| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 92340 | 2008-08-06 19:14:00 | Pros in here! Virus trouble again! (hijackthis log included) | craftykillz (13839) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 695469 | 2008-08-06 19:14:00 | Well i got some virus from something! Anyway i ran trojan remover it worked in moving a couple of files i also have avast running and i ran spyware doctor still having problems. Got starters GOOGLE won't search it opens but wont search. .exe Application error's are constantly coming up as well. Here is my log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:58:21 AM, on 7/08/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16386) Boot mode: Normal Running processes: D:\Windows\System32\smss.exe D:\Windows\system32\csrss.exe D:\Windows\system32\csrss.exe D:\Windows\system32\wininit.exe D:\Windows\system32\winlogon.exe D:\Windows\system32\services.exe D:\Windows\system32\lsass.exe D:\Windows\system32\lsm.exe D:\Windows\system32\svchost.exe D:\Windows\system32\svchost.exe D:\Windows\System32\svchost.exe D:\Windows\System32\svchost.exe D:\Windows\system32\svchost.exe D:\Windows\system32\SLsvc.exe D:\Windows\system32\svchost.exe D:\Windows\system32\svchost.exe D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe D:\Program Files\Alwil Software\Avast4\ashServ.exe D:\Windows\System32\spoolsv.exe D:\Windows\system32\svchost.exe D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe D:\Program Files\Bonjour\mDNSResponder.exe D:\Program Files\Digidesign\Drivers\MMERefresh.exe D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe D:\Windows\system32\svchost.exe D:\Windows\system32\svchost.exe D:\Program Files\Spyware Doctor\pctsAuxs.exe D:\Program Files\Spyware Doctor\pctsSvc.exe D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe D:\Program Files\Alwil Software\Avast4\ashWebSv.exe D:\Windows\system32\taskeng.exe D:\Windows\system32\taskeng.exe D:\Windows\system32\Dwm.exe D:\Windows\Explorer.EXE D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe D:\Program Files\Common Files\Real\Update_OB\realsched.exe D:\Program Files\Alwil Software\Avast4\ashDisp.exe D:\Program Files\Spyware Doctor\pctsTray.exe D:\Windows\System32\rundll32.exe D:\Program Files\Windows Live\Messenger\msnmsgr.exe D:\Program Files\Trojan Remover\Trjscan.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\Program Files\Trend Micro\HijackThis\HijackThis.exe D:\Windows\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {da30eff8-ccc6-4162-a20d-67402a26a215} - (no file) O1 - Hosts: ::1 localhost O2 - BHO: {856844ed-18bd-ed4a-f4a4-f78bdd65b210} - {012b56dd-b87f-4a4f-a4de-db81de448658} - D:\Windows\system32\bqiwys.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {D59F5E7A-0732-4885-B94A-4A947E6E669e} - D:\Windows\system32\ytsckqhk.dll O2 - BHO: (no name) - {F89A0EAD-4E6C-4E7B-8BDA-7AA7BC7B12AC} - D:\Users\crafty\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\V7WXPU6V\3077htsbdjyf[1].dll O3 - Toolbar: (no name) - {da30eff8-ccc6-4162-a20d-67402a26a215} - (no file) O4 - HKLM\..\Run: [Symantec PIF AlertEng] "D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ avast! ] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [MSServer] rundll32.exe D:\Windows\system32\jkkIARhi.dll,#1 O4 - HKLM\..\Run: [ISTray] "D:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [TrojanScanner] D:\Program Files\Trojan Remover\Trjscan.exe /boot O4 - HKLM\..\Run: [BM17a51620] Rundll32.exe "D:\Windows\system32\mqdpwgka.dll",s O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - D:\Program Files\UltimateBet\UltimateBet.exe O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - D:\Program Files\UltimateBet\UltimateBet.exe O10 - Broken Internet access because of LSP provider 'd:\windows\system32\pnrpnsp.dll' missing O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - D:\Program Files\Digidesign\Drivers\MMERefresh.exe O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - D:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LiveUpdate Notice Service - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\pctsSvc.exe -- End of file - 8424 bytes Thanks |
craftykillz (13839) | ||
| 695470 | 2008-08-06 19:23:00 | Do you have Symantec and Avast anti virus running? | gary67 (56) | ||
| 695471 | 2008-08-06 19:28:00 | avast yes altho trial runs out in couple of days. Symantec i was reccomended to uninstall from here a few months back so i did. I think its a rundll32.exe virus and adds are popping up now. | craftykillz (13839) | ||
| 695472 | 2008-08-06 19:34:00 | You will need to wait for Speedy then or try PMing Pancake. Although there are still symantec entries in your log. I gotta go to work now. | gary67 (56) | ||
| 695473 | 2008-08-06 19:40:00 | Ohk thanks gary yeah speedy was a great help last time. Cheers i'll PM pancake. | craftykillz (13839) | ||
| 695474 | 2008-08-06 20:02:00 | Tick these then tick fix checked Close browsers Get this as well (www.malwarebytes.org) Install this update then scan These entries will be the prob (in bold). O2 - BHO: {856844ed-18bd-ed4a-f4a4-f78bdd65b210} - {012b56dd-b87f-4a4f-a4de-db81de448658} - D:\Windows\system32\bqiwys.dll O2 - BHO: (no name) - {D59F5E7A-0732-4885-B94A-4A947E6E669e} - D:\Windows\system32\ytsckqhk.dll O3 - Toolbar: (no name) - {da30eff8-ccc6-4162-a20d-67402a26a215} - (no file) O4 - HKLM\..\Run: [MSServer] rundll32.exe D:\Windows\system32\jkkIARhi.dll,#1 O4 - HKLM\..\Run: [BM17a51620] Rundll32.exe "D:\Windows\system32\mqdpwgka.dll",s Since you've got trojan remover update it then click on scan, then select all options under utilities. Then open computer highlight D then right mouse scan with trojan remover Uninstall all versions of Java, its out of date. Link is in my sig Uninstall Symantec To make sure Symantec is gone after get this (service1.symantec.com) |
Speedy Gonzales (78) | ||
| 695475 | 2008-08-06 20:18:00 | Thanks speedy quick as the name! I have tried to remove the hijack this things however on a second scan i think they may be reappearing? Here is the second log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:03:32 AM, on 7/08/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16386) Boot mode: Normal Running processes: D:\Windows\system32\Dwm.exe D:\Windows\system32\taskeng.exe D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe D:\Program Files\Alwil Software\Avast4\ashDisp.exe D:\Program Files\Google\Gmail Notifier\gnotify.exe D:\Program Files\Windows Live\Messenger\msnmsgr.exe D:\Users\crafty\AppData\Roaming\Simply Super Software\Trojan Remover\bly4217.exe D:\Program Files\Windows Media Player\wmplayer.exe D:\Windows\explorer.exe D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe D:\Program Files\Trend Micro\HijackThis\HijackThis.exe D:\Windows\System32\notepad.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = mlb.mlb.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {da30eff8-ccc6-4162-a20d-67402a26a215} - (no file) O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {E62B7510-0461-44B0-8DDE-6757FDFCB998} - D:\Windows\system32\awtutrPi.dll (file missing) O2 - BHO: (no name) - {F89A0EAD-4E6C-4E7B-8BDA-7AA7BC7B12AC} - D:\Users\crafty\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\V7WXPU6V\3077htsbdjyf[1].dll O4 - HKLM\..\Run: [Symantec PIF AlertEng] "D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [ avast! ] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [TrojanScanner] D:\Program Files\Trojan Remover\Trjscan.exe /boot O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] D:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [MSServer] rundll32.exe D:\Windows\system32\byxvuUmm.dll,#1 O4 - HKLM\..\Run: [BM17a51620] Rundll32.exe "D:\Windows\system32\mqdpwgka.dll",s O4 - HKLM\..\RunOnce: [Trojan Remover] "D:\Program Files\Trojan Remover\RMVTRJAN.EXE" /restart O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - D:\Program Files\UltimateBet\UltimateBet.exe O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - D:\Program Files\UltimateBet\UltimateBet.exe O10 - Broken Internet access because of LSP provider 'd:\windows\system32\pnrpnsp.dll' missing O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - D:\Program Files\Digidesign\Drivers\MMERefresh.exe O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - D:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LiveUpdate Notice Service - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\pctsSvc.exe -- End of file - 7063 bytes I have all browsers closed thought i should sort this before doing the other things. |
craftykillz (13839) | ||
| 695476 | 2008-08-06 20:23:00 | Did you tick fix checked as well?? O2 - BHO: (no name) - {E62B7510-0461-44B0-8DDE-6757FDFCB998} - D:\Windows\system32\awtutrPi.dll (file missing) O4 - HKLM\..\Run: [MSServer] rundll32.exe D:\Windows\system32\byxvuUmm.dll,#1 O4 - HKLM\..\Run: [BM17a51620] Rundll32.exe "D:\Windows\system32\mqdpwgka.dll",s Did you download malwarebytes? |
Speedy Gonzales (78) | ||
| 695477 | 2008-08-06 20:31:00 | Yes ticked, running malware as we speak also uninstalled the java i had in uninstall programs and downloaded from the site in your link. | craftykillz (13839) | ||
| 695478 | 2008-08-06 20:47:00 | Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:33:58 AM, on 7/08/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16386) Boot mode: Normal Running processes: D:\Windows\system32\Dwm.exe D:\Windows\Explorer.EXE D:\Windows\system32\taskeng.exe D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe D:\Program Files\Alwil Software\Avast4\ashDisp.exe D:\Program Files\Google\Gmail Notifier\gnotify.exe D:\Program Files\Windows Live\Messenger\msnmsgr.exe D:\Program Files\Trojan Remover\Trjscan.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = mlb.mlb.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {da30eff8-ccc6-4162-a20d-67402a26a215} - (no file) O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [ avast! ] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [TrojanScanner] D:\Program Files\Trojan Remover\Trjscan.exe /boot O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] D:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - D:\Program Files\UltimateBet\UltimateBet.exe O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - D:\Program Files\UltimateBet\UltimateBet.exe O10 - Broken Internet access because of LSP provider 'd:\windows\system32\pnrpnsp.dll' missing O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - D:\Program Files\Digidesign\Drivers\MMERefresh.exe O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - D:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LiveUpdate Notice Service - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\pctsSvc.exe -- End of file - 5736 bytes |
craftykillz (13839) | ||
| 1 2 | |||||