Options

Help! Avast abort connection message

Unknown
edited February 2005 in Spyware & Virus Removal
Hi all

I went away recently, and when I came back the children had been my pc, and now I have a major problem. Every minute or so, I am getting the following warning from avast. [see attachment]

I have a broadband connection, and use Mozilla browser, but dont think its browser related as still getting this alert when not browsing.

I have disconnected the network cable, turned off system restore and run fully updated versions of Adaware, Avast and even microsofts trojan detector, but all to no avail. BTW, when cable is disconnected, warnings stop.

I have manually deleted ALL temp files, etc, as well as letting windows do a clean up, but still nothing. This is the Hijack This log file.....ANY help with this problem would be appreciated. I have used the forum search facility but can only find reference to this apparently generic trojan regarding finding it as a virus/malware...nothing about this abort connection message. :(

The only thing I can think of is that it is a particularly nasty dialler, but as I have no modem on the computer and the broadband modem does not even connect to a telephone line {NTL, it goes out via the TV set top box connection, not phone line] it is not being successful. A search of windows produced a modem log file with loads of failed attempts to connect to modemwhich I can also post if needs be - however, here is the hijackthis log.

Thankyou in advance for any help.
Logfile of HijackThis v1.99.1
Scan saved at 12:59:46, on 25/02/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\WINDOWS\Mixer.exe
D:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
D:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
D:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
D:\WINDOWS\mbdxvl.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\Spyware Doctor\swdoctor.exe
D:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
D:\Program Files\Extended Systems\XTNDConnect Blue Manager\XTNDConnect Blue Manager\XCBluMgr.exe
D:\PROGRA~1\EXTEND~1\XTNDCO~1\XTNDCO~1\SUSHIM~1.EXE
D:\Program Files\Extended Systems\XTNDConnect Blue Manager\btprot.exe
D:\PROGRA~1\EXTEND~1\XTNDCO~1\XTNDCO~1\BTUI_M~1.EXE
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\Yvonne\My Documents\set up files\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - D:\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - D:\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - D:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - D:\Program Files\Ipswitch\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [DataLayer] D:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [W5VD] D:\WINDOWS\mbdxvl.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "D:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Startup.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZN
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: ChatSpace Full Java Client 3.1.0.235N - http://205.177.13.50/Java/cfsn31235.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/gamc14-gb/gbc14/games4.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

Comments

  • Buckeye_SamBuckeye_Sam Columbus, Ohio
    edited February 2005
    Download and run this tool.
    http://securityresponse.symantec.com/avcenter/FxIstbar.exe

    Let me know in your next reply if it finds anything.


    Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

    How to see hidden files in Windows




    Place a checkmark next to these entries, close all browsers and windows, and have HijackThis fix them by clicking Fix Checked:

    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - D:\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - D:\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - D:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL
    O4 - HKLM\..\Run: [W5VD] D:\WINDOWS\mbdxvl.exe
    O4 - Global Startup: Startup.exe
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZN






    Reboot your computer into Safe Mode

    Then delete these files or directories (Do not be concerned if they do not exist):

    D:\WINDOWS\mbdxvl.exe
    Startup.exe
    D:\Program Files\MyWebSearch




    Reboot your computer to go back to normal mode.



    Please run these two online scans.
    Make sure they are set to clean automatically:

    http://www.bitdefender.com/scan/licence.php

    http://www.pandasoftware.com/activescan/com/activescan_principal.htm

    If there are files that can not be removed by the scans please include that information in your next post.



    Reboot and post a new hijackthis log.
  • scribble
    edited February 2005
    Thanks Sam, will run through all that now and post report later. Apologies for delay in response, went away for the weekend.

    ScribbleXX
  • scribble
    edited February 2005
    OK, done everything as instructed. The warning hasnt popped up for over an hour now, so its looking better already, however, here are the reports from the two web scans, followed by the hijack this log.
    Bit defender Status report

    D:\Documents and Settings\Yvonne\Recent\febbackup.cab.lnk=>D:\Documents and Settings\Yvonne\My Documents\febbackup.cab=>system: bad crc
    D:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>arrow1.bmp: password protected
    D:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>arrow2.bmp: password protected
    D:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bck1.bmp: password protected
    D:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bck2.bmp: password protected
    D:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt11.bmp: password protected
    D:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt12.bmp: password protected
    D:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt13.bmp: password protected
    D:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt21.bmp: password protected
    D:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt22.bmp: password protected
    D:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt23.bmp: password protected
    D:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt31.bmp: password protected
    D:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt32.bmp: password protected
    D:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt33.bmp: password protected
    D:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt41.bmp: password protected
    D:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt42.bmp: password protected
    D:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt43.bmp: password protected
    D:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt51.bmp: password protected
    D:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt52.bmp: password protected
    D:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt53.bmp: password protected
    D:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt61.bmp: password protected
    D:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt62.bmp: password protected
    D:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>checkbox1.bmp: password protected
    D:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>checkbox2.bmp: password protected
    D:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>checkbox3.bmp: password protected
    D:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>checkbox4.bmp: password protected
    D:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>default.skn: password protected
    D:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>defbtn1.bmp: password protected
    D:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>defbtn2.bmp: password protected
    D:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>defbtn3.bmp: password protected
    D:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph1.bmp: password protected
    D:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph2.bmp: password protected
    D:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph3.bmp: password protected
    D:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph4.bmp: password protected
    D:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph5.bmp: password protected
    D:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph6.bmp: password protected
    D:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph7.bmp: password protected
    D:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>main.bmp: password protected
    D:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>preview.bmp: password protected
    D:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>sprite1.bmp: password protected
    D:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>tab1.bmp: password protected
    D:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>tab2.bmp: password protected
    D:\WINDOWS\Downloaded Program Files\910028__.exe501: suspect BehavesLike:Trojan.HangUp
    D:\WINDOWS\Downloaded Program Files\910028__.exe501: disinfection failed
    D:\WINDOWS\Downloaded Program Files\YSBactivex.dll: infected with Trojan.Downloader.Win32.IstBar.gz
    D:\WINDOWS\Downloaded Program Files\YSBactivex.dll: disinfection failed
    D:\WINDOWS\system32\f3PSSavr.scr: infected with Application.Adware.Funweb.A
    D:\WINDOWS\system32\f3PSSavr.scr: disinfection failed


    Panda report – said it only found the following spyware that it wont disinfect anyway.

    Adware:Adware/SaveNow No disinfected Windows Registry
    Spyware:Spyware/BargainBuddy No disinfected D:\WINDOWS\System32\exclean.exe
    Adware:Adware/MyWay No disinfected Windows Registry
    Spyware:Spyware/ISTbar No disinfected D:\Program Files\ISTsvc
    Adware:Adware/PowerScan No disinfected D:\Program Files\Power Scan
    Adware:Adware/FunWeb No disinfected D:\Program Files\FunWebProducts
    Adware:Adware/BHO No disinfected Windows Registry
    Spyware:Spyware/YourSiteBar No disinfected D:\WINDOWS\Downloaded Program Files\YSBactivex.???
    Spyware:Spyware/RealSpy No disinfected Windows Registry
    Adware:Adware/Apropos No disinfected C:\Program Files\CxtPls\CxtPls.exe
    Adware:Adware/Apropos No disinfected C:\Program Files\CxtPls\uninstaller.exe
    Spyware:Spyware/Dyfuca No disinfected C:\Program Files\Eejxxbp\Grcauaa.exe
    Adware:Adware/MyWebSearch No disinfected D:\Documents and Settings\Yvonne\My Documents\set up files\backups\backup-20050228-105129-215.dll
    Adware:Adware/MyWebSearch No disinfected D:\Documents and Settings\Yvonne\My Documents\set up files\backups\backup-20050228-105129-563.dll
    Adware:Adware/MyWebSearch No disinfected D:\Documents and Settings\Yvonne\My Documents\set up files\SmileyCentralPFSetup2.0.3.8-2.exe
    Adware:Adware/PowerScan No disinfected D:\Program Files\Power Scan\powerscan.exe
    Spyware:Spyware/YourSiteBar No disinfected D:\WINDOWS\Downloaded Program Files\CONFLICT.1\ysbactivex.inf
    Spyware:Spyware/YourSiteBar No disinfected D:\WINDOWS\Downloaded Program Files\YSBactivex.dll
    Spyware:Spyware/YourSiteBar No disinfected D:\WINDOWS\Downloaded Program Files\ysbactivex.inf
    Adware:Adware/FunWeb No disinfected D:\WINDOWS\system32\f3PSSavr.scr
    Adware:Adware/MyWebSearch No disinfected E:\Gdrive feb05\set up files\SmileyCentralPFSetup2.0.3.8-2.exe
    Adware:Adware/Envolo No disinfected E:\Gdrivejan05\Others\Local Settings\Temp\AutoUpdate0\setup.inf
    Adware:Adware/StatBlaster No disinfected E:\Gdrivejan05\Others\Local Settings\Temp\LBYLA.exe
    Adware:Adware/Apropos No disinfected E:\Gdrivejan05\Others\Local Settings\Temporary Internet Files\Content.IE5\MOJP1KD2\AproposClientInstaller[1].exe
    Adware:Adware/FunWeb No disinfected E:\programs\FunWebProducts\Installr\1.bin\F3EZSETP.DLL
    Adware:Adware/FunWeb No disinfected E:\programs\MyWebSearch\bar\1.bin\F3POPSWT.DLL
    Adware:Adware/MyWebSearch No disinfected E:\programs\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
    Adware:Adware/MyWebSearch No disinfected E:\programs\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    Adware:Adware/MyWebSearch No disinfected E:\programs\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
    Logfile of HijackThis v1.99.1
    Scan saved at 12:54:02, on 28/02/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    D:\Program Files\Alwil Software\Avast4\ashServ.exe
    D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    D:\WINDOWS\Explorer.EXE
    D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    D:\WINDOWS\Mixer.exe
    D:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
    D:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
    D:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    D:\WINDOWS\System32\ctfmon.exe
    D:\Program Files\Spyware Doctor\swdoctor.exe
    D:\Program Files\CleanMyPC\Registry Cleaner\RCScheduler.exe
    D:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
    D:\Program Files\Internet Explorer\iexplore.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    D:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    D:\Program Files\Mozilla Firefox\firefox.exe
    D:\Documents and Settings\Yvonne\My Documents\set up files\hijackthis.exe

    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - D:\Program Files\Ipswitch\WS_FTP Pro\wsbho2k0.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [DataLayer] D:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Spyware Doctor] "D:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - HKCU\..\Run: [Registry Cleaner Scheduler] "D:\Program Files\CleanMyPC\Registry Cleaner\RCScheduler.exe" /startup
    O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: ChatSpace Full Java Client 3.1.0.235N - http://205.177.13.50/Java/cfsn31235.cab
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
  • Buckeye_SamBuckeye_Sam Columbus, Ohio
    edited February 2005
    Your log looks good, but the Panda scan shows a few things that you should be able to clean up.

    Delete temp files

    Navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

    Navigate to the C:\Windows\Prefetch folder. Open the Prefetch folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Prefetch folder.

    Go to Start > Run and type %temp% in the Run box. The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

    Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.

    Empty the Recycle Bin.



    Now download and run Microsoft Antispyware. Remove everything that it finds.

    http://www.microsoft.com/athome/security/spyware/software/default.mspx



    Reboot and post one last hijackthis log.
Sign In or Register to comment.