Jump to content

Recommended Posts

Help me PLEASE!!!!!

My computer is going bananas. Every minute or so i getting pop-up windows from web sites i have not opened, or alarms from Avast telling me that my computer is infected with worms, trojans etc etc.

I have been scanning through things on the web and i noticed that everyone has posted a Highjack this report. Please see below and take me through this....i am no IT expert or even novice for that matter. I'm just a regular someone who has been rendered hopeless by these problems.

Please Help.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:28:39 AM, on 1/8/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:









C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe




C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe


C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe




C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe




C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\Program Files\TUN\tcpw\walld32.exe

C:\Program Files\TUN\TCPW\wportm32.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\TUN\contain\EskCntr.exe



C:\Program Files\Internet Explorer\IEXPLORE.EXE


C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE

C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://*.windowsupdate.com

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = national.com

O17 - HKLM\Software\..\Telephony: DomainName = national.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{FB4F4534-EAC6-4015-926B-013AA460046E}: NameServer =,

O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = national.com

O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = national.com

O17 - HKLM\System\CS5\Services\Tcpip\Parameters: Domain = national.com

O17 - HKLM\System\CS6\Services\Tcpip\Parameters: Domain = national.com

O20 - AppInit_DLLs: yypawh.dll

O21 - SSODL: ieModule - {FF2A707D-FE50-4EB6-BA52-2FD7111BF5D0} - C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll

O21 - SSODL: InternetConnection - {C4490069-4043-4377-8B8E-C87162C9F7D7} - C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\hfiyknaexd.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Esker License Control (EskerLicenseControl) - Esker - C:\PROGRA~1\TUN\COMMON\ESLCBCST.EXE

O23 - Service: Esker FTPD (ftpds) - Esker - C:\PROGRA~1\TUN\TCPW\WFTPDSNT.EXE

O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE

O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Esker LPD (lpds) - Esker - C:\PROGRA~1\TUN\TCPW\WLPDSNT.EXE

O23 - Service: Esker NFSD (nfsds) - Esker - C:\PROGRA~1\TUN\TCPW\WNFSDSNT.EXE

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PC Tools Auxiliary Service (sdauxservice) - Unknown owner - C:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing)

O23 - Service: PC Tools Security Service (sdcoreservice) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)

O23 - Service: Esker NFS, Network Provider (TunNfsNP) - Unknown owner - C:\WINDOWS\system32\nfscsrv.exe


End of file - 8076 bytes

Share this post

Link to post
Share on other sites

Hello and welcome to MalwareBytes forums.

If you still have popups, and the "rogue messages" (popups for crudware) are still present, press and HOLD the ALT key and then press F4 function key to close the window(s). Do not click on the X close button.

This system has been hit with Vundo infection, a rogue by the name of Spywareguard 2008, and most likely other hidden infectors.

You must get guided help on the HijackThis sub-forum.

See the very topmost notes at top of the following sub-forum and do the steps, and create a New topic there


When you do that, attach a copy of the HijackThis log, and give as much detail as possible.

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.