Lavasoft Support Forums > Hellp with spyware

Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive HijackThis Logs

goli

Dec 25 2008, 03:11 PM

Hello.
For the last few days I have a problem with unwanted pop ups and google search, the google search is messed up, when clicking on a results, it durect me to other sited, kind of this 216.133.243.28 and then it getting crazy with many other sites.
I was reading at the forums and downloaded this Fixwareout.exe and run it and this is what I got:

Username "golan" - 12/25/2008 10:46:06 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

Successfully flushed the DNS Resolver Cache.

System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ipTray.exe"="\"C:\\Program Files\\Intel\\IDU\\iptray.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"IntelAudioStudio"="\"C:\\Program Files\\Intel Audio Studio\\IntelAudioStudio.exe\" TRAY"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"AVG8_TRAY"="C:\\PROGRA~1\\AVG\\AVG8\\avgtray.exe"
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\""
"Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"PCPitstop Optimize Registration Reminder"="C:\\Program Files\\PCPitstop\\Optimize\\Reminder.exe"
"Intuit SyncManager"="C:\\Program Files\\Common Files\\Intuit\\Sync\\IntuitSyncManager.exe startup"
"Profiler"="C:\\Program Files\\Saitek\\Software\\ProfilerU.exe"
"SaiMfd"="C:\\Program Files\\Saitek\\Software\\SaiMfd.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre6\\bin\\jusched.exe\""
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"DAEMON Tools Lite"="\"C:\\Program Files\\DAEMON Tools Lite\\daemon.exe\" -autorun"
"TomTomHOME.exe"="\"C:\\Program Files\\TomTom HOME 2\\HOMERunner.exe\""
"BitTorrent DNA"="\"C:\\Program Files\\DNA\\btdna.exe\""
"EPSON Stylus CX7400 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATICDA.EXE /FU \"C:\\DOCUME~1\\golan\\LOCALS~1\\Temp\\E_S9C3.tmp\" /EF \"HKCU\""
"ares"="\"C:\\Program Files\\Ares\\Ares.exe\" -h"
"RGSC"="C:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe /silent"
"AlcoholAutomount"="\"C:\\Program Files\\Alcohol Soft\\Alcohol 120\\axcmd.exe\" /automount"
"gadcom"="\"C:\\Documents and Settings\\golan\\Application Data\\gadcom\\gadcom.exe\" 61A847B5BBF72813329D31466188719AB689201522886B092CBD44BD8689220221DD3257"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~

Please help me with this issue.
Thank you so very much.
Goli.

Blade81

Dec 26 2008, 09:20 AM

Hi

Download and install TrendMicro HijackThis
* Once installed open HijackThis by clicking Start > Programs > HijackThis and click the button labeled
Do a system scan only

* Click the scan button in the lower left hand corner of the interface and HijackThis will quickly scan your system.
* Once the scan is complete the scan button will now read save log. Click this button to save the log file to your PC. Once you select where you would like to save the file it will open in your systems default text editor. Typically this application is Notepad. Post the log here.

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.