Another Hijack Log

boo · 05-27-2007, 12:15 PM

Logfile of HijackThis v1.99.1
Scan saved at 1:15:02 PM, on 5/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Windows Defender\MsMpEng.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\MsPMSPSv.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\SYSTEM32\USRmlnkA.exe
D:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
D:\Program Files\Classic PhoneTools\CapFax.EXE
D:\WINDOWS\SYSTEM32\USRshutA.exe
D:\WINDOWS\SYSTEM32\USRmlnkA.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Windows Defender\MSASCui.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
D:\Program Files\Nikon\PictureProject\NkbMonitor.exe
D:\Program Files\SwiftSwitch\SwiftSwitch.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Search
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {08274350-6355-400D-A6AB-6886546B44BF} - (no file)
O2 - BHO: (no name) - {4B646AFB-9341-4330-8FD1-C32485AEE619} - D:\WINDOWS\system32\kkbrsqbb.dll
O2 - BHO: (no name) - {65D711CB-7760-4F0B-9F7C-7186D0E9E117} - (no file)
O2 - BHO: (no name) - {749B60D8-E1B6-4998-84C2-38CE83649CBB} - D:\WINDOWS\system32\vtsts.dll
O2 - BHO: (no name) - {AE025DED-C75C-4E3F-923D-689DE8274960} - (no file)
O4 - HKLM\..\Run: [USRpdA] D:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] D:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [CapFax] D:\Program Files\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSConfig] D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [runner1] D:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661 AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [setup] rundll32.exe "D:\WINDOWS\system32\lospkqnw.dll",realset
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 2.lnk = D:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = D:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/...dsolutions.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B849D5BC-6FF1-40C5-99B9-6C4692573785}: NameServer = 66.63.192.2 66.63.192.3
O20 - AppInit_DLLs: D:\WINDOWS\system32\cmcache.dat
O20 - Winlogon Notify: mljhihe - mljhihe.dll (file missing)
O20 - Winlogon Notify: tuvsrpm - D:\WINDOWS\SYSTEM32\tuvsrpm.dll
O20 - Winlogon Notify: vtsts - D:\WINDOWS\system32\vtsts.dll
O20 - Winlogon Notify: WB - D:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dl l
O20 - Winlogon Notify: winkve32 - D:\WINDOWS\SYSTEM32\winkve32.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - D:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Osiris · 05-27-2007, 12:30 PM

remove these entries

O2 - BHO: (no name) - {08274350-6355-400D-A6AB-6886546B44BF} - (no file)

O2 - BHO: (no name) - {4B646AFB-9341-4330-8FD1-C32485AEE619} - D:\WINDOWS\system32\kkbrsqbb.dll

O2 - BHO: (no name) - {65D711CB-7760-4F0B-9F7C-7186D0E9E117} - (no file)

O2 - BHO: (no name) - {749B60D8-E1B6-4998-84C2-38CE83649CBB} - D:\WINDOWS\system32\vtsts.dll

O2 - BHO: (no name) - {AE025DED-C75C-4E3F-923D-689DE8274960} - (no file)

O4 - HKLM\..\Run: [runner1] D:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661 AA4EBD86D67C56389B284534F310

O4 - HKLM\..\Run: [setup] rundll32.exe "D:\WINDOWS\system32\lospkqnw.dll",realset

O17 - HKLM\System\CCS\Services\Tcpip\..\{B849D5BC-6FF1-40C5-99B9-6C4692573785}: NameServer = 66.63.192.2 66.63.192.3

O20 - AppInit_DLLs: D:\WINDOWS\system32\cmcache.dat

O20 - Winlogon Notify: mljhihe - mljhihe.dll (file missing)

O20 - Winlogon Notify: tuvsrpm - D:\WINDOWS\SYSTEM32\tuvsrpm.dll

O20 - Winlogon Notify: vtsts - D:\WINDOWS\system32\vtsts.dll

O20 - Winlogon Notify: winkve32 - D:\WINDOWS\SYSTEM32\winkve32.dll

then post a new log

boo · 05-27-2007, 06:58 PM

Thanks for looking into this

Logfile of HijackThis v1.99.1
Scan saved at 7:57:04 PM, on 5/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Windows Defender\MsMpEng.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\MsPMSPSv.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\SYSTEM32\USRmlnkA.exe
D:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
D:\Program Files\Classic PhoneTools\CapFax.EXE
D:\WINDOWS\SYSTEM32\USRshutA.exe
D:\WINDOWS\SYSTEM32\USRmlnkA.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Windows Defender\MSASCui.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
D:\Program Files\Nikon\PictureProject\NkbMonitor.exe
D:\PROGRA~1\MI3AA1~1\rapimgr.exe
D:\Program Files\Microsoft ActiveSync\wcescomm.exe
D:\PROGRA~1\MOZILL~2\FIREFOX.EXE
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [USRpdA] D:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] D:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [CapFax] D:\Program Files\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSConfig] D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 2.lnk = D:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = D:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/...dsolutions.cab
O20 - AppInit_DLLs: D:\WINDOWS\system32\cmcache.dat
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - D:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Osiris · 05-27-2007, 07:01 PM

Much better

You still having any issues?

boo · 05-28-2007, 09:16 PM

Yeah i got some of those O2 - BHO: (no name) -

again and removed but theres still somthing that keeps putting them on there =(

Ive run Ccleaner, Ad-aware, Avast, MsConfig cleaner, VUndo Fix and still nothing!

Osiris · 05-28-2007, 09:27 PM

Run Spyhunter

Fighting Against-Zlob: Zlob Removal Instructions

You may have a variant of Zlob

boo · 05-30-2007, 10:56 AM

Ill give spyhunter a try and see how that works, ill post back

boo · 05-30-2007, 11:23 AM

Ok i ran a scan it came up with 3 items, which 2 was registy items

Purityscan

here is the log it wont let me remove it unless i buy the program

Log Contents provided by Enigma Software Group, Inc.
###########################Runnning Processes DATA###########################
processName = SMSS.EXE File Size = 50688 File Path = \SystemRoot\System32\smss.exe ModuleMD5 = bd7fb0957c716f1a60333aee04de2178
processName = WINLOGON.EXE File Size = 502272 File Path = \??\D:\WINDOWS\system32\winlogon.exe ModuleMD5 = 01c3346c241652f43aed8e2149881bfe
processName = SERVICES.EXE File Size = 108032 File Path = D:\WINDOWS\system32\services.exe ModuleMD5 = c6ce6eec82f187615d1002bb3bb50ed4
processName = LSASS.EXE File Size = 13312 File Path = D:\WINDOWS\system32\lsass.exe ModuleMD5 = 84885f9b82f4d55c6146ebf6065d75d2
processName = SVCHOST.EXE File Size = 14336 File Path = D:\WINDOWS\system32\svchost.exe ModuleMD5 = 8f078ae4ed187aaabc0a305146de6716
processName = MSMPENG.EXE File Size = 13592 File Path = D:\Program Files\Windows Defender\MsMpEng.exe ModuleMD5 = f45dd1e1365d857dd08bc23563370d0e
processName = SVCHOST.EXE File Size = 14336 File Path = D:\WINDOWS\System32\svchost.exe ModuleMD5 = 8f078ae4ed187aaabc0a305146de6716
processName = ASWUPDSV.EXE File Size = 16512 File Path = D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe ModuleMD5 = 0bab87db7dac336b52ada529cf472b74
processName = ASHSERV.EXE File Size = 132736 File Path = D:\Program Files\Alwil Software\Avast4\ashServ.exe ModuleMD5 = 4c2d6f51f2a1943ef24e8c3e55267f04
processName = SPOOLSV.EXE File Size = 57856 File Path = D:\WINDOWS\system32\spoolsv.exe ModuleMD5 = da81ec57acd4cdc3d4c51cf3d409af9f
processName = PHOTOSHOPELEMENTSFILEAGENT.EXE File Size = 102400 File Path = D:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ModuleMD5 = 2486c8e3f14496341e90cf2ab8bc82ed
processName = NVSVC32.EXE File Size = 127043 File Path = D:\WINDOWS\system32\nvsvc32.exe ModuleMD5 = 43b0a0774ea90bf699d267c45d2702f9
processName = SMAGENT.EXE File Size = 45056 File Path = D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe ModuleMD5 = 3978f082274f723ad5a0a8058c2417dd
processName = SVCHOST.EXE File Size = 14336 File Path = D:\WINDOWS\system32\svchost.exe ModuleMD5 = 8f078ae4ed187aaabc0a305146de6716
processName = MSPMSPSV.EXE File Size = 53248 File Path = D:\WINDOWS\system32\MsPMSPSv.exe ModuleMD5 = 668056d5c3c11ab7d266819a96b964e8
processName = ASHMAISV.EXE File Size = 243328 File Path = D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe ModuleMD5 = 0005db55986f3b014fba24c2356476b7
processName = ASHWEBSV.EXE File Size = 345728 File Path = D:\Program Files\Alwil Software\Avast4\ashWebSv.exe ModuleMD5 = d1c26f6b1aa7ba597f435cb136e998d4
processName = WBLOAD.EXE File Size = 426496 File Path = D:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe ModuleMD5 = 2885911d968c90894c3966c838f05e0c
processName = EXPLORER.EXE File Size = 1032192 File Path = D:\WINDOWS\Explorer.EXE ModuleMD5 = a0732187050030ae399b241436565e64
processName = WKUFIND.EXE File Size = 28738 File Path = D:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe ModuleMD5 = 5ac34c17115d3818dc9c9f5b2d909858
processName = CAPFAX.EXE File Size = 20739 File Path = D:\Program Files\Classic PhoneTools\CapFax.EXE ModuleMD5 = 3f98d6efaed887bd458e433cbc93cc3d
processName = ASHDISP.EXE File Size = 75392 File Path = D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe ModuleMD5 = 41b88784128c1eb3a24a928ce58b2455
processName = MSASCUI.EXE File Size = 866584 File Path = D:\Program Files\Windows Defender\MSASCui.exe ModuleMD5 = 77c03bf23ae56b0a31ae4d5bb4b3d0ac
processName = REALSCHED.EXE File Size = 180269 File Path = D:\Program Files\Common Files\Real\Update_OB\realsched.exe ModuleMD5 = dadb538f51007d5ea5fa1ee553183f80
processName = USRMLNKA.EXE File Size = 77891 File Path = D:\WINDOWS\SYSTEM32\USRmlnkA.exe ModuleMD5 = 3455e6fbf1a7c0e97666b874642c75be
processName = SPYHUNTER.EXE File Size = 2693248 File Path = D:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe ModuleMD5 = 106556f40e0366b98ff715462aa3c3e5
processName = WCESCOMM.EXE File Size = 1207080 File Path = D:\Program Files\Microsoft ActiveSync\wcescomm.exe ModuleMD5 = 9f7129ffff7bb008fea0c11745f16553
processName = USRSHUTA.EXE File Size = 69700 File Path = D:\WINDOWS\SYSTEM32\USRshutA.exe ModuleMD5 = 7315edc07245ccf9e194f8a34da061bc
processName = USRMLNKA.EXE File Size = 77891 File Path = D:\WINDOWS\SYSTEM32\USRmlnkA.exe ModuleMD5 = 3455e6fbf1a7c0e97666b874642c75be
processName = HPOBRT07.EXE File Size = 491580 File Path = D:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe ModuleMD5 = 14a319c2ba22f7bcd66e894bae4fe6bd
processName = WKCALREM.EXE File Size = 24633 File Path = D:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe ModuleMD5 = 7084b58a098d2f83b304832251a8c6a8
processName = NKBMONITOR.EXE File Size = 118784 File Path = D:\Program Files\Nikon\PictureProject\NkbMonitor.exe ModuleMD5 = 8c920dfe944b0dce788db3cb0320b336
processName = RAPIMGR.EXE File Size = 187176 File Path = D:\PROGRA~1\MI3AA1~1\rapimgr.exe ModuleMD5 = 9fe1e108e1bfcb789294cac1d85a743b
processName = HPOEVM07.EXE File Size = 299008 File Path = D:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe ModuleMD5 = fd8ae5274e43eca24b8478562ab6e052
processName = HPOSTS07.EXE File Size = 290816 File Path = D:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe ModuleMD5 = 1c3805765b281e12407f21d2598132dd
processName = HPOIPM07.EXE File Size = 69632 File Path = D:\WINDOWS\system32\hpoipm07.exe ModuleMD5 = 42b51aa4c92b3a2b0f8fa65a8b952493
processName = FIREFOX.EXE File Size = 7633008 File Path = D:\Program Files\Mozilla Firefox\firefox.exe ModuleMD5 = 7b4eff333f1b963812f6bedc06ca2758
processName = IEXPLORE.EXE File Size = 93184 File Path = D:\Program Files\Internet Explorer\iexplore.exe ModuleMD5 = e7484514c0464642be7b4dc2689354c8

Osiris · 05-31-2007, 07:52 AM

go thru a few of these here

Zlob Removal Instructions For Windows XP/Vista

when you try to unregister the .dll files and after 10 or so no files are being unregistered stop and go to the next step with the registry. If you dont find those entries after 10 or so attempts, let me know and we will need to go a different route

boo · 05-31-2007, 09:54 AM

I Tryed Unregistering Zlob DLL Files, And when ever i went to do it the file could not be found... so i guess thats a good thing?

I tryed the reg values and nothing

and searched for files/folders nothing

05-27-2007, 12:15 PM	#1 (permalink)
boo Super Techie Join Date: Apr 2005 Posts: 309	Another Hijack Log Logfile of HijackThis v1.99.1 Scan saved at 1:15:02 PM, on 5/27/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\Program Files\Windows Defender\MsMpEng.exe D:\WINDOWS\System32\svchost.exe D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe D:\Program Files\Alwil Software\Avast4\ashServ.exe D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe D:\WINDOWS\system32\nvsvc32.exe D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\MsPMSPSv.exe D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe D:\Program Files\Alwil Software\Avast4\ashWebSv.exe D:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\SYSTEM32\USRmlnkA.exe D:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe D:\Program Files\Classic PhoneTools\CapFax.EXE D:\WINDOWS\SYSTEM32\USRshutA.exe D:\WINDOWS\SYSTEM32\USRmlnkA.exe D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe D:\Program Files\Windows Defender\MSASCui.exe D:\Program Files\Common Files\Real\Update_OB\realsched.exe D:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe D:\Program Files\Nikon\PictureProject\NkbMonitor.exe D:\Program Files\SwiftSwitch\SwiftSwitch.exe D:\Program Files\Mozilla Firefox\firefox.exe D:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Search O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {08274350-6355-400D-A6AB-6886546B44BF} - (no file) O2 - BHO: (no name) - {4B646AFB-9341-4330-8FD1-C32485AEE619} - D:\WINDOWS\system32\kkbrsqbb.dll O2 - BHO: (no name) - {65D711CB-7760-4F0B-9F7C-7186D0E9E117} - (no file) O2 - BHO: (no name) - {749B60D8-E1B6-4998-84C2-38CE83649CBB} - D:\WINDOWS\system32\vtsts.dll O2 - BHO: (no name) - {AE025DED-C75C-4E3F-923D-689DE8274960} - (no file) O4 - HKLM\..\Run: [USRpdA] D:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] D:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [CapFax] D:\Program Files\Classic PhoneTools\CapFax.EXE O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [MSConfig] D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [runner1] D:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661 AA4EBD86D67C56389B284534F310 O4 - HKLM\..\Run: [setup] rundll32.exe "D:\WINDOWS\system32\lospkqnw.dll",realset O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HPAiODevice(hp psc 700 series) - 2.lnk = D:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O4 - Global Startup: NkbMonitor.exe.lnk = D:\Program Files\Nikon\PictureProject\NkbMonitor.exe O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/...dsolutions.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{B849D5BC-6FF1-40C5-99B9-6C4692573785}: NameServer = 66.63.192.2 66.63.192.3 O20 - AppInit_DLLs: D:\WINDOWS\system32\cmcache.dat O20 - Winlogon Notify: mljhihe - mljhihe.dll (file missing) O20 - Winlogon Notify: tuvsrpm - D:\WINDOWS\SYSTEM32\tuvsrpm.dll O20 - Winlogon Notify: vtsts - D:\WINDOWS\system32\vtsts.dll O20 - Winlogon Notify: WB - D:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dl l O20 - Winlogon Notify: winkve32 - D:\WINDOWS\SYSTEM32\winkve32.dll O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - D:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe __________________ ·°¯`·• bo0 •·´¯°·

05-27-2007, 12:30 PM	#2 (permalink)
Osiris Security/Hacking Mod Join Date: Jan 2005 Location: USA Posts: 23,984	Re: Another Hijack Log remove these entries O2 - BHO: (no name) - {08274350-6355-400D-A6AB-6886546B44BF} - (no file) O2 - BHO: (no name) - {4B646AFB-9341-4330-8FD1-C32485AEE619} - D:\WINDOWS\system32\kkbrsqbb.dll O2 - BHO: (no name) - {65D711CB-7760-4F0B-9F7C-7186D0E9E117} - (no file) O2 - BHO: (no name) - {749B60D8-E1B6-4998-84C2-38CE83649CBB} - D:\WINDOWS\system32\vtsts.dll O2 - BHO: (no name) - {AE025DED-C75C-4E3F-923D-689DE8274960} - (no file) O4 - HKLM\..\Run: [runner1] D:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661 AA4EBD86D67C56389B284534F310 O4 - HKLM\..\Run: [setup] rundll32.exe "D:\WINDOWS\system32\lospkqnw.dll",realset O17 - HKLM\System\CCS\Services\Tcpip\..\{B849D5BC-6FF1-40C5-99B9-6C4692573785}: NameServer = 66.63.192.2 66.63.192.3 O20 - AppInit_DLLs: D:\WINDOWS\system32\cmcache.dat O20 - Winlogon Notify: mljhihe - mljhihe.dll (file missing) O20 - Winlogon Notify: tuvsrpm - D:\WINDOWS\SYSTEM32\tuvsrpm.dll O20 - Winlogon Notify: vtsts - D:\WINDOWS\system32\vtsts.dll O20 - Winlogon Notify: winkve32 - D:\WINDOWS\SYSTEM32\winkve32.dll then post a new log __________________

05-27-2007, 06:58 PM	#3 (permalink)
boo Super Techie Join Date: Apr 2005 Posts: 309	Re: Another Hijack Log Thanks for looking into this Logfile of HijackThis v1.99.1 Scan saved at 7:57:04 PM, on 5/27/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\Program Files\Windows Defender\MsMpEng.exe D:\WINDOWS\System32\svchost.exe D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe D:\Program Files\Alwil Software\Avast4\ashServ.exe D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe D:\WINDOWS\system32\nvsvc32.exe D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\MsPMSPSv.exe D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe D:\Program Files\Alwil Software\Avast4\ashWebSv.exe D:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\SYSTEM32\USRmlnkA.exe D:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe D:\Program Files\Classic PhoneTools\CapFax.EXE D:\WINDOWS\SYSTEM32\USRshutA.exe D:\WINDOWS\SYSTEM32\USRmlnkA.exe D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe D:\Program Files\Windows Defender\MSASCui.exe D:\Program Files\Common Files\Real\Update_OB\realsched.exe D:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe D:\Program Files\Nikon\PictureProject\NkbMonitor.exe D:\PROGRA~1\MI3AA1~1\rapimgr.exe D:\Program Files\Microsoft ActiveSync\wcescomm.exe D:\PROGRA~1\MOZILL~2\FIREFOX.EXE D:\WINDOWS\system32\rundll32.exe D:\Program Files\Hijackthis\HijackThis.exe O4 - HKLM\..\Run: [USRpdA] D:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] D:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [CapFax] D:\Program Files\Classic PhoneTools\CapFax.EXE O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [MSConfig] D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HPAiODevice(hp psc 700 series) - 2.lnk = D:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O4 - Global Startup: NkbMonitor.exe.lnk = D:\Program Files\Nikon\PictureProject\NkbMonitor.exe O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/...dsolutions.cab O20 - AppInit_DLLs: D:\WINDOWS\system32\cmcache.dat O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - D:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe __________________ ·°¯`·• bo0 •·´¯°·

05-27-2007, 07:01 PM	#4 (permalink)
Osiris Security/Hacking Mod Join Date: Jan 2005 Location: USA Posts: 23,984	Re: Another Hijack Log Much better You still having any issues? __________________

05-28-2007, 09:16 PM	#5 (permalink)
boo Super Techie Join Date: Apr 2005 Posts: 309	Re: Another Hijack Log Yeah i got some of those O2 - BHO: (no name) - again and removed but theres still somthing that keeps putting them on there =( Ive run Ccleaner, Ad-aware, Avast, MsConfig cleaner, VUndo Fix and still nothing! __________________ ·°¯`·• bo0 •·´¯°·

05-28-2007, 09:27 PM	#6 (permalink)
Osiris Security/Hacking Mod Join Date: Jan 2005 Location: USA Posts: 23,984	Re: Another Hijack Log Run Spyhunter Fighting Against-Zlob: Zlob Removal Instructions You may have a variant of Zlob __________________

05-30-2007, 10:56 AM	#7 (permalink)
boo Super Techie Join Date: Apr 2005 Posts: 309	Re: Another Hijack Log Ill give spyhunter a try and see how that works, ill post back __________________ ·°¯`·• bo0 •·´¯°·

05-30-2007, 11:23 AM	#8 (permalink)
boo Super Techie Join Date: Apr 2005 Posts: 309	Re: Another Hijack Log Ok i ran a scan it came up with 3 items, which 2 was registy items Purityscan here is the log it wont let me remove it unless i buy the program Log Contents provided by Enigma Software Group, Inc. ###########################Runnning Processes DATA########################### processName = SMSS.EXE File Size = 50688 File Path = \SystemRoot\System32\smss.exe ModuleMD5 = bd7fb0957c716f1a60333aee04de2178 processName = WINLOGON.EXE File Size = 502272 File Path = \??\D:\WINDOWS\system32\winlogon.exe ModuleMD5 = 01c3346c241652f43aed8e2149881bfe processName = SERVICES.EXE File Size = 108032 File Path = D:\WINDOWS\system32\services.exe ModuleMD5 = c6ce6eec82f187615d1002bb3bb50ed4 processName = LSASS.EXE File Size = 13312 File Path = D:\WINDOWS\system32\lsass.exe ModuleMD5 = 84885f9b82f4d55c6146ebf6065d75d2 processName = SVCHOST.EXE File Size = 14336 File Path = D:\WINDOWS\system32\svchost.exe ModuleMD5 = 8f078ae4ed187aaabc0a305146de6716 processName = MSMPENG.EXE File Size = 13592 File Path = D:\Program Files\Windows Defender\MsMpEng.exe ModuleMD5 = f45dd1e1365d857dd08bc23563370d0e processName = SVCHOST.EXE File Size = 14336 File Path = D:\WINDOWS\System32\svchost.exe ModuleMD5 = 8f078ae4ed187aaabc0a305146de6716 processName = ASWUPDSV.EXE File Size = 16512 File Path = D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe ModuleMD5 = 0bab87db7dac336b52ada529cf472b74 processName = ASHSERV.EXE File Size = 132736 File Path = D:\Program Files\Alwil Software\Avast4\ashServ.exe ModuleMD5 = 4c2d6f51f2a1943ef24e8c3e55267f04 processName = SPOOLSV.EXE File Size = 57856 File Path = D:\WINDOWS\system32\spoolsv.exe ModuleMD5 = da81ec57acd4cdc3d4c51cf3d409af9f processName = PHOTOSHOPELEMENTSFILEAGENT.EXE File Size = 102400 File Path = D:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ModuleMD5 = 2486c8e3f14496341e90cf2ab8bc82ed processName = NVSVC32.EXE File Size = 127043 File Path = D:\WINDOWS\system32\nvsvc32.exe ModuleMD5 = 43b0a0774ea90bf699d267c45d2702f9 processName = SMAGENT.EXE File Size = 45056 File Path = D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe ModuleMD5 = 3978f082274f723ad5a0a8058c2417dd processName = SVCHOST.EXE File Size = 14336 File Path = D:\WINDOWS\system32\svchost.exe ModuleMD5 = 8f078ae4ed187aaabc0a305146de6716 processName = MSPMSPSV.EXE File Size = 53248 File Path = D:\WINDOWS\system32\MsPMSPSv.exe ModuleMD5 = 668056d5c3c11ab7d266819a96b964e8 processName = ASHMAISV.EXE File Size = 243328 File Path = D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe ModuleMD5 = 0005db55986f3b014fba24c2356476b7 processName = ASHWEBSV.EXE File Size = 345728 File Path = D:\Program Files\Alwil Software\Avast4\ashWebSv.exe ModuleMD5 = d1c26f6b1aa7ba597f435cb136e998d4 processName = WBLOAD.EXE File Size = 426496 File Path = D:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe ModuleMD5 = 2885911d968c90894c3966c838f05e0c processName = EXPLORER.EXE File Size = 1032192 File Path = D:\WINDOWS\Explorer.EXE ModuleMD5 = a0732187050030ae399b241436565e64 processName = WKUFIND.EXE File Size = 28738 File Path = D:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe ModuleMD5 = 5ac34c17115d3818dc9c9f5b2d909858 processName = CAPFAX.EXE File Size = 20739 File Path = D:\Program Files\Classic PhoneTools\CapFax.EXE ModuleMD5 = 3f98d6efaed887bd458e433cbc93cc3d processName = ASHDISP.EXE File Size = 75392 File Path = D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe ModuleMD5 = 41b88784128c1eb3a24a928ce58b2455 processName = MSASCUI.EXE File Size = 866584 File Path = D:\Program Files\Windows Defender\MSASCui.exe ModuleMD5 = 77c03bf23ae56b0a31ae4d5bb4b3d0ac processName = REALSCHED.EXE File Size = 180269 File Path = D:\Program Files\Common Files\Real\Update_OB\realsched.exe ModuleMD5 = dadb538f51007d5ea5fa1ee553183f80 processName = USRMLNKA.EXE File Size = 77891 File Path = D:\WINDOWS\SYSTEM32\USRmlnkA.exe ModuleMD5 = 3455e6fbf1a7c0e97666b874642c75be processName = SPYHUNTER.EXE File Size = 2693248 File Path = D:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe ModuleMD5 = 106556f40e0366b98ff715462aa3c3e5 processName = WCESCOMM.EXE File Size = 1207080 File Path = D:\Program Files\Microsoft ActiveSync\wcescomm.exe ModuleMD5 = 9f7129ffff7bb008fea0c11745f16553 processName = USRSHUTA.EXE File Size = 69700 File Path = D:\WINDOWS\SYSTEM32\USRshutA.exe ModuleMD5 = 7315edc07245ccf9e194f8a34da061bc processName = USRMLNKA.EXE File Size = 77891 File Path = D:\WINDOWS\SYSTEM32\USRmlnkA.exe ModuleMD5 = 3455e6fbf1a7c0e97666b874642c75be processName = HPOBRT07.EXE File Size = 491580 File Path = D:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe ModuleMD5 = 14a319c2ba22f7bcd66e894bae4fe6bd processName = WKCALREM.EXE File Size = 24633 File Path = D:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe ModuleMD5 = 7084b58a098d2f83b304832251a8c6a8 processName = NKBMONITOR.EXE File Size = 118784 File Path = D:\Program Files\Nikon\PictureProject\NkbMonitor.exe ModuleMD5 = 8c920dfe944b0dce788db3cb0320b336 processName = RAPIMGR.EXE File Size = 187176 File Path = D:\PROGRA~1\MI3AA1~1\rapimgr.exe ModuleMD5 = 9fe1e108e1bfcb789294cac1d85a743b processName = HPOEVM07.EXE File Size = 299008 File Path = D:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe ModuleMD5 = fd8ae5274e43eca24b8478562ab6e052 processName = HPOSTS07.EXE File Size = 290816 File Path = D:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe ModuleMD5 = 1c3805765b281e12407f21d2598132dd processName = HPOIPM07.EXE File Size = 69632 File Path = D:\WINDOWS\system32\hpoipm07.exe ModuleMD5 = 42b51aa4c92b3a2b0f8fa65a8b952493 processName = FIREFOX.EXE File Size = 7633008 File Path = D:\Program Files\Mozilla Firefox\firefox.exe ModuleMD5 = 7b4eff333f1b963812f6bedc06ca2758 processName = IEXPLORE.EXE File Size = 93184 File Path = D:\Program Files\Internet Explorer\iexplore.exe ModuleMD5 = e7484514c0464642be7b4dc2689354c8 __________________ ·°¯`·• bo0 •·´¯°·

05-31-2007, 07:52 AM	#9 (permalink)
Osiris Security/Hacking Mod Join Date: Jan 2005 Location: USA Posts: 23,984	Re: Another Hijack Log go thru a few of these here Zlob Removal Instructions For Windows XP/Vista when you try to unregister the .dll files and after 10 or so no files are being unregistered stop and go to the next step with the registry. If you dont find those entries after 10 or so attempts, let me know and we will need to go a different route __________________

05-31-2007, 09:54 AM	#10 (permalink)
boo Super Techie Join Date: Apr 2005 Posts: 309	Re: Another Hijack Log I Tryed Unregistering Zlob DLL Files, And when ever i went to do it the file could not be found... so i guess thats a good thing? I tryed the reg values and nothing and searched for files/folders nothing __________________ ·°¯`·• bo0 •·´¯°·

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Hijack log help =0	boo	HijackThis Logs (finished)	5	05-23-2007 11:32 AM
my hijack log...really need help	quixotic115	HijackThis Logs (finished)	3	05-21-2007 07:51 AM
Hijack this log	SHNAPPS	HijackThis Logs (finished)	15	05-02-2007 09:08 AM
Hijack This Log	Sobriquet.	HijackThis Logs (finished)	25	04-27-2007 01:07 PM
hijack this log	soulafien	Virus - Spyware Protection / Detection	4	04-24-2007 10:55 PM