| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 100029 | 2009-05-23 15:44:00 | Avast didnt pick anything up | mwcubsnut (14829) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 776245 | 2009-05-23 15:44:00 | I was looking for images of professional painters the other day thru Yahoo Images when my browser started redirecting me to goofy sites . I ran Avast and Malwarebytes that night but nothing was picked up . can someone take a look at the below? Thanks!!! :) Logfile of Trend Micro HijackThis v2 . 0 . 2 Scan saved at 9:40:16 AM, on 5/23/2009 Platform: Windows XP SP3 (WinNT 5 . 01 . 2600) MSIE: Internet Explorer v8 . 00 (8 . 00 . 6001 . 18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss . exe C:\WINDOWS\system32\winlogon . exe C:\WINDOWS\system32\services . exe C:\WINDOWS\system32\lsass . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\System32\svchost . exe C:\Program Files\Alwil Software\Avast4\aswUpdSv . exe C:\Program Files\Alwil Software\Avast4\ashServ . exe C:\WINDOWS\system32\spoolsv . exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService . exe C:\Program Files\Java\jre6\bin\jqs . exe C:\WINDOWS\System32\svchost . exe C:\Program Files\Alwil Software\Avast4\ashMaiSv . exe C:\Program Files\Alwil Software\Avast4\ashWebSv . exe C:\WINDOWS\system32\winlogon . exe C:\WINDOWS\Explorer . EXE C:\WINDOWS\System32\hkcmd . exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon . exe C:\Program Files\Java\jre6\bin\jusched . exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp . exe C:\WINDOWS\system32\ctfmon . exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare . exe C:\PROGRA~1\ Yahoo! \MESSEN~1\ymsgr_tray . exe C:\Program Files\Internet Explorer\iexplore . exe C:\Program Files\Internet Explorer\iexplore . exe C:\Program Files\Internet Explorer\iexplore . exe C:\Program Files\Trend Micro\HijackThis\HijackThis . exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www . myspace . com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = . microsoft . com/fwlink/?LinkId=69157" target="_blank">go . microsoft . com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = . microsoft . com/fwlink/?LinkId=54896" target="_blank">go . microsoft . com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = . microsoft . com/fwlink/?LinkId=54896" target="_blank">go . microsoft . com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = . microsoft . com/fwlink/?LinkId=69157" target="_blank">go . microsoft . com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\ Yahoo! \Companion\Installs\cpn\yt . dll O2 - BHO: & Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\ Yahoo! \Companion\Installs\cpn\yt . dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim . dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv . dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin . dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\ Yahoo! \Companion\Installs\cpn\YTSingle Instance . dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\ Yahoo! \Companion\Installs\cpn\yt . dll O4 - HKLM\ . . \Run: [IgfxTray] C:\WINDOWS\System32\igfxtray . exe O4 - HKLM\ . . \Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd . exe O4 - HKLM\ . . \Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon . exe O4 - HKLM\ . . \Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask . exe" -atboottime O4 - HKLM\ . . \Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9 . 0\Reader\Reader_sl . exe" O4 - HKLM\ . . \Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched . exe" O4 - HKLM\ . . \Run: [ avast! ] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp . exe O4 - HKLM\ . . \Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan . exe /boot O4 - HKCU\ . . \Run: [ctfmon . exe] C:\WINDOWS\system32\ctfmon . exe O4 - HKCU\ . . \Run: [Messenger ( Yahoo! )] "C:\PROGRA~1\ Yahoo! \MESSEN~1\YAHOOM~1 . EXE" -quiet O4 - HKUS\S-1-5-21-1417001333-1935655697-682003330-1004\ . . \Run: [ctfmon . exe] C:\WINDOWS\system32\ctfmon . exe (User 'Nathan') O4 - Global Startup: Kodak EasyShare software . lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare . exe O4 - Global Startup: Microsoft Office . lnk = C:\Program Files\Microsoft Office\Office10\OSA . EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL . EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag . exe O9 - Extra 'Tools' menuitem: @xpsp3res . dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag . exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - . facebook . com/controls/2008 . 10 . 10_v5 . 5 . 8/FacebookPhotoUploader5 . cab" target="_blank">upload . facebook . com O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - . walgreens . com/WalgreensActivia . cab" target="_blank">photo1 . walgreens . com O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - . myspace . com/upload/MySpaceUploader1006 . cab" target="_blank">lads . myspace . com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - . microsoft . com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site . cab?1236458456781" target="_blank">update . microsoft . com O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - . kodakgallery . com/downloads/BUM/BUM_WIN_IE_2/axofupld . cab" target="_blank">www . kodakgallery . com O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - . adobe . com/www . adobe . com/products/acrobat/nos/gp . cab" target="_blank">wwwimages . adobe . com O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - . com/download/imikimi_plugin_0 . 5 . 1 . cab" target="_blank">imikimi . com O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc . - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService . exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv . exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ . exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv . exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv . exe O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd . - C:\Program Files\NOS\bin\getPlus_HelperSvc . exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc . - C:\Program Files\Java\jre6\bin\jqs . exe -- End of file - 6543 bytes |
mwcubsnut (14829) | ||
| 776246 | 2009-05-23 20:34:00 | Looks ok to me but you can tick these then tick fix checked Close browsers O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot If you dont use the language bar, tick this O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKUS\S-1-5-21-1417001333-1935655697-682003330-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Nathan') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE Reset the router / reconfigure it, if you use one. A router can also get hit by dnschanger (you'll go to different sites, which is why programs wont find anything). Because its on the router not the hard drive |
Speedy Gonzales (78) | ||
| 776247 | 2009-05-23 21:40:00 | Try Spybot as well. And Firefox is less susceptible to hijackers than IE. | pctek (84) | ||
| 776248 | 2009-05-23 23:12:00 | Try Spybot as well. And Firefox is less susceptible to hijackers than IE. +1 Better yet, use Chrome:) |
Blam (54) | ||
| 776249 | 2009-05-24 12:46:00 | +1 Better yet, use Chrome:) +1 Google Chrome :thumbs: |
Rod J (451) | ||
| 776250 | 2009-05-24 18:00:00 | thank you all for your help and suggestions! | mwcubsnut (14829) | ||
| 1 | |||||