| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 99483 | 2009-05-03 23:26:00 | HELP:Expert advice is required Please. Infected Big Time! | iammcb (14488) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 770821 | 2009-05-03 23:26:00 | :(First off I would like to start off with a big thank you to pcworld mag (NZ) May Issue for suppling an excellent mag with free cd software programs. I have finally found a software program that actually has located some of the problems that Ive been infected with. Ive been trying to fix whats wrong with my pc xp home edition (stand alone) since October last year when things went horribly wrong. After 1001 recoverys I think we may be on to something in a little program called a squared hijack free. I would really appreciate it if an expert would be able to help me get control of my pc again. Also before you suggest that I windows update (again)... I would like to point out that: I have numerous times It may or may not be the right settings for this pc [ update.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us ] Is what is displayed in my address box. However avast websheild displays [ update.microsoft.com/windowsupdate/v6/ shared.js/redirect... ] which may explain why after every time I windows update things go haywire from then on. Dial up internet connect disconnecting is just the first of many problems that I experience. The wizard will always selects use default gateway on a remote network??? I think my recovery has been corrupted somehow I use my dvds and select F which is reinstall hard drive to factory settings. It however is not doing that because It loads files I put on much much later. And the default settings are always set to share everything with a domain network??? The first thing I load is avast 4.8 home edition which immediately finds adaware in setup files. and malwarebytes finds a hijacked web ie webpage??? So if someone out there in internet world would be kind enough to take a look at analyze.hijackfree.com I will be forever greatful to you. I just dont know what else to do as spybot. Malwarebytes, Mrt.exe, avast, superanti spyware free...etc are not finding any of these things for me. P.S. You will see all the version information about my pc there...software, setups, operating system etc etc etc... Regards MCB, New Zealand.:banana |
iammcb (14488) | ||
| 770822 | 2009-05-03 23:32:00 | Paste the log here, it'll be easier to read | Speedy Gonzales (78) | ||
| 770823 | 2009-05-03 23:37:00 | :)Hey its speedy!!! Wats up! you are the man!!! Okay hope this works here u go... a-squared HiJackFree Analysisa-squareda-squared HiJackFree Analysis www.hijackfree.com Version info: Result ToDo Your used version of a-squared HiJackFree: 3.1.0.19 The current version of a-squared HiJackFree: 3.1.0.16 Your used operating system version: Windows XP Service Pack 2 The current version of your operating system: Windows XP Service Pack 3 Please update your operating system and install the latest service pack! Registry Autoruns: Result ToDo Name: avast! Path: C:\Program Files\ALWILS~1\Avast4\ashDisp.exe Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Good: 4 - Bad: 0 View Details Name: @OnlineArmor GUI Path: C:\Program Files\Tall Emu\Online Armor\oaui.exe Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Good: 1 - Bad: 0 View Details Name: MSConfig Path: C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Good: 2 - Bad: 15 View Details Requires Attention! Compare details with your local values and/or search at Google Name: SpybotSD TeaTimer Path: C:\Program Files\Spybot Location: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Good: 1 - Bad: 0 View Details Tricky and Other Autoruns: Result ToDo Name: shell Path: Explorer.exe Location: system.ini Not checked Unknown Item Search at Google Name: NUL Path: C:\DOCUME~1\Owner\LOCALS~1\Temp\VIES105F Location: wininit.ini Not checked Unknown Item Search at Google Name: SET BLASTER Path: A220 I5 D1 P330 T3 Location: autoexec.nt Not checked Unknown Item Search at Google Name: dos Path: high, umb Location: config.nt Not checked Unknown Item Search at Google Name: device Path: %SystemRoot%\system32\himem.sys Location: config.nt Not checked Unknown Item Search at Google Name: files Path: 40 Location: config.nt Not checked Unknown Item Search at Google Name: device Path: C:\Program Files\ALWILS~1\Avast4\aswmonds.sys Location: config.nt Not checked Unknown Item Search at Google Name: SA Path: Location: C:\WINDOWS\tasks\ Not checked Unknown Item Search at Google Name: User_Feed_Synchronization-{195C3F8F-2ECF-4ED4-A406-759D64C387E0} Path: Location: C:\WINDOWS\tasks\ Not checked Unknown Item Search at Google Name: Shell Path: Explorer.exe Location: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ Not checked Unknown Item Search at Google Name: $LT;{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} Path: C:\WINDOWS\system32\ieudinit.exe Location: HKLM\Software\Microsoft\Active Setup\Installed Components\ Not checked Unknown Item Search at Google Name: $GT;{26923b43-4d38-484f-9b9e-de460746276c} Path: C:\WINDOWS\system32\ie4uinit.exe Location: HKLM\Software\Microsoft\Active Setup\Installed Components\ Not checked Unknown Item Search at Google Name: $GT;{60B49E34-C7CC-11D0-8953-00A0C90347FF} Path: C:\WINDOWS\system32\rundll32.exe Location: HKLM\Software\Microsoft\Active Setup\Installed Components\ Not checked Unknown Item Search at Google Name: $GT;{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS Path: RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP Location: HKLM\Software\Microsoft\Active Setup\Installed Components\ Not checked Unknown Item Search at Google Name: $GT;{881dd1c5-3dcf-431b-b061-f3f88e8be88a} Path: C:\WINDOWS\system32\shmgrate.exe Location: HKLM\Software\Microsoft\Active Setup\Installed Components\ Not checked Unknown Item Search at Google Name: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} Path: C:\WINDOWS\system32\regsvr32.exe Location: HKLM\Software\Microsoft\Active Setup\Installed Components\ Not checked Unknown Item Search at Google Name: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} Path: C:\Program Files\Outlook Express\setup50.exe Location: HKLM\Software\Microsoft\Active Setup\Installed Components\ Not checked Unknown Item Search at Google Name: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} Path: rundll32.exe advpack.dll Location: HKLM\Software\Microsoft\Active Setup\Installed Components\ Not checked Unknown Item Search at Google Name: {89820200-ECBD-11cf-8B85-00AA005B4340} Path: regsvr32.exe Location: HKLM\Software\Microsoft\Active Setup\Installed Components\ Not checked Unknown Item Search at Google Name: {89820200-ECBD-11cf-8B85-00AA005B4383} Path: C:\WINDOWS\system32\ie4uinit.exe Location: HKLM\Software\Microsoft\Active Setup\Installed Components\ Not checked Unknown Item Search at Google Name: {89B4C1CD-B018-4511-B0A1-5476DBF70820} Path: C:\WINDOWS\system32\Rundll32.exe Location: HKLM\Software\Microsoft\Active Setup\Installed Components\ Not checked Unknown Item Search at Google Name: VBScript Script File Path: C:\WINDOWS\System32\WScript.exe Location: HKEY_CLASSES_ROOT\vbsfile\shell\open\command\ Not checked Unknown Item Search at Google Name: VBScript Encoded Script File Path: C:\WINDOWS\System32\WScript.exe Location: HKEY_CLASSES_ROOT\vbefile\shell\open\command\ Not checked Unknown Item Search at Google Name: JScript Script File Path: C:\WINDOWS\System32\WScript.exe Location: HKEY_CLASSES_ROOT\jsfile\shell\open\command\ Not checked Unknown Item Search at Google Name: JScript Encoded Script File Path: C:\WINDOWS\System32\WScript.exe Location: HKEY_CLASSES_ROOT\jsefile\shell\open\command\ Not checked Unknown Item Search at Google Name: Windows Script Host Settings File Path: C:\WINDOWS\System32\WScript.exe Location: HKEY_CLASSES_ROOT\wshfile\shell\open\command\ Not checked Unknown Item Search at Google Name: Windows Script File Path: C:\WINDOWS\System32\WScript.exe Location: HKEY_CLASSES_ROOT\wsffile\shell\open\command\ Not checked Unknown Item Search at Google Name: Application Path: %1 Location: HKEY_CLASSES_ROOT\exefile\shell\open\command\ Not checked Unknown Item Search at Google Name: MS-DOS Application Path: %1 Location: HKEY_CLASSES_ROOT\comfile\shell\open\command\ Not checked Unknown Item Search at Google Name: MS-DOS Batch File Path: %1 Location: HKEY_CLASSES_ROOT\batfile\shell\open\command\ Not checked Unknown Item Search at Google Name: Screen Saver Path: %1 Location: HKEY_CLASSES_ROOT\scrfile\shell\open\command\ Not checked Unknown Item Search at Google Name: Shortcut to MS-DOS Program Path: %1 Location: HKEY_CLASSES_ROOT\piffile\shell\open\command\ Not checked Unknown Item Search at Google Name: PostBootReminder Path: C:\WINDOWS\system32\SHELL32.dll Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She llServiceObjectDelayLoad\ Not checked Unknown Item Search at Google Name: CDBurn Path: C:\WINDOWS\system32\SHELL32.dll Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She llServiceObjectDelayLoad\ Not checked Unknown Item Search at Google Name: WebCheck Path: C:\WINDOWS\system32\webcheck.dll Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She llServiceObjectDelayLoad\ Not checked Unknown Item Search at Google Name: SysTray Path: C:\WINDOWS\system32\stobject.dll Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She llServiceObjectDelayLoad\ Not checked Unknown Item Search at Google Layered Service Providers (LSP): Result ToDo Name: mswsock.dll Path: %SystemRoot%\system32\ Location: HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\ Good: 1 - Bad: 0 View Details Name: rsvpsp.dll Path: %SystemRoot%\system32\ Location: HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\ Good: 1 - Bad: 0 View Details Explorer And Browser Addons: Result ToDo Name: AskBar BHO Path: C:\Program Files\AskBarDis\bar\bin\askBar.dll Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects ClsID: {201f27d4-3704-41d6-89c1-aa35e39143ed} Good: 0 - Bad: 0 Unknown Item Search at Google Name: Spybot-S+D IE Protection Path: C:\Program Files\SPYBOT~1\SDHelper.dll Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects ClsID: {53707962-6F74-2D53-2644-206D7942484F} Good: 1 - Bad: 0 View Details Name: SSVHelper Class Path: C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects ClsID: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Good: 0 - Bad: 0 Unknown Item Search at Google Name: URL Exec Hook Path: shell32.dll Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks ClsID: {AEB6717E-7E19-11d0-97EE-00C04FD91972} Good: 0 - Bad: 0 Unknown Item Search at Google Name: SABShellExecuteHook Class Path: C:\Program Files\SUPERAntiSpyware\SASSEH.DLL Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks ClsID: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} Good: 0 - Bad: 0 Unknown Item Search at Google Name: OA Shell Helper Path: C:\Program Files\TALLEM~1\ONLINE~1\oaevent.dll Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks ClsID: {4F07DA45-8170-4859-9B5F-037EF2970034} Good: 0 - Bad: 0 Unknown Item Search at Google Running Processes: Result ToDo Name: [System Process] Process ID: 0 Path: Info: Threads: 1 - Priority: N/A - Visible: No Good: 1 - Bad: 0 View Details Name: System Process ID: 4 Path: Info: Threads: 6 5 - Priority: Normal - Visible: No Good: 1 - Bad: 0 View Details Name: explorer.exe Process ID: 348 Path: C:\WINDOWS\Explorer.EXE Info: Threads: 11 - Priority: Normal - Visible: No Good: 2 - Bad: 1 View Details Requires Attention! Compare details with your local values and/or search at Google Name: smss.exe Process ID: 384 Path: C:\WINDOWS\System32\smss.exe Info: Threads: 3 - Priority: Normal - Visible: No Good: 1 - Bad: 2 View Details Requires Attention! Compare details with your local values and/or search at Google Name: csrss.exe Process ID: 440 Path: C:\WINDOWS\system32\csrss.exe Info: Threads: 11 - Priority: Normal - Visible: No Good: 1 - Bad: 3 View Details Requires Attention! Compare details with your local values and/or search at Google Name: winlogon.exe Process ID: 464 Path: C:\WINDOWS\system32\winlogon.exe Info: Threads: 18 - Priority: High - Visible: No Good: 1 - Bad: 2 View Details Requires Attention! Compare details with your local values and/or search at Google Name: services.exe Process ID: 508 Path: C:\WINDOWS\system32\services.exe Info: Threads: 1 5 - Priority: Normal - Visible: No Good: 1 - Bad: 3 View Details Requires Attention! Compare details with your local values and/or search at Google Name: lsass.exe Process ID: 520 Path: C:\WINDOWS\system32\lsass.exe Info: Threads: 1 4 - Priority: Normal - Visible: No Good: 1 - Bad: 0 View Details Name: oaui.exe Process ID: 628 Path: C:\Program Files\Tall Emu\Online Armor\oaui.exe Info: Threads: 9 - Priority: Normal - Visible: No Good: 0 - Bad: 0 Unknown Item Search at Google Submit new process info Name: svchost.exe Process ID: 672 Path: C:\WINDOWS\system32\svchost.exe Info: Threads: 5 - Priority: Normal - Visible: No Good: 1 - Bad: 2 View Details Requires Attention! Compare details with your local values and/or search at Google Name: svchost.exe Process ID: 728 Path: C:\WINDOWS\system32\svchost.exe Info: Threads: 11 - Priority: Normal - Visible: No Good: 1 - Bad: 2 View Details Requires Attention! Compare details with your local values and/or search at Google Name: svchost.exe Process ID: 768 Path: C:\WINDOWS\System32\svchost.exe Info: Threads: 47 - Priority: Normal - Visible: No Good: 1 - Bad: 2 View Details Requires Attention! Compare details with your local values and/or search at Google Name: ashDisp.exe Process ID: 812 Path: C:\Program Files\ALWILS~1\Avast4\ashDisp.exe Info: Threads: 7 - Priority: Normal - Visible: No Good: 1 - Bad: 0 View Details Name: oasrv.exe Process ID: 880 Path: C:\Program Files\Tall Emu\Online Armor\oasrv.exe Info: Threads: 42 - Priority: High - Visible: No Good: 0 - Bad: 0 Unknown Item Search at Google Submit new process info Name: aswUpdSv.exe Process ID: 1016 Path: C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe Info: Threads: 3 - Priority: Normal - Visible: No Good: 1 - Bad: 0 View Details Name: ashServ.exe Process ID: 1072 Path: C:\Program Files\Alwil Software\Avast4\ashServ.exe Info: Threads: 30 - Priority: High - Visible: No Good: 1 - Bad: 0 View Details Name: TeaTimer.exe Process ID: 1156 Path: C:\Program Files\Spybot Info: Threads: 3 - Priority: Idle - Visible: No Good: 2 - Bad: 0 View Details Name: svchost.exe Process ID: 1352 Path: C:\WINDOWS\system32\svchost.exe Info: Threads: 4 - Priority: Normal - Visible: No Good: 1 - Bad: 2 View Details Requires Attention! Compare details with your local values and/or search at Google Name: LSSrvc.exe Process ID: 1424 Path: C:\Program Files\Common Files\LightScribe\LSSrvc.exe Info: Threads: 2 - Priority: Normal - Visible: No Good: 1 - Bad: 0 View Details Name: firefox.exe (Software Update) Process ID: 1456 Path: C:\Program Files\Mozilla Firefox\firefox.exe Info: Threads: 1 4 - Priority: Normal - Visible: Yes Good: 1 - Bad: 0 View Details Name: oacat.exe Process ID: 1544 Path: C:\Program Files\Tall Emu\Online Armor\oacat.exe Info: Threads: 5 - Priority: High - Visible: No Good: 0 - Bad: 0 Unknown Item Search at Google Submit new process info Name: wdfmgr.exe Process ID: 1624 Path: C:\WINDOWS\system32\wdfmgr.exe Info: Threads: 4 - Priority: Normal - Visible: No Good: 1 - Bad: 0 View Details Name: ashWebSv.exe Process ID: 1740 Path: C:\Program Files\Alwil Software\Avast4\ashWebSv.exe Info: Threads: 18 - Priority: Normal - Visible: No Good: 1 - Bad: 0 View Details Name: oahlp.exe Process ID: 1756 Path: C:\Program Files\Tall Emu\Online Armor\oahlp.exe Info: Threads: 4 - Priority: Normal - Visible: No Good: 0 - Bad: 0 Unknown Item Search at Google Submit new process info Name: a2hijackfree.exe (a-squared HiJackFree 3.1) Process ID: 3856 Path: C:\Program Files\a-squared HiJackFree\a2hijackfree.exe Info: Threads: 10 - Priority: Normal - Visible: Yes Good: 1 - Bad: 0 View Details This analysis is saved and available for at least 7 days at this website address. |
iammcb (14488) | ||
| 770824 | 2009-05-03 23:42:00 | Use hijackthis not A-squared If it doesnt work in normal windows do it in safe mode |
Speedy Gonzales (78) | ||
| 770825 | 2009-05-03 23:45:00 | Thats close but not an actual Hijack Log. From Speedys Signature, download and run Hijackthis - when it opens, select Scan and save a log file. When finished It will open in Notepad, Ctrl + A to copy all , then back here, Ctrl + V to paste the complete log. |
wainuitech (129) | ||
| 770826 | 2009-05-03 23:53:00 | i have used hijack this before but it useless compared to asquared. asquared is telling me i have worms and trojans by the dozens. On that web page i posted. (Ive only copied the web page but it doesnt display everything when copied.) Im looking for the log in the program itself but i cant find it as its only saved it to the web page it created. The thing with downloading is i never know what im really getting. |
iammcb (14488) | ||
| 770827 | 2009-05-04 00:08:00 | i have used hijack this before but it useless compared to asquaredIts only useless if you dont know how to read it, and dont know how to use it. If you want help then I'd suggest you at least try to follow any advice , that you have been asked to present - other wise its highly likely you wont get any help. Edited: just for the record Asquared is crap - seen many PC's that are infected and it has Asquared installed. |
wainuitech (129) | ||
| 770828 | 2009-05-04 00:09:00 | It is not useless-it is a very useful tool. Running it will not do anything, you must remove the entries and know how to read it. It will provide us with vital information one what may have infected you and what maybe causing your problems. Please post the log here for analysis. Blam |
Blam (54) | ||
| 770829 | 2009-05-04 00:13:00 | Okay guys here it is once again it doesnt tell me what ive been infected with like asquared has listed the names of the worms and trojans which i will go and try and paste here shortly. Back soon:) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:10:44 a.m., on 4/05/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18372) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Tall Emu\Online Armor\oasrv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Tall Emu\Online Armor\oacat.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Tall Emu\Online Armor\oaui.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Tall Emu\Online Armor\oahlp.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.trademe.co.nz R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.trademe.co.nz R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trademe.co.nz R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = www.dvdvideosoft.com R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - (no file) O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O4 - HKLM\..\Run: [ avast! ] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=64&bd=presario&pf=laptop O17 - HKLM\System\CCS\Services\Tcpip\..\{6A049996-C61E-4441-8E9D-C0B09A292F64}: NameServer = 203.97.78.43 203.97.78.44 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oacat.exe O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe O23 - Service: Windows Media Connect Service (WMConnectCDS) - Unknown owner - C:\Program Files\Windows Media Connect 2\wmccds.exe (file missing) -- End of file - 5296 bytes |
iammcb (14488) | ||
| 770830 | 2009-05-04 00:18:00 | hey guys sorry for not agreeing with you about hijack this its not personal its just not really good for people like myself who dont know what they are meant to do. where as asquared tells me this information: and this is just one link. theres more i will post soon. a-squared HiJackFree Analysisa-squaredName: MSConfig Good: 2 Bad: 15 Status Name Command Description N MSConfig msconfig.exe Entry that appears when you uncheck an item in the MSConfig Startup group, and will disappear if on the next reboot you select the option to not be reminded that you are running in Selective Startup mode X MSConfig MSCONFIG32.EXE Added by the SPYBOT.B WORM! X msconfig msconfig.exe CoolWebSearch parasite related. Note - this is not the legitimate msconfig.exe which should only appear in Msconfig/Startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting X Msconfig msconfig.exe Added by the WINUR WORM! Note - this is not the real msconfig.exe as it's located in C:\winrun\ X msconfig wins.exe Added by the RBOT.PF WORM! X MSConfig MSCONFIG35.EXE Added by a variant of the SPYBOT WORM! X msconfig scvhost.exe Added by the AGENT-DSF TROJAN! X msconfig winlog.exe Added by the IRCBOT-TJ TROJAN! X Msconfig icpldrvx.exe Added by the BANLOAD.BFT TROJAN! X msconfig msconfig.com Added by the IRCBOT-SM WORM! X msconfig msconfig.bat Added by the PAHATIA.B WORM! X Msconfig lptt01 msconfig.exe RapidBlaster variant (in a "msconfig" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not the valid Windows Msconfig which has the same executable name X Msconfig ml097e msconfig.exe RapidBlaster variant (in a "msconfig" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not the valid Windows Msconfig which has the same executable name N MSConfigReminder msconfig.exe Entry that appears when you uncheck an item in the MSConfig Startup group, and will disappear if on the next reboot you select the option to not be reminded that you are running in Selective Startup mode X msdev msconfig.exe Added by the AGOBOT.AAU WORM! Note - this is not the legitimate msconfig.exe which should only appear in Msconfig/Startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting X Microsoft Java Virtual Machine MsConfiG.exe Added by the FORBOT-DV WORM! X winrun msconfig.exe Added by the WINUR WORM! Note - this is not the real msconfig.exe as it's located in C:\winrun\ •"Y" - Normally leave to run at start-up •"N" - Not required - typically infrequently used tasks that can be started manually if necessary •"U" - User's choice - depends whether a user deems it necessary •"X" - Definitely not required - typically viruses, spyware, adware and "resource hogs" •"?" - Unknown Autorun information provided by http://www.sysinfo.org |
iammcb (14488) | ||
| 1 2 3 | |||||