| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 120037 | 2011-08-22 22:14:00 | Hijackthis log | Nomad (952) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 1225110 | 2011-08-22 22:14:00 | Can someone please have a look, thanks . I am also getting denied access to host file when I run scan . Logfile of Trend Micro HijackThis v2 . 0 . 4 Scan saved at 9:12:23 AM, on 23-Aug-11 Platform: Windows 7 SP1 (WinNT 6 . 00 . 3505) MSIE: Internet Explorer v9 . 00 (9 . 00 . 8112 . 16421) Boot mode: Normal Running processes: C:\Program Files (x86)\Nokia\PC Internet Access\NPCIA . exe C:\Program Files\Alwil Software\Avast5\AvastUI . exe C:\Program Files (x86)\Adobe\Acrobat 9 . 0\Acrobat\acrotray . exe C:\Program Files\Logitech\Logitech WebCam Software\LWS . exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched . exe C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer . exe C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager . exe C:\Program Files (x86)\MailWasher\MailWasher . exe C:\Program Files (x86)\DAP\DAP . EXE C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis . exe C:\Windows\SysWOW64\DllHost . exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = . microsoft . com/fwlink/?LinkId=54896" target="_blank">go . microsoft . com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www . actrix . co . nz/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = . microsoft . com/fwlink/?LinkId=69157" target="_blank">go . microsoft . com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = . microsoft . com/fwlink/?LinkId=54896" target="_blank">go . microsoft . com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = . microsoft . com/fwlink/?LinkId=54896" target="_blank">go . microsoft . com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = . microsoft . com/fwlink/?LinkId=69157" target="_blank">go . microsoft . com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank . htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system . ini: UserInit=userinit . exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim . dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions . dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin . dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient . dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin . dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR . DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv . dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient . dll O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~2\DAP\DAPIEL~1 . DLL O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient . dll O4 - HKLM\ . . \Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor . exe" O4 - HKLM\ . . \Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI . exe" /nogui O4 - HKLM\ . . \Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9 . 0\Acrobat\Acrobat_sl . exe" O4 - HKLM\ . . \Run: [Acrobat Assistant 8 . 0] "C:\Program Files (x86)\Adobe\Acrobat 9 . 0\Acrobat\Acrotray . exe" O4 - HKLM\ . . \Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS . exe" /hide O4 - HKLM\ . . \Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI . ACE\Core-Static\CLIStart . exe" MSRun O4 - HKLM\ . . \Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare . exe" O4 - HKLM\ . . \Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched . exe" O4 - HKLM\ . . \Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup O4 - HKLM\ . . \Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager . ex e" -launchedbylogin O4 - HKLM\ . . \Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask . exe" -atboottime O4 - HKCU\ . . \Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr . exe" /background O4 - HKCU\ . . \Run: [NokiaPCInternetAccess] "C:\Program Files (x86)\Nokia\PC Internet Access\NPCIA . exe" /b O4 - HKCU\ . . \Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar . exe /autoRun O4 - Global Startup: ColorVisionStartup . lnk = C:\Program Files (x86)\ColorVision\ColorVisionStartup\ColorVisionSt artup . exe O8 - Extra context menu item: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie . htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie . htm O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos . scr/200 O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient . dll/AcroIEAppendSelLinks . html O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient . dll/AcroIEAppend . html O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient . dll/AcroIECaptureSelLinks . html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient . dll/AcroIECapture . html O8 - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2 . htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL . EXE/3000 O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files (x86)\Opanda\IExif 2 . 3\IExifMap . htm O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE . dll/105 O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files (x86)\Opanda\IExif 2 . 3\IExifCom . htm O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE . dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE . dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes . dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes . dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin . dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin . dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR . DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - . macromedia . com/get/shockwave/cabs/flash/swflash . cab" target="_blank">fpdownload2 . macromedia . com O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices . dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin . dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1 . DLL O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware . com - C:\Program Files\SUPERAntiSpyware\SASCORE64 . EXE O23 - Service: @%SystemRoot%\system32\Alg . exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg . exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx . exe (file missing) O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc . exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc . exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc . exe O23 - Service: @%SystemRoot%\system32\efssvc . dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass . exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm . dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc . exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc . - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService . exe O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc . - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64 . exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc . - C:\Program Files (x86)\Google\Update\GoogleUpdate . exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc . - C:\Program Files (x86)\Google\Update\GoogleUpdate . exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService . exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT . exe O23 - Service: @keyiso . dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass . exe (file missing) O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc . - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv . exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing . exe O23 - Service: @comres . dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc . exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon . dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass . exe (file missing) O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd . - C:\Windows\SysWOW64\nlssrv32 . exe O23 - Service: @%systemroot%\system32\psbase . dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass . exe (file missing) O23 - Service: @%systemroot%\system32\Locator . exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator . exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv . dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass . exe (file missing) O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer . exe O23 - Service: @%SystemRoot%\system32\snmptrap . exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap . exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv . exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv . exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc . exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc . exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect . exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect . exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc . dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass . exe (file missing) O23 - Service: @%SystemRoot%\system32\vds . exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds . exe (file missing) O23 - Service: @%systemroot%\system32\vssvc . exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc . exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX . exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc . exe (file missing) O23 - Service: @%systemroot%\system32\wbengine . exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine . exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv . exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv . exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk . exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk . exe (file missing) -- End of file - 12759 bytes |
Nomad (952) | ||
| 1225111 | 2011-08-22 23:07:00 | I dont think there's anything in the hosts file anyway. Well there's nothing in mine (in Win7). Having UAC on / enabled can cause access denied errors O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background |
Speedy Gonzales (78) | ||
| 1 | |||||