Logfile of HijackThis v1.98.2(Adware thread)

  1. 12-12-2004  #1
    D10245
    D10245 is offline Newbie

    Logfile of HijackThis v1.98.2(Adware thread)

    My norton antivirus (new updated) is not able to delete Adware.CDT and download.Adware thread. if someone can give me step by step instroctions to remove both ? i tried spybot Search and destroy and Adaware SE already but no result in that case.

    Logfile of HijackThis v1.98.2
    Scan saved at 00:34:06, on 12.12.2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
    C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programme\Norton SystemWorks2005\Norton GoBack\GBPoll.exe
    C:\WINDOWS\System32\GEARSec.exe
    C:\Programme\Norton SystemWorks2005\Norton AntiVirus\navapsvc.exe
    C:\Programme\Norton SystemWorks2005\Norton Ghost\Agent\PQV2iSvc.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
    C:\Programme\Java\jre1.5.0\bin\jusched.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Programme\ATI Multimedia\RemCtrl\ATIX10.exe
    C:\Programme\ATI Multimedia\main\LaunchPd.exe
    C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Programme\Norton SystemWorks2005\Norton AntiVirus\IWP\NPFMntor.exe
    C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
    C:\WINDOWS\system32\pctspk.exe
    C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Programme\Star Downloader\stardown.exe
    C:\Programme\ATI Multimedia\MAIN\ATIMMC.EXE
    C:\WINDOWS\System32\DllHost.exe
    C:\Programme\WEBDE\SmartSurfer2.3\SmartSurfer.exe
    C:\Programme\Mozilla Firefox\firefox.exe
    G:\Downloads\hijackthis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web--search.com
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton SystemWorks2005\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton SystemWorks2005\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [codfxrun] "C:\Programme\ATI Multimedia\codfx.exe"
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0\bin\jusched.exe
    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [ATI Remote Control] C:\Programme\ATI Multimedia\RemCtrl\ATIX10.exe
    O4 - HKCU\..\Run: [ATI Launchpad] "C:\Programme\ATI Multimedia\main\LaunchPd.exe"
    O4 - HKCU\..\Run: [wintkantispy] I:\allgemeiner Zubehör\downloads\wintkit tuning\modules\antispy.exe
    O4 - HKCU\..\Run: [wintktraycontrol] I:\allgemeiner Zubehör\downloads\wintkit tuning\modules\traycontrol.exe
    O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Programme\Norton SystemWorks2005\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
    O4 - Global Startup: hp psc 2000 Series.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O8 - Extra context menu item: Download with Star Downloader - C:\Programme\Star Downloader\sdie.htm
    O9 - Extra button: (no name) - c95fe080-8f5d-112d-a20b-00aa003c157a - (no file)
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Programme\ATI Multimedia\TV\EXPLBAR.DLL
    O9 - Extra button: Preispiraten 2.1.2 - {86DE8B3B-1EB7-4386-84BD-EBE94348A913} - C:\Programme\Preispiraten\Preispiraten2\preispirat en2ie.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: eBay Homepage - {D4951B60-8FF9-4813-B716-FF3E75386E74} - http://www.preispiraten.de/cgi-bin/e...://www.ebay.de (file missing)
    O9 - Extra button: (no name) - {4491E088-1FD0-4D0E-A29D-40DF26167534} - C:\Programme\PicGrab\iestarter.exe (HKCU)
    O9 - Extra 'Tools' menuitem: &PicGrab starten - {4491E088-1FD0-4D0E-A29D-40DF26167534} - C:\Programme\PicGrab\iestarter.exe (HKCU)
    O9 - Extra button: PicGrab - {E99FC97C-B24B-4064-92ED-A2404FC8A25F} - C:\Programme\PicGrab\iestarter.exe (HKCU)
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C30916F2-6B45-43BA-8DDB-246726AA7636}: NameServer = 213.20.148.205 193.189.244.205
  2. 12-12-2004  #2
    spud
    spud is offline D-A-L Team Member (UK)
    Save 20% on AVG Internet Security 2012 Suite!
    welcome to d-a-l the online computer help forum please follow owens advice (just click on it under my signature) then please post a fresh log

    hope this helps
+ Reply to Thread
« Can't get rid of 'Hosts: 69.20.16.183 ' | Over run with pop ups »