 Lycos
17/10/2005 16:35 MACROM~1 Macromedia
06/01/2006 21:41 MAILWA~1 MailWasher
06/01/2007 21:29 MICROG~1 Microgaming
28/11/2006 20:45 MICROS~1 Microsoft
31/12/2006 14:09 Motive
13/05/2005 18:16 Mozilla
19/11/2003 22:21 MSN6
31/12/2006 17:16 MUVEET~1 muvee Technologies
23/02/2003 20:02 Nikon
01/01/2007 13:05 Opera
24/08/2006 17:03 PCTOOL~1 PC Tools
25/11/2004 17:04 RAPTIS~1 Raptisoft
13/01/2007 10:00 Real
22/07/2004 12:06 Roxio
02/01/2003 00:11 SAMPLE~1 SampleView
12/06/2006 16:24 Samsung
12/01/2007 16:29 SLOWWAIT
10/01/2007 12:39 SMARTR~1 Smart Recorder
22/10/2006 11:29 SPORTS~1 Sports Interactive
12/07/2003 17:54 STEINB~1 Steinberg
25/02/2003 18:26 Symantec
13/05/2005 18:16 Talkback
26/02/2003 18:43 Template
13/01/2007 21:15 uTorrent
30/03/2003 13:09 VERITAS
30/06/2004 04:01 WSINSP~1 wsInspector
30/12/2006 16:52 Yahoo!
1 File(s) 60,784 bytes
50 Dir(s) 10,118,279,168 bytes free
Volume in drive C has no label.
Volume Serial Number is 1CB1-E8D3

Directory of C:\Documents and Settings\All Users\Application Data

28/12/2006 20:12 5400SE~1 5400 Series
19/10/2006 21:14 Adobe
25/12/2006 15:25 APPLEC~1 Apple Computer
09/01/2007 18:31 Creative
12/01/2007 16:23 DELETE~1 Delete tons flag bash
08/07/2006 13:46 DVDSHR~1 DVD Shrink
20/05/2006 20:07 element5
21/03/2004 21:48 McNeel
30/12/2006 13:08 Motive
24/04/2003 17:24 MSN6
30/12/2006 19:31 MUVEET~1 muvee Technologies
23/01/2006 18:03 Napster
25/12/2006 16:18 1,739 QTSBAN~1 QTSBandwidthCache
23/02/2003 19:22 QUICKT~1 QuickTime
20/07/2005 15:40 RoboForm
01/01/2003 23:16 SBSI
03/02/2006 12:40 SONYER~1 Sony Ericsson
10/11/2006 19:38 SPYBOT~1 Spybot - Search & Destroy
25/02/2003 18:27 Symantec
15/12/2005 19:20 Trymedia
05/10/2005 17:40 VIEWPO~1 Viewpoint
27/05/2006 13:24 WINDOW~1 Windows Genuine Advantage
30/12/2006 16:54 yahoo!
1 File(s) 1,739 bytes
22 Dir(s) 10,118,275,072 bytes free
Volume in drive C has no label.
Volume Serial Number is 1CB1-E8D3

Directory of C:\Program Files

14/01/2007 14:30 .
14/01/2007 14:30 ..
27/12/2005 11:29 3DHOME~1 3D Home Architect
02/07/2004 22:41 A5V4
23/11/2005 13:03 Abacast
28/12/2006 20:11 ABBYYF~1.0SP Abbyy FineReader 6.0 Sprint
29/10/2006 20:29 ACOUST~2 Acoustica Audio Converter Pro
15/03/2003 17:22 ACOUST~1 Acoustica MP3 To Wave Converter PLUS
25/12/2006 20:55 ACTIVI~1 Activision
31/07/2003 08:56 ADDIT!~1 Addit! Pro FS 2000
14/10/2006 18:32 Adobe
01/01/2006 13:43 ADVANC~1 Advanced WindowsCare
21/08/2004 17:26 Agnitum
23/02/2003 19:18 ahead
10/01/2006 17:34 AIM
16/03/2004 13:48 AIRPOR~1 Airport Tycoon 3
23/02/2003 11:24 Alcatel
15/12/2003 20:39 ALCOHO~1 Alcohol Soft
09/09/2003 19:33 ALWILS~1 Alwil Software
25/12/2006 15:21 APPLES~1 Apple Software Update
10/05/2006 13:03 ArcSoft
29/11/2003 01:08 ATITEC~1 ATI Technologies
25/01/2004 21:43 Audacity
15/12/2006 20:34 AUDIOC~1 Audio Converter
05/12/2004 22:39 AVANTG~1 AvantGo Connect
27/09/2005 15:27 AZR
29/03/2006 14:57 BAZOOK~1 Bazooka Scanner
25/04/2003 06:45 Belarc
12/01/2007 16:33 BITGRA~1 BitGrabber
30/06/2006 21:24 BLACKB~1 BlackBean Games
22/10/2006 17:17 BOMA
23/02/2003 16:10 BROWSE~1 Browser Mouse
30/12/2006 16:03 BTBROA~1 BT Broadband Desktop Help
30/12/2006 16:10 BTBROA~2 BT Broadband Talk Softphone
30/12/2006 16:10 BTHOME~1 BT Home Hub
30/12/2006 13:08 btbb_wcm
03/10/2005 08:51 BTOPEN~1 BTopenworld
21/10/2005 22:37 CAPTUR~1 Capture Professional v5 Demo
17/08/2006 20:05 CCleaner
01/01/2007 20:55 CHAMPI~1 Championship Manager 2007
02/07/2004 22:38 CLEANC~1.0 CleanCache 2.0
21/03/2003 14:00 COFFEE~1 CoffeeCup Software
02/01/2007 13:06 COMMON~1 Common Files
02/01/2003 00:05 COMPAQ
01/01/2003 23:08 COMPLU~1 ComPlus Applications
22/06/2004 17:05 COOPER~1 Cooper Security
30/12/2006 21:03 Creative
03/05/2004 21:23 D-Tools
10/01/2007 18:48 DAEMON~1 DAEMON Tools
10/01/2007 18:49 DAEMON~2 DaemonTools_WhenUSave_Installer
25/12/2003 11:37 DARTKA~1 DART Karaoke Studio
10/11/2006 16:00 directx
03/02/2006 13:15 DISC2P~1 Disc2Phone
10/08/2004 17:24 DivX
27/02/2005 01:10 DVDDEC~1 DVD Decrypter
03/09/2004 21:02 DVDSHR~1 DVD Shrink
11/01/2006 17:05 DVR
11/01/2006 16:39 DVRREM~1 DVR Remote Agent
12/10/2006 11:22 EASPOR~1 EA SPORTS
15/12/2003 23:21 ELABOR~1 Elaborate Bytes
01/08/2006 17:21 Enviro!
20/02/2005 11:39 FASTST~1 FastStone Image Viewer
08/07/2004 07:18 FBMSOF~1 FBM Software
14/01/2007 14:30 ffdshow
21/03/2003 19:06 FM101
17/10/2004 19:42 FOTOST~1 FotoStation Easy
28/01/2006 20:12 FREEAU~1 Free Audio Pack
21/10/2006 08:49 GAMESH~1 GameShadow
13/09/2005 19:43 GANYME~1 GanymedeNet
08/07/2004 18:52 GDV6LE
27/07/2005 20:13 Google
26/12/2006 12:17 Grisoft
02/01/2003 00:11 HEWLET~1 Hewlett-Packard
10/11/2006 21:01 HFF
28/09/2004 14:17 HPDVD~1 HP DVD
02/07/2006 10:22 HTC
18/06/2004 07:25 IISYST~1 iISystem Wiper
29/08/2004 18:22 IKEAHO~1 IKEA Home Planner Kitchen
25/03/2005 10:38 ILLUST~1 Illustrate
05/01/2007 10:39 INCOMP~1 Incomplete
10/11/2006 15:14 INFOGR~1 Infogrames
30/03/2003 12:23 INTERA~1 InterActual
21/12/2004 12:26 INTERM~1 InterMute
02/01/2007 23:40 INTERN~1 Internet Explorer
12/01/2006 19:40 INTERP~1 Interplay
25/12/2006 16:33 iPod
25/12/2006 16:33 iTunes
02/01/2007 13:07 Java
03/10/2005 08:51 JAVAWE~1 Java Web Start
10/01/2007 18:52 KONAMI
18/08/2006 17:04 KSUPER~1 Ksuperstar
06/01/2007 23:32 LADBRO~1 ladbrokesMPP
21/10/2005 22:20 Lavasoft
30/12/2006 16:41 LEXMAR~1 Lexmark 5400 Series
30/12/2006 16:39 LEXMAR~2 Lexmark Toolbar
01/01/2003 23:30 Ligos
05/01/2007 10:35 LimeWire
10/01/2007 19:42 Logitech
13/01/2007 11:57 Lx_cats
02/07/2004 13:32 Lycos
02/12/2006 16:07 MEDIAC~1 MediaCoder
21/03/2006 08:45 MESSEN~1 Messenger
18/08/2006 13:15 MI3AA1~1 Microsoft ActiveSync
01/01/2003 23:11 MICROS~1 microsoft frontpage
30/12/2006 20:16 MICROS~2 Microsoft Games
28/02/2004 11:15 MI9513~1 Microsoft Network Guide
21/03/2006 17:30 MICROS~3 Microsoft Office
02/01/2007 23:12 MI18EF~1 Microsoft User Agent String Utility
23/02/2003 19:28 MICROS~4 Microsoft Visual Studio
03/08/2003 10:44 MIB39B~1 Microsoft Windows Application Compatibility Toolkit
03/10/2005 08:51 MIF2B0~1 Microsoft Works
11/06/2006 22:36 MIKSOFT
26/12/2005 19:32 Morpheus
30/12/2006 16:03 Motive
03/10/2005 08:51 MOVIEM~1 Movie Maker
14/01/2007 19:55 MOZILL~1 Mozilla Firefox
15/03/2003 17:37 MP3FIL~1 Mp3 File Editor
29/10/2006 16:02 MP3TOW~1 MP3 to WAV Decoder
03/10/2005 08:51 mpegable
22/08/2005 06:28 MSNAPP~1 MSN Apps
01/01/2003 23:07 MSNGAM~1 MSN Gaming Zone
19/10/2005 16:17 MSNMES~1 MSN Messenger
17/11/2006 03:54 MSXML4~1.0 MSXML 4.0
30/12/2006 19:51 MUVEET~1 muvee Technologies
18/08/2006 12:26 Navman
08/12/2006 11:21 Nero
12/11/2004 16:23 NETMEE~1 NetMeeting
10/09/2004 17:39 NETWOR~1 NetworkViewer
23/02/2003 19:22 Nikon
10/01/2007 17:30 No-IP
25/02/2003 18:27 NORTON~1 Norton AntiVirus
06/09/2006 19:48 OE-MAI~1 OE-Mail Recovery
02/01/2003 00:11 OEMLink
07/07/2004 19:51 ONLINE~1 Online Services
01/01/2007 13:05 Opera
14/12/2006 03:01 OUTLOO~1 Outlook Express
20/11/2006 20:26 PACIFI~1 PacificPoker
25/02/2004 00:30 PANICW~1 Panicware
18/02/2006 23:38 PARTYG~1 PartyGaming
18/02/2006 23:39 PARTYP~1 PartyPoker
13/09/2004 16:15 PCFRIE~1 PCFriendly
20/05/2006 18:46 PCPITS~1 PCPitstop
12/01/2007 16:03 PEERGU~1 PeerGuardian2
17/11/2006 08:13 PERSON~1 Personal Antispy
14/07/2006 16:56 PICMAS~1 PicMaster
17/10/2004 19:55 Pinnacle
17/10/2004 19:47 POLDER~1 PolderbitS
24/12/2006 19:59 PowerISO
22/02/2006 14:24 PPSNOO~1 PP Snooper S3 Updater
18/06/2004 07:29 PRIVAC~2 PrivacyEraser Computing
11/06/2006 10:10 PTGui
25/12/2006 15:23 QUICKT~2 QuickTime
23/01/2006 18:04 QUICKT~1 QuickTime(2)
31/03/2006 13:48 RAMBOO~1.0 RamBooster 2.0
15/02/2006 20:46 Real
07/09/2003 13:37 RECORD~1 RecordNow
22/09/2003 06:58 RedEye
25/04/2003 06:58 REGCLE~1 RegCleaner
11/07/2004 23:19 RSNet
09/10/2004 17:07 Saitek
12/06/2006 15:50 Samsung
11/08/2004 23:03 SANDAL~1 Sandals Resorts Screensaver
02/10/2003 15:30 Serif
20/07/2005 15:40 SIBERS~1 Siber Systems
30/12/2006 19:30 SIGHTS~1 SightSpeed
12/01/2007 16:23 SLOWWAIT
08/07/2004 18:52 SlySoft
12/07/2004 07:17 Snood
02/01/2003 00:16 Sonic
03/02/2006 12:40 SONYER~1 Sony Ericsson
22/10/2006 11:02 SPORTS~1 Sports Interactive
17/08/2006 23:09 SPYBOT~1 Spybot - Search & Destroy
10/11/2006 18:15 SPYWAR~2 Spyware Doctor
13/01/2007 13:11 SPYWAR~1 SpywareBlaster
02/07/2004 22:29 Srng
30/06/2004 21:11 STARTU~1 Startup Inspector for Windows
12/07/2003 17:51 STEINB~1 Steinberg
26/10/2004 22:52 STREAM~1 StreamCast
12/07/2004 22:05 Superjoy
06/07/2004 09:05 SUPERJ~1 Superjoy Box
25/02/2003 18:26 Symantec
02/03/2006 09:28 SYSSHI~1 SysShield Tools
17/05/2004 20:18 TELEEY~1 TeleEye III+ WRS3-AD
26/12/2005 13:37 Trymedia
23/01/2006 17:36 TWEAKN~1 TweakNow RegCleaner
01/01/2006 13:03 TWEAKN~2 TweakNow RegCleaner Std
03/12/2006 15:53 utorrent
02/03/2006 10:04 VECTOR~1 VectorEngineer Quick-Tools
25/12/2006 22:37 VEOHNE~1 Veoh Networks
01/01/2003 23:55 VERITA~1 VERITAS Software
30/12/2006 20:26 VIDEOS~1 Videoswitch
12/01/2007 19:26 VIEWPO~1 Viewpoint
12/07/2003 17:50 VOB
29/03/2006 15:07 vplaces
14/05/2005 17:01 VRTAIN~1 VRtainment
03/05/2004 21:23 VSO
01/03/2005 09:13 WHATSR~1 WhatsRunning
07/01/2007 18:01 WINAVI~1 WinAVIVideoConverter
12/01/2007 19:30 WINDOW~4 Windows Media Connect 2
12/01/2007 19:35 WINDOW~2 Windows Media Player
12/11/2004 16:23 WINDOW~1 Windows NT
31/07/2005 15:23 WinMX
12/10/2006 11:03 WinRAR
14/09/2006 15:47 WinZip
19/03/2006 15:32 WMACON~1 WMA Converter
25/02/2005 10:45 WordView
01/01/2003 23:11 xerox
22/10/2006 10:06 XviD
30/12/2006 16:15 Yahoo!
27/09/2005 15:18 ZIPREP~1 Zip Repair Pro
14/03/2003 21:34 ZONELA~1 Zone Labs
04/03/2003 19:31 ZyXEL
0 File(s) 0 bytes
212 Dir(s) 10,118,258,688 bytes free

I look forward to your next instructions,
many thanks once again
Tony.
 

·
Administrator
Joined
·
123,536 Posts
Your HijackThis log is too difficult to read so I will leave that until the next post.

Download Blockrem from HERE
  • Unzip it to its own folder on your desktop.
  • Boot your computer to safe mode by rebooting and tapping the F8 button repeatedly until it brings up a boot menu.
    From that menu, select Safe Mode by using the arrow keys to highlight it then pressing enter.
  • Once in safe mode open the Blockrem folder on your desktop and double-click blockrem.bat (this is the file with the gear icon) to run it.
  • Once it is running please follow the onscreen instructions.

Copy everything inside the quote box below (starting with @)and paste it into notepad. Go up to "File > Save As", click the drop-down box to change the "Save As Type" to "All Files". Save it as remlop.bat on your desktop.

@echo off
cd C:\WINDOWS\Tasks
attrib -r -s -h A571975791920A73.job
del A571975791920A73.job
exit
Double-click remlop.bat A window will open a close quickly, this is normal.

Go to Control Panel – Add/Remove programs and remove the following, if there:

Viewpoint
BitGrabber


Click Here and download Killbox and save it to your desktop but don’t run it yet.

Then boot to safe mode:

How to restart to safe mode

Double-click on Killbox.exe to run it.
  • Put a tick by Standard File Kill.
  • In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time:

    c:\docume~1\owner\applic~1\slowwait\Okay roam jugs.exe
    C:\Program Files\SLOWWAIT
    C:\Program Files\srng
    C:\Documents and Settings\All Users\Application Data\Delete tons flag bash

  • Click on the button that has the red circle with the X in the middle after you enter each file.
  • It will ask for confirmation to delete the file.
  • Click Yes.
  • Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.
  • Killbox may tell you that one or more files do not exist.
  • If that happens, just continue on with all the files. Be sure you don't miss any.
  • Next in Killbox go to Tools > Delete Temp Files
  • In the window that pops up, put a check by ALL the options there except these three:
    • XP Prefetch
    • Recent
    • History
  • Now click the Delete Selected Temp Files button.
  • Exit the Killbox.

You also have to suspicious looking programs in Program Files, one is named . and the other .. (i.e. one dot and two dots). Are you familiar with these? They were just installed today. If you don't recognize them, see if you can find them and delete them while you're in safe mode.

Reboot and post a new HijackThis log but this time be sure "word wrap" is turned off under "Format" in Notepad.
 
1 - 6 of 6 Posts
Status
Not open for further replies.
Top