1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Hijacked Browser - Please help me soon

Discussion in 'Windows - Virus and spyware problems' started by jsparke, Jun 1, 2008.

  1. jsparke

    jsparke Member

    Joined:
    Feb 24, 2008
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    11
    PLEASE HELP! My browser has been Hijacked and I can't do anything - whever I go on the internet it just redirects me.
    Here is the HijackThis log file - can someone please tell me which entries I need to fix and what files are missing....also how to fix it all! I'm desperate now!!!

    Logfile of HijackThis v1.99.1
    Scan saved at 5:03:25 PM, on 1/06/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\fast.exe
    C:\WINDOWS\System32\taskswitch.exe
    C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
    C:\WINDOWS\system32\carpserv.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\DNA\btdna.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\Documents and Settings\LocalService\cftmon.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
    C:\Program Files\Nero\Nero8\InCD\InCD.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
    C:\WINDOWS\System32\Fast.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    D:\Spyware & Security Tools\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O2 - BHO: Mininova Toolbar - {f592709f-ff4a-4862-b659-4afabda56312} - C:\Program Files\Mininova\tbMini.dll
    O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
    O3 - Toolbar: Mininova Toolbar - {f592709f-ff4a-4862-b659-4afabda56312} - C:\Program Files\Mininova\tbMini.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
    O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\System32\fast.exe
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero8\InCD\InCD.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
    O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\Owner\cftmon.exe
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKLM\..\Run: [BM5327d81b] Rundll32.exe "C:\WINDOWS\system32\ahcphjdp.dll",s
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [EPSON Stylus CX5500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAP.EXE /FU "C:\WINDOWS\TEMP\E_SE6.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
    O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\Owner\cftmon.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.auctiva.com/hostedimages/activex/xupload/XUpload.ocx
    O16 - DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} (PortfolioManagerWT ProfileManager Class) - https://online.westpac.com.au/wtoa/wtOtherAccounts/portfoliomanagerwt.cab
    O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
    O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: xxyaArRH - xxyaArRH.dll (file missing)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
    O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
     
    jsparke, Jun 1, 2008
    #1
  2. cdavfrew

    cdavfrew Regular member

    Joined:
    May 19, 2008
    Messages:
    1,183
    Likes Received:
    0
    Trophy Points:
    46
    Hi jsparke.

    I have picked out a few suspicious entries with your log.

    O4 - HKLM\..\Run: [BM5327d81b] Rundll32.exe "C:\WINDOWS\system32\ahcphjdp.dll",s
    O20 - Winlogon Notify: xxyaArRH - xxyaArRH.dll (file missing)

    Also, please post here the contents of your hosts file (C:\Windows\system32\drivers\etc). You can open it with notepad.

    To fix your malware problem, please download A-squared, and then post the A-squared scan log here, without deleting anything.

    Best Regards :D

    PS: I see that you have btdna.exe and Mininova toolbar, both of which have to do with torrent files, and can introduce malware into your system if infected torrent files are run.
     
    cdavfrew, Jun 1, 2008
    #2
  3. jsparke

    jsparke Member

    Joined:
    Feb 24, 2008
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    11
    Hi cdavfrew,

    Thanks. I amruuning A-Sqaured now nd will post the log when done (as long as I can work out how t see the log after scanning)

    Did you think I should delete those entries you mntioned from HijackThis?

    I'm not actually sure what you mean by :- please post here the contents of your hosts file (C:\Windows\system32\drivers\etc). You can open it with notepad.
    Could you please advise wher eI can find this info so I can post it here.

    Thanks for our help, I hope I can get this fixed soon.
     
    jsparke, Jun 1, 2008
    #3
  4. jsparke

    jsparke Member

    Joined:
    Feb 24, 2008
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    11
    Here is the log from A-Squared (nothing deleted)

    a-squared Anti-Malware - Version 3.5
    Last update: 1/06/2008 6:59:02 PM

    Scan settings:

    Objects: Memory, Traces, Cookies, C:\WINDOWS\, C:\Program Files
    Scan archives: On
    Heuristics: On
    ADS Scan: On

    Scan start: 1/06/2008 7:00:07 PM

    Value: HKEY_CLASSES_ROOT\arlnk --> URL Protocol detected: Trace.Registry.Ares
    Key: HKEY_CLASSES_ROOT\clsid\{9afb8248-617f-460d-9366-d71cdeda3179} detected: Trace.Registry.FunWebProducts
    Key: HKEY_CLASSES_ROOT\clsid\{147a976f-eee1-4377-8ea7-4716e4cdd239} detected: Trace.Registry.MyWebSearchToobar
    Key: HKEY_CLASSES_ROOT\clsid\{147a976f-eee1-4377-8ea7-4716e4cdd239} detected: Trace.Registry.MyWebSearchToolbar
    c:\windows\hh.ico detected: Trace.File.Xtractor Plus 3.6
    Value: HKEY_CLASSES_ROOT\CLSID\{0AF8185C-26D7-4607-A005-7D586B750C38}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Blubster
    Value: HKEY_CLASSES_ROOT\CLSID\{5BF31631-3D94-4267-B6F4-0CE18B008928}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Blubster
    Value: HKEY_CLASSES_ROOT\CLSID\{D322CFB6-5195-4EDA-87CA-6D624CCF2751}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Blubster
    Value: HKEY_CLASSES_ROOT\CLSID\{EFC25C6F-1A04-43FD-AB25-0F3ED89E050A}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Blubster
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0AF8185C-26D7-4607-A005-7D586B750C38}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Blubster
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BF31631-3D94-4267-B6F4-0CE18B008928}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Blubster
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D322CFB6-5195-4EDA-87CA-6D624CCF2751}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Blubster
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EFC25C6F-1A04-43FD-AB25-0F3ED89E050A}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Blubster
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Freeze.com\Installer --> id detected: Trace.Registry.Living Beaches #2 Animated Wallpaper
    Value: HKEY_CLASSES_ROOT\CLSID\{03A1A408-CB07-4C90-B380-78C83828707D}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_CLASSES_ROOT\CLSID\{0622801A-0B11-4A90-A036-56CC93D4AA5E}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_CLASSES_ROOT\CLSID\{08CEC807-8452-4CE0-B682-6ED8FAC75FDB}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_CLASSES_ROOT\CLSID\{09A3D436-4063-46DA-9DD6-0A4FE9D3F887}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_CLASSES_ROOT\CLSID\{12798743-BA16-448C-B122-8A3EA40ECEB0}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_CLASSES_ROOT\CLSID\{13151C33-1150-4D7A-8E43-87CA44E85D7E}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_CLASSES_ROOT\CLSID\{1A1FF417-C908-41F0-9AED-ED312EB68500}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_CLASSES_ROOT\CLSID\{2062525A-D503-4ECE-A3C2-D1883DCBBFA6}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_CLASSES_ROOT\CLSID\{247F1754-ABE2-4985-9A7A-94E106EDD15D}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_CLASSES_ROOT\CLSID\{29C32CDC-26AA-42C5-A6FD-2192F59B24BB}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_CLASSES_ROOT\CLSID\{2AD3DEA9-C68D-4976-A627-5CA4ADF99EC4}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_CLASSES_ROOT\CLSID\{38975430-A042-48C7-B6B9-42875B895589}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_CLASSES_ROOT\CLSID\{4340BF93-8CB0-4DD9-89ED-5B2980E3F98C}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_CLASSES_ROOT\CLSID\{4B51C1BC-C1EF-4DC6-B50E-61C50DDBFED0}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_CLASSES_ROOT\CLSID\{4CE53602-D079-410F-BE21-0F86C472709D}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_CLASSES_ROOT\CLSID\{5BAD6705-C8AB-49FD-B76B-031C66171FFA}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_CLASSES_ROOT\CLSID\{61634438-3BA1-419B-8CFB-A94ADF2B7B6A}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_CLASSES_ROOT\CLSID\{6A5FB6A5-4B93-430F-A747-CA4F01A2BDB7}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_CLASSES_ROOT\CLSID\{6DA92D60-5B0C-425E-97C8-658865A96E7D}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_CLASSES_ROOT\CLSID\{7237A978-67A9-455C-8E99-3E0A5B1AECEF}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_CLASSES_ROOT\CLSID\{7AB80000-6E98-4A2B-814E-8F259331AAFF}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_CLASSES_ROOT\CLSID\{8372E131-F6DF-41CE-AC89-FC5F2AB7FE0F}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_CLASSES_ROOT\CLSID\{93993BC0-C75C-429A-819D-B04E7ED885DA}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_CLASSES_ROOT\CLSID\{93E1BF2D-FAB5-4243-BD25-0EFDB8964935}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_CLASSES_ROOT\CLSID\{A2AC1E1F-8F6B-4CA3-80EF-9AAEF18AA0EF}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_CLASSES_ROOT\CLSID\{AEFB259B-2CA8-47C5-AAB4-6557DFCC97D3}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_CLASSES_ROOT\CLSID\{B269327C-3440-487A-8CDC-1A7741C467E9}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_CLASSES_ROOT\CLSID\{BAF45FE2-CA67-49EE-BC0E-916B9F861E1E}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_CLASSES_ROOT\CLSID\{D0900FFC-332A-4405-A09E-C6147772D0A2}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_CLASSES_ROOT\CLSID\{D0B07D23-4A06-4152-87EB-FD201233B137}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_CLASSES_ROOT\CLSID\{D6D7387C-7369-49DD-B791-CD12A2243895}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_CLASSES_ROOT\CLSID\{D8286F34-EEDA-4898-9EC7-D2D9E70DDBBF}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_CLASSES_ROOT\CLSID\{DAC39EE6-F721-4B4B-834D-244506139197}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_CLASSES_ROOT\CLSID\{E615A9D8-2FAD-4732-803C-FFB21CA1EAEF}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_CLASSES_ROOT\CLSID\{E72E7BFF-7D81-4211-8598-77C701A827B8}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_CLASSES_ROOT\CLSID\{FDC077D4-7094-4CC9-A3B6-9C28C362FF1E}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_CLASSES_ROOT\CLSID\{FF9982B4-EB7D-49CF-A76A-08F38119FAB4}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_USERS\S-1-5-21-1214440339-413027322-839522115-1003\Software\Winferno\RegPowerClean --> AutoBackup detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_USERS\S-1-5-21-1214440339-413027322-839522115-1003\Software\Winferno\RegPowerClean --> SBOption detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_USERS\S-1-5-21-1214440339-413027322-839522115-1003\Software\Winferno\RegPowerClean --> StartBehavior detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03A1A408-CB07-4C90-B380-78C83828707D}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0622801A-0B11-4A90-A036-56CC93D4AA5E}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08CEC807-8452-4CE0-B682-6ED8FAC75FDB}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09A3D436-4063-46DA-9DD6-0A4FE9D3F887}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{12798743-BA16-448C-B122-8A3EA40ECEB0}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{13151C33-1150-4D7A-8E43-87CA44E85D7E}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1A1FF417-C908-41F0-9AED-ED312EB68500}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2062525A-D503-4ECE-A3C2-D1883DCBBFA6}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{247F1754-ABE2-4985-9A7A-94E106EDD15D}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29C32CDC-26AA-42C5-A6FD-2192F59B24BB}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2AD3DEA9-C68D-4976-A627-5CA4ADF99EC4}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{38975430-A042-48C7-B6B9-42875B895589}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4340BF93-8CB0-4DD9-89ED-5B2980E3F98C}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B51C1BC-C1EF-4DC6-B50E-61C50DDBFED0}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4CE53602-D079-410F-BE21-0F86C472709D}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BAD6705-C8AB-49FD-B76B-031C66171FFA}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61634438-3BA1-419B-8CFB-A94ADF2B7B6A}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A5FB6A5-4B93-430F-A747-CA4F01A2BDB7}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6DA92D60-5B0C-425E-97C8-658865A96E7D}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7237A978-67A9-455C-8E99-3E0A5B1AECEF}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7AB80000-6E98-4A2B-814E-8F259331AAFF}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8372E131-F6DF-41CE-AC89-FC5F2AB7FE0F}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93993BC0-C75C-429A-819D-B04E7ED885DA}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93E1BF2D-FAB5-4243-BD25-0EFDB8964935}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A2AC1E1F-8F6B-4CA3-80EF-9AAEF18AA0EF}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEFB259B-2CA8-47C5-AAB4-6557DFCC97D3}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B269327C-3440-487A-8CDC-1A7741C467E9}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BAF45FE2-CA67-49EE-BC0E-916B9F861E1E}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0900FFC-332A-4405-A09E-C6147772D0A2}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0B07D23-4A06-4152-87EB-FD201233B137}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D6D7387C-7369-49DD-B791-CD12A2243895}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D8286F34-EEDA-4898-9EC7-D2D9E70DDBBF}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DAC39EE6-F721-4B4B-834D-244506139197}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E615A9D8-2FAD-4732-803C-FFB21CA1EAEF}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E72E7BFF-7D81-4211-8598-77C701A827B8}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDC077D4-7094-4CC9-A3B6-9C28C362FF1E}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF9982B4-EB7D-49CF-A76A-08F38119FAB4}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Freeze.com\Installer --> id detected: Trace.Registry.EZ Game Cheats
    Value: HKEY_CLASSES_ROOT\arlnk --> URL Protocol detected: Trace.Registry.Ares Galaxy P2P Plus
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\arlnk --> URL Protocol detected: Trace.Registry.Ares Galaxy P2P Plus
    c:\windows\fish.scr detected: Trace.File.Fish ScreenSaver
    C:\Documents and Settings\Owner\Cookies\owner@adtech[1].txt detected: Trace.TrackingCookie
    C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt detected: Trace.TrackingCookie
    C:\Documents and Settings\Owner\Cookies\owner@com[1].txt detected: Trace.TrackingCookie
    C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt detected: Trace.TrackingCookie
    C:\Documents and Settings\Owner\Cookies\owner@media.adrevolver[1].txt detected: Trace.TrackingCookie
    C:\Documents and Settings\Owner\Cookies\owner@media.adrevolver[2].txt detected: Trace.TrackingCookie
    C:\Documents and Settings\Owner\Cookies\owner@media6degrees[2].txt detected: Trace.TrackingCookie
    C:\Documents and Settings\Owner\Cookies\owner@trafficmp[1].txt detected: Trace.TrackingCookie
    C:\Program Files\AskTBar\bar\1.bin\A5POPSWT.DLL detected: Riskware.AdTool.Win32.MyWebSearch.az
    C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL detected: Riskware.AdTool.Win32.MyWebSearch.az
    C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL detected: Riskware.AdTool.Win32.MyWebSearch.az

    Scanned

    Files: 191130
    Traces: 412111
    Cookies: 43
    Processes: 70

    Found

    Files: 3
    Traces: 95
    Cookies: 8
    Processes: 0
    Registry keys: 0

    Scan end: 1/06/2008 8:36:51 PM
    Scan time: 1:36:44

     
    jsparke, Jun 1, 2008
    #4
  5. cdavfrew

    cdavfrew Regular member

    Joined:
    May 19, 2008
    Messages:
    1,183
    Likes Received:
    0
    Trophy Points:
    46
    Woah.... you a-squared log sure tries to make a message! I will allow you to delete everything on that log, as long as you have no problem with it. You should probably look through it, and ignore anything you intentionally put on your system. Everything else should be deleted.

    Also, as for your hijack this entries, yes, you can check them and then click the option "fix".

    For your hosts file, navigate to C:\Windows\system32\drivers\etc and then open the hosts file in notepad.

    Best Regards :D
     
    cdavfrew, Jun 1, 2008
    #5
  6. jsparke

    jsparke Member

    Joined:
    Feb 24, 2008
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    11
    Hi,
    Thanks.
    I have delted/fixed hjackthis entries, and now running a-squared to dleter all there too.

    Here is the oher hosts file:

    # Copyright (c) 1993-1999 Microsoft Corp.
    #
    # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
    #
    # This file contains the mappings of IP addresses to host names. Each
    # entry should be kept on an individual line. The IP address should
    # be placed in the first column followed by the corresponding host name.
    # The IP address and the host name should be separated by at least one
    # space.
    #
    # Additionally, comments (such as these) may be inserted on individual
    # lines or following the machine name denoted by a '#' symbol.
    #
    # For example:
    #
    # 102.54.94.97 rhino.acme.com # source server
    # 38.25.63.10 x.acme.com # x client host

    127.0.0.1 localhost

    What does all this mean?????
     
    jsparke, Jun 1, 2008
    #6
  7. cdavfrew

    cdavfrew Regular member

    Joined:
    May 19, 2008
    Messages:
    1,183
    Likes Received:
    0
    Trophy Points:
    46
    You should be all good now. Your hosts file shows nothing bad, only the default parameters and such. You can read all about the hosts file here (http://en.wikipedia.org/wiki/Hosts_file), and learn what it used for. Then you can understand those lines.

    That's it! If you still have problems, feel free to post here!

    Best Regards :D
     
    cdavfrew, Jun 2, 2008
    #7

Share This Page