Forum Home
Press F1
Thread ID: 116068	2011-02-15 19:53:00	Avg virus: hijack this analysis needed	mlrhino55 (15328)	Press F1

Post ID	Timestamp	Content	User
1178661	2011-02-15 19:53:00	file of Trend Micro HijackThis v2.0.4 Scan saved at 11:41:59 AM, on 2/15/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Thrive3\Local Settings\Temporary Internet Files\Content.IE5\5A0UGG34\HijackThis[1].exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.bing.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080205 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local O2 - BHO: & Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\ Yahoo! \Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\s wg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\ Yahoo! \Companion\Installs\cpn0\YTSingleInsta nce.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Companion\Installs\cpn0\yt.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll O3 - Toolbar: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [pdfFactory Dispatcher v3] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3 a.exe" /source=HKLM O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA EA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB002" /M "Stylus CX4200" O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA EA.EXE /P35 "EPSON Stylus CX4200 Series (Copy 1)" /O6 "USB001" /M "Stylus CX4200" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Auto EPSON Stylus CX4200 Series on FAMILY] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA EA.EXE /P41 "Auto EPSON Stylus CX4200 Series on FAMILY" /O17 "\\FAMILY\EPSONSty" /M "Stylus CX4200" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [Auto Auto Auto EPSON Stylus CX4200 Series on FAMILY on MIKE on FAMILY] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA EA.EXE /P69 "Auto Auto Auto EPSON Stylus CX4200 Series on FAMILY on MIKE on FAMILY" /O21 "\\FAMILY\EPSONCX42002" /M "Stylus CX4200" O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series (Copy 2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA EA.EXE /P35 "EPSON Stylus CX4200 Series (Copy 2)" /O6 "USB003" /M "Stylus CX4200" O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe" O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [LTCM Client] C:\Program Files\LTCM Client\ltcmClient.exe /startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [DellAutomatedPCTuneUp] "C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Artisan 710(Network)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIF SA.EXE /FU "C:\WINDOWS\TEMP\E_S448.tmp" /EF "HKCU" O4 - HKCU\..\Run: [EPSON Artisan 710 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIF SA.EXE /FU "C:\WINDOWS\TEMP\E_S48.tmp" /EF "HKCU" O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUt il.exe -p O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Startup: Epson all-in-one Registration.lnk = ? O4 - Global Startup: Dell Network Assistant.lnk = ? O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - favorites.live.com O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950D F09FAB501E03.dll/cmsidewiki.html O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - upload.facebook.com O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - stratag.webex.com O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - platformdl.adobe.com O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing) O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DellAMBrokerService - Unknown owner - C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate1c9ae92ee67ad40) (gupdate1c9ae92ee67ad40) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\ Yahoo! \SoftwareUpdate\YahooAUService.exe --	mlrhino55 (15328)
1178662	2011-02-15 20:06:00	Thats AVG virus is easy to remove. Do this and you wont have any problems. Either download the programs from another PC and transfer to the infected one, or boot into safe mode with networking. Disable system restore. Boot into safemode with networking: DO NOT reboot till finished other wise you will have to start again. Download and run Rkill (www.bleepingcomputer.com) - then download Malwarebytes, ( link in my sig) - run it in full scan mode. Once done, install Super antispyware - run it in full scan mode. Then reboot normally.	wainuitech (129)
1178663	2011-02-15 20:11:00	You can tick these then tick fix checked Close browsers. What do you mean AVG virus? O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - If Java isnt 6 update 24, uninstall it then update it. Its just been updated	Speedy Gonzales (78)
1178664	2011-02-15 20:16:00	Close browsers. What do you mean AVG virus? There is a new piece of Malware going around, it presents itself as a AVG update - it is infact Malware, wanting you to pay $69.99 ( I think) to have the infections removed -- Sound familiar ;) Article (expertscolumn.com) -- Done a few of them now.	wainuitech (129)
1178665	2011-02-15 20:18:00	Oh right ok. First time, Ive heard of it. Ta WT	Speedy Gonzales (78)
1178666	2011-02-15 20:57:00	OK thanks! Rkill was run on 02/15/2011 at 12:55:37. Operating System: Microsoft Windows XP Processes terminated by Rkill or while it was running: C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\runonce.exe C:\WINDOWS\system32\grpconv.exe Now scanning w/ Malwarebytes. Ticked those Speedy suggested.	mlrhino55 (15328)
1178667	2011-02-16 00:02:00	Ran the Super anti-spyware and restarted . However, the virus is still there . Now what?	mlrhino55 (15328)
1178668	2011-02-16 00:39:00	Did you disable system restore ? Malwarebytes should have gotten it out first time. Did you run that in full scan mode and update it beforehand. Get Ccleaner from my sig, run that as well, the bugger may be hiding in the temp files. If you did, then you may have to manually remove it - Full instructions (www.bleepingcomputer.com) - Check the reg and system files - scroll down till you see "Associated AVG Antivirus 2011 Files:" & "Associated AVG Antivirus 2011 Windows Registry Information:" expand them, and manually check each entry - only delete the entry mentioned if its there - no others.	wainuitech (129)
1178669	2011-02-16 04:31:00	No luck . Did everything as you said . Here is the current Hijack this: Running processes: C:\WINDOWS\System32\smss . exe C:\WINDOWS\system32\winlogon . exe C:\WINDOWS\system32\services . exe C:\WINDOWS\system32\lsass . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\system32\svchost . exe C:\Program Files\AVG\AVG9\avgchsvx . exe C:\WINDOWS\explorer . exe C:\Program Files\Mozilla Firefox\firefox . exe C:\Program Files\Mozilla Firefox\plugin-container . exe C:\Documents and Settings\Thrive3\My Documents\Downloads\HijackThis . exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = . yahoo . com/?fr=fp-yie8" target="_blank">www . yahoo . com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = . bing . com/?pc=Z006&form=ZGAPHP" target="_blank">www . bing . com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = . microsoft . com/fwlink/?LinkId=69157" target="_blank">go . microsoft . com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = . microsoft . com/fwlink/?LinkId=54896" target="_blank">go . microsoft . com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = . microsoft . com/fwlink/?LinkId=54896" target="_blank">go . microsoft . com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = . microsoft . com/fwlink/?LinkId=69157" target="_blank">go . microsoft . com R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage . google . com/smallbiz . dell . com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080205 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = * . local O2 - BHO: & Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\ Yahoo! \Companion\Installs\cpn0\yt . dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper . dll O2 - BHO: WormRadar . com IESiteBlocker . NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie . dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper . dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie . dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin . dll O2 - BHO: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar . dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar . dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32 . dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5 . 6 . 5805 . 1910\s wg . dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb . dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE . dll O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4 . 0 . 0417 . 0\npwinext . dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv . dll O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0 . 5 . 36 . 0\gears . dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin . dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\ Yahoo! \Companion\Installs\cpn0\YTSingleInsta nce . dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb . dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Companion\Installs\cpn0\yt . dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar . dll O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4 . 0 . 0417 . 0\npwinext . dll O3 - Toolbar: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar . dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32 . dll O4 - HKLM\ . . \Run: [IgfxTray] C:\WINDOWS\system32\igfxtray . exe O4 - HKLM\ . . \Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd . exe O4 - HKLM\ . . \Run: [Persistence] C:\WINDOWS\system32\igfxpers . exe O4 - HKLM\ . . \Run: [RTHDCPL] RTHDCPL . EXE O4 - HKLM\ . . \Run: [Alcmtr] ALCMTR . EXE O4 - HKLM\ . . \Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc . exe" O4 - HKLM\ . . \Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv . exe" O4 - HKLM\ . . \Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop . exe" /startup O4 - HKLM\ . . \Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca . exe" O4 - HKLM\ . . \Run: [pdfFactory Dispatcher v3] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3 a . exe" /source=HKLM O4 - HKLM\ . . \Run: [EPSON Stylus CX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA EA . EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB002" /M "Stylus CX4200" O4 - HKLM\ . . \Run: [EPSON Stylus CX4200 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA EA . EXE /P35 "EPSON Stylus CX4200 Series (Copy 1)" /O6 "USB001" /M "Stylus CX4200" O4 - HKLM\ . . \Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier . exe O4 - HKLM\ . . \Run: [Auto EPSON Stylus CX4200 Series on FAMILY] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA EA . EXE /P41 "Auto EPSON Stylus CX4200 Series on FAMILY" /O17 "\\FAMILY\EPSONSty" /M "Stylus CX4200" O4 - HKLM\ . . \Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray . exe O4 - HKLM\ . . \Run: [Auto Auto Auto EPSON Stylus CX4200 Series on FAMILY on MIKE on FAMILY] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA EA . EXE /P69 "Auto Auto Auto EPSON Stylus CX4200 Series on FAMILY on MIKE on FAMILY" /O21 "\\FAMILY\EPSONCX42002" /M "Stylus CX4200" O4 - HKLM\ . . \Run: [EPSON Stylus CX4200 Series (Copy 2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA EA . EXE /P35 "EPSON Stylus CX4200 Series (Copy 2)" /O6 "USB003" /M "Stylus CX4200" O4 - HKLM\ . . \Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4 . 0 . 0417 . 0\mswinext . exe" O4 - HKLM\ . . \Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr . exe" -resume O4 - HKLM\ . . \Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager . exe O4 - HKLM\ . . \Run: [LTCM Client] C:\Program Files\LTCM Client\ltcmClient . exe /startup O4 - HKLM\ . . \Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper . exe" O4 - HKLM\ . . \RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui . exe /install /silent O4 - HKCU\ . . \Run: [DellAutomatedPCTuneUp] "C:\Program Files\DellAutomatedPCTuneUp\PTAgnt . exe" /startup O4 - HKCU\ . . \Run: [ctfmon . exe] C:\WINDOWS\system32\ctfmon . exe O4 - HKCU\ . . \Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier . exe" O4 - HKCU\ . . \Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr . Exe" /background O4 - HKCU\ . . \Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs . exe" /background O4 - HKCU\ . . \Run: [Artisan 710(Network)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIF SA . EXE /FU "C:\WINDOWS\TEMP\E_S448 . tmp" /EF "HKCU" O4 - HKCU\ . . \Run: [EPSON Artisan 710 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIF SA . EXE /FU "C:\WINDOWS\TEMP\E_S48 . tmp" /EF "HKCU" O4 - HKCU\ . . \Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware . exe O4 - HKUS\S-1-5-18\ . . \RunOnce: [RunNarrator] Narrator . exe (User 'SYSTEM') O4 - HKUS\ . DEFAULT\ . . \RunOnce: [RunNarrator] Narrator . exe (User 'Default user') O4 - Startup: Epson all-in-one Registration . lnk = ? O4 - Global Startup: Dell Network Assistant . lnk = ? O4 - Global Startup: QuickBooks Update Agent . lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate . exe O4 - Global Startup: Windows Desktop Search . lnk = C:\Program Files\Windows Desktop Search\WindowsSearch . exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb . dll/search . htm O8 - Extra context menu item: Add to Windows &Live Favorites - . live . com/quickadd . aspx" target="_blank">favorites . live . com O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL . EXE/3000 O8 - Extra context menu item: Google Sidewiki . . . - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950D F09FAB501E03 . dll/cmsidewiki . html O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0 . 5 . 36 . 0\gears . dll O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0 . 5 . 36 . 0\gears . dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension . dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension . dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR . DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper . dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper . dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag . exe O9 - Extra 'Tools' menuitem: @xpsp3res . dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag . exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - . facebook . com/controls/2009 . 07 . 28_v5 . 5 . 8 . 1/FacebookPhotoUploader55 . cab" target="_blank">upload . facebook . com O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - . webex . com/client/T25L/support/ieatgpc . cab" target="_blank">stratag . webex . com O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - . adobe . com/NOS/getPlusPlus/1 . 6/gp . cab" target="_blank">platformdl . adobe . com O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar . dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp . dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1 . DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO . DLL O20 - Winlogon Notify: avgrsstarter - avgrsstx . dll (file missing) O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui . dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui . dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc . - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService . exe O23 - Service: Apple Mobile Device - Apple Inc . - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService . exe O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker . exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s . r . o . - C:\Program Files\AVG\AVG9\avgwdsvc . exe O23 - Service: Bonjour Service - Apple Inc . - C:\Program Files\Bonjour\mDNSResponder . exe O23 - Service: DellAMBrokerService - Unknown owner - C:\Program Files\DellAutomatedPCTuneUp\brkrsvc . exe O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC . exe O23 - Service: Google Desktop Manager 5 . 9 . 1005 . 12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop . exe O23 - Service: Google Update Service (gupdate1c9ae92ee67ad40) (gupdate1c9ae92ee67ad40) - Google Inc . - C:\Program Files\Google\Update\GoogleUpdate . exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService . exe O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc . exe O23 - Service: iPod Service - Apple Inc . - C:\Program Files\iPod\bin\iPodService . exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc . - C:\Program Files\Java\jre6\bin\jqs . exe O23 - Service: stllssvr - MicroVision Development, Inc . - C:\Program Files\Common Files\SureThing Shared\stllssvr . exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc . - C:\Program Files\ Yahoo! \SoftwareUpdate\YahooAUService . exe --	mlrhino55 (15328)
1178670	2011-02-16 05:29:00	Don't know how to do this: Check the reg and system files - scroll down till you see "Associated AVG Antivirus 2011 Files:" & "Associated AVG Antivirus 2011 Windows Registry Information:" expand them, and manually check each entry - only delete the entry mentioned if its there - no others.	mlrhino55 (15328)
1 2