Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Monday 6.10.2008 / 15:02
Search:        In English   Suomeksi   Pĺ svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > hijacked browser - please help me soon
Show topics
 
Forums
Forums
Hijacked Browser - Please help me soon
  Jump to:
 
Posted Message
jsparke
Junior Member
_ 		1. June 2008 @ 03:04 _ Link to this message    Send private message to this user   
PLEASE HELP! My browser has been Hijacked and I can't do anything - whever I go on the internet it just redirects me.
Here is the HijackThis log file - can someone please tell me which entries I need to fix and what files are missing....also how to fix it all! I'm desperate now!!!

Logfile of HijackThis v1.99.1
Scan saved at 5:03:25 PM, on 1/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\fast.exe
C:\WINDOWS\System32\taskswitch.exe
C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Documents and Settings\LocalService\cftmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
C:\Program Files\Nero\Nero8\InCD\InCD.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\WINDOWS\System32\Fast.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Spyware & Security Tools\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Mininova Toolbar - {f592709f-ff4a-4862-b659-4afabda56312} - C:\Program Files\Mininova\tbMini.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Mininova Toolbar - {f592709f-ff4a-4862-b659-4afabda56312} - C:\Program Files\Mininova\tbMini.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\System32\fast.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero8\InCD\InCD.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\Owner\cftmon.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [BM5327d81b] Rundll32.exe "C:\WINDOWS\system32\ahcphjdp.dll",s
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [EPSON Stylus CX5500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAP.EXE /FU "C:\WINDOWS\TEMP\E_SE6.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\Owner\cftmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.auctiva.com/hostedimages/activex/xupload/XUpload.ocx
O16 - DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} (PortfolioManagerWT ProfileManager Class) - https://online.westpac.com.au/wtoa/wtOtherAccounts/portfoliomanagerwt.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/ve...vex-2.2.1.6.cab
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: xxyaArRH - xxyaArRH.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
[ + quote]
cdavfrew
Senior Member
_ 		1. June 2008 @ 03:29 _ Link to this message    Send private message to this user   
Hi jsparke.

I have picked out a few suspicious entries with your log.

O4 - HKLM\..\Run: [BM5327d81b] Rundll32.exe "C:\WINDOWS\system32\ahcphjdp.dll",s
O20 - Winlogon Notify: xxyaArRH - xxyaArRH.dll (file missing)

Also, please post here the contents of your hosts file (C:\Windows\system32\drivers\etc). You can open it with notepad.

To fix your malware problem, please download A-squared, and then post the A-squared scan log here, without deleting anything.

Best Regards :D

PS: I see that you have btdna.exe and Mininova toolbar, both of which have to do with torrent files, and can introduce malware into your system if infected torrent files are run.
[ + quote]
jsparke
Junior Member
_ 		1. June 2008 @ 05:22 _ Link to this message    Send private message to this user   
Hi cdavfrew,

Thanks. I amruuning A-Sqaured now nd will post the log when done (as long as I can work out how t see the log after scanning)

Did you think I should delete those entries you mntioned from HijackThis?

I'm not actually sure what you mean by :- please post here the contents of your hosts file (C:\Windows\system32\drivers\etc). You can open it with notepad.
Could you please advise wher eI can find this info so I can post it here.

Thanks for our help, I hope I can get this fixed soon.
[ + quote]
jsparke
Junior Member
_ 		1. June 2008 @ 06:38 _ Link to this message    Send private message to this user   
Here is the log from A-Squared (nothing deleted)

a-squared Anti-Malware - Version 3.5
Last update: 1/06/2008 6:59:02 PM

Scan settings:

Objects: Memory, Traces, Cookies, C:\WINDOWS\, C:\Program Files
Scan archives: On
Heuristics: On
ADS Scan: On

Scan start: 1/06/2008 7:00:07 PM

Value: HKEY_CLASSES_ROOT\arlnk --> URL Protocol detected: Trace.Registry.Ares
Key: HKEY_CLASSES_ROOT\clsid\{9afb8248-617f-460d-9366-d71cdeda3179} detected: Trace.Registry.FunWebProducts
Key: HKEY_CLASSES_ROOT\clsid\{147a976f-eee1-4377-8ea7-4716e4cdd239} detected: Trace.Registry.MyWebSearchToobar
Key: HKEY_CLASSES_ROOT\clsid\{147a976f-eee1-4377-8ea7-4716e4cdd239} detected: Trace.Registry.MyWebSearchToolbar
c:\windows\hh.ico detected: Trace.File.Xtractor Plus 3.6
Value: HKEY_CLASSES_ROOT\CLSID\{0AF8185C-26D7-4607-A005-7D586B750C38}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Blubster
Value: HKEY_CLASSES_ROOT\CLSID\{5BF31631-3D94-4267-B6F4-0CE18B008928}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Blubster
Value: HKEY_CLASSES_ROOT\CLSID\{D322CFB6-5195-4EDA-87CA-6D624CCF2751}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Blubster
Value: HKEY_CLASSES_ROOT\CLSID\{EFC25C6F-1A04-43FD-AB25-0F3ED89E050A}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Blubster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0AF8185C-26D7-4607-A005-7D586B750C38}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Blubster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BF31631-3D94-4267-B6F4-0CE18B008928}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Blubster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D322CFB6-5195-4EDA-87CA-6D624CCF2751}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Blubster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EFC25C6F-1A04-43FD-AB25-0F3ED89E050A}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Blubster
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Freeze.com\Installer --> id detected: Trace.Registry.Living Beaches #2 Animated Wallpaper
Value: HKEY_CLASSES_ROOT\CLSID\{03A1A408-CB07-4C90-B380-78C83828707D}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_CLASSES_ROOT\CLSID\{0622801A-0B11-4A90-A036-56CC93D4AA5E}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_CLASSES_ROOT\CLSID\{08CEC807-8452-4CE0-B682-6ED8FAC75FDB}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_CLASSES_ROOT\CLSID\{09A3D436-4063-46DA-9DD6-0A4FE9D3F887}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_CLASSES_ROOT\CLSID\{12798743-BA16-448C-B122-8A3EA40ECEB0}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_CLASSES_ROOT\CLSID\{13151C33-1150-4D7A-8E43-87CA44E85D7E}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_CLASSES_ROOT\CLSID\{1A1FF417-C908-41F0-9AED-ED312EB68500}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_CLASSES_ROOT\CLSID\{2062525A-D503-4ECE-A3C2-D1883DCBBFA6}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_CLASSES_ROOT\CLSID\{247F1754-ABE2-4985-9A7A-94E106EDD15D}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_CLASSES_ROOT\CLSID\{29C32CDC-26AA-42C5-A6FD-2192F59B24BB}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_CLASSES_ROOT\CLSID\{2AD3DEA9-C68D-4976-A627-5CA4ADF99EC4}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_CLASSES_ROOT\CLSID\{38975430-A042-48C7-B6B9-42875B895589}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_CLASSES_ROOT\CLSID\{4340BF93-8CB0-4DD9-89ED-5B2980E3F98C}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_CLASSES_ROOT\CLSID\{4B51C1BC-C1EF-4DC6-B50E-61C50DDBFED0}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_CLASSES_ROOT\CLSID\{4CE53602-D079-410F-BE21-0F86C472709D}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_CLASSES_ROOT\CLSID\{5BAD6705-C8AB-49FD-B76B-031C66171FFA}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_CLASSES_ROOT\CLSID\{61634438-3BA1-419B-8CFB-A94ADF2B7B6A}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_CLASSES_ROOT\CLSID\{6A5FB6A5-4B93-430F-A747-CA4F01A2BDB7}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_CLASSES_ROOT\CLSID\{6DA92D60-5B0C-425E-97C8-658865A96E7D}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_CLASSES_ROOT\CLSID\{7237A978-67A9-455C-8E99-3E0A5B1AECEF}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_CLASSES_ROOT\CLSID\{7AB80000-6E98-4A2B-814E-8F259331AAFF}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_CLASSES_ROOT\CLSID\{8372E131-F6DF-41CE-AC89-FC5F2AB7FE0F}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_CLASSES_ROOT\CLSID\{93993BC0-C75C-429A-819D-B04E7ED885DA}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_CLASSES_ROOT\CLSID\{93E1BF2D-FAB5-4243-BD25-0EFDB8964935}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_CLASSES_ROOT\CLSID\{A2AC1E1F-8F6B-4CA3-80EF-9AAEF18AA0EF}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_CLASSES_ROOT\CLSID\{AEFB259B-2CA8-47C5-AAB4-6557DFCC97D3}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_CLASSES_ROOT\CLSID\{B269327C-3440-487A-8CDC-1A7741C467E9}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_CLASSES_ROOT\CLSID\{BAF45FE2-CA67-49EE-BC0E-916B9F861E1E}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_CLASSES_ROOT\CLSID\{D0900FFC-332A-4405-A09E-C6147772D0A2}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_CLASSES_ROOT\CLSID\{D0B07D23-4A06-4152-87EB-FD201233B137}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_CLASSES_ROOT\CLSID\{D6D7387C-7369-49DD-B791-CD12A2243895}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_CLASSES_ROOT\CLSID\{D8286F34-EEDA-4898-9EC7-D2D9E70DDBBF}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_CLASSES_ROOT\CLSID\{DAC39EE6-F721-4B4B-834D-244506139197}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_CLASSES_ROOT\CLSID\{E615A9D8-2FAD-4732-803C-FFB21CA1EAEF}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_CLASSES_ROOT\CLSID\{E72E7BFF-7D81-4211-8598-77C701A827B8}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_CLASSES_ROOT\CLSID\{FDC077D4-7094-4CC9-A3B6-9C28C362FF1E}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_CLASSES_ROOT\CLSID\{FF9982B4-EB7D-49CF-A76A-08F38119FAB4}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_USERS\S-1-5-21-1214440339-413027322-839522115-1003\Software\Winferno\RegPowerClean --> AutoBackup detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_USERS\S-1-5-21-1214440339-413027322-839522115-1003\Software\Winferno\RegPowerClean --> SBOption detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_USERS\S-1-5-21-1214440339-413027322-839522115-1003\Software\Winferno\RegPowerClean --> StartBehavior detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03A1A408-CB07-4C90-B380-78C83828707D}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0622801A-0B11-4A90-A036-56CC93D4AA5E}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08CEC807-8452-4CE0-B682-6ED8FAC75FDB}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09A3D436-4063-46DA-9DD6-0A4FE9D3F887}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{12798743-BA16-448C-B122-8A3EA40ECEB0}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{13151C33-1150-4D7A-8E43-87CA44E85D7E}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1A1FF417-C908-41F0-9AED-ED312EB68500}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2062525A-D503-4ECE-A3C2-D1883DCBBFA6}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{247F1754-ABE2-4985-9A7A-94E106EDD15D}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29C32CDC-26AA-42C5-A6FD-2192F59B24BB}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2AD3DEA9-C68D-4976-A627-5CA4ADF99EC4}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{38975430-A042-48C7-B6B9-42875B895589}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4340BF93-8CB0-4DD9-89ED-5B2980E3F98C}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B51C1BC-C1EF-4DC6-B50E-61C50DDBFED0}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4CE53602-D079-410F-BE21-0F86C472709D}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BAD6705-C8AB-49FD-B76B-031C66171FFA}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61634438-3BA1-419B-8CFB-A94ADF2B7B6A}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A5FB6A5-4B93-430F-A747-CA4F01A2BDB7}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6DA92D60-5B0C-425E-97C8-658865A96E7D}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7237A978-67A9-455C-8E99-3E0A5B1AECEF}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7AB80000-6E98-4A2B-814E-8F259331AAFF}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8372E131-F6DF-41CE-AC89-FC5F2AB7FE0F}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93993BC0-C75C-429A-819D-B04E7ED885DA}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93E1BF2D-FAB5-4243-BD25-0EFDB8964935}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A2AC1E1F-8F6B-4CA3-80EF-9AAEF18AA0EF}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEFB259B-2CA8-47C5-AAB4-6557DFCC97D3}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B269327C-3440-487A-8CDC-1A7741C467E9}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BAF45FE2-CA67-49EE-BC0E-916B9F861E1E}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0900FFC-332A-4405-A09E-C6147772D0A2}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0B07D23-4A06-4152-87EB-FD201233B137}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D6D7387C-7369-49DD-B791-CD12A2243895}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D8286F34-EEDA-4898-9EC7-D2D9E70DDBBF}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DAC39EE6-F721-4B4B-834D-244506139197}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E615A9D8-2FAD-4732-803C-FFB21CA1EAEF}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E72E7BFF-7D81-4211-8598-77C701A827B8}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDC077D4-7094-4CC9-A3B6-9C28C362FF1E}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF9982B4-EB7D-49CF-A76A-08F38119FAB4}\InprocServer32 --> ThreadingModel detected: Trace.Registry.RegistryPowerCleaner
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Freeze.com\Installer --> id detected: Trace.Registry.EZ Game Cheats
Value: HKEY_CLASSES_ROOT\arlnk --> URL Protocol detected: Trace.Registry.Ares Galaxy P2P Plus
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\arlnk --> URL Protocol detected: Trace.Registry.Ares Galaxy P2P Plus
c:\windows\fish.scr detected: Trace.File.Fish ScreenSaver
C:\Documents and Settings\Owner\Cookies\owner@adtech[1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Owner\Cookies\owner@com[1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Owner\Cookies\owner@media.adrevolver[1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Owner\Cookies\owner@media.adrevolver[2].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Owner\Cookies\owner@media6degrees[2].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Owner\Cookies\owner@trafficmp[1].txt detected: Trace.TrackingCookie
C:\Program Files\AskTBar\bar\1.bin\A5POPSWT.DLL detected: Riskware.AdTool.Win32.MyWebSearch.az
C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL detected: Riskware.AdTool.Win32.MyWebSearch.az
C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL detected: Riskware.AdTool.Win32.MyWebSearch.az

Scanned

Files: 191130
Traces: 412111
Cookies: 43
Processes: 70

Found

Files: 3
Traces: 95
Cookies: 8
Processes: 0
Registry keys: 0

Scan end: 1/06/2008 8:36:51 PM
Scan time: 1:36:44
[ + quote]
cdavfrew
Senior Member
_ 		1. June 2008 @ 06:44 _ Link to this message    Send private message to this user   
Woah.... you a-squared log sure tries to make a message! I will allow you to delete everything on that log, as long as you have no problem with it. You should probably look through it, and ignore anything you intentionally put on your system. Everything else should be deleted.

Also, as for your hijack this entries, yes, you can check them and then click the option "fix".

For your hosts file, navigate to C:\Windows\system32\drivers\etc and then open the hosts file in notepad.

Best Regards :D
[ + quote]
jsparke
Junior Member
_ 		1. June 2008 @ 22:07 _ Link to this message    Send private message to this user   
Hi,
Thanks.
I have delted/fixed hjackthis entries, and now running a-squared to dleter all there too.

Here is the oher hosts file:

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

What does all this mean?????
[ + quote]
Advertisement
_ 		__
 
_
cdavfrew
Senior Member
_ 		2. June 2008 @ 09:45 _ Link to this message    Send private message to this user   
You should be all good now. Your hosts file shows nothing bad, only the default parameters and such. You can read all about the hosts file here (http://en.wikipedia.org/wiki/Hosts_file), and learn what it used for. Then you can understand those lines.

That's it! If you still have problems, feel free to post here!

Best Regards :D
[ + quote]
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > hijacked browser - please help me soon
 

Digital video: AfterDawn.com | AfterDawn Forums | DVD X Copy Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | download.fi | fin.MP3Lizard.com
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2008 by AfterDawn Ltd.