|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
![]() |
|
Topic Tools |
#1
|
|||
|
|||
![]()
Hi everyone,
just want to say i have had a lot of great help and advice from this great site, and fingers crossed am hoping for the same here. I have a b*****d of a program/virus called Antimalware doctor infecting my system, it all started when i was watching a video on youtube and the song that was playing in the video sounded good, and i assume a lot of people have noticed that youtube put a itunes link on the video if you want to buy the song. When i clicked on the link it opened up a new tab in my firefox browser which was itunes redirecting me to my itunes program on my computer for the itunes store. as soon as itunes program opened i started getting windows popping up saying i've got 100's of infections on my system, and that i needed to activate the program to deal with the problems. Straight away i knew i was infected with something, so i opened task manager and tried to close the program but it wouldn't budge. i googled and came up with this and followed the instructions, but to be honest i don't know if it's the right thing to do even though i did as it said http://www.ehow.com/how_6067077_remo...tor-virus.html Once i did that it appeared to be removed but then popped up again, i tried to run a Hijackthis scan but the notepad file was blank and it said something about host files and not being able to run. I would really appreciate any help on how to rid this rubbish totally and for good. I'm running Windows Vista 32bit and AVG free edition (updating everyday without fail) |
#2
|
|||
|
|||
Stupid me, didn't realize that you had to click save log on Hijackthis,
thought it did it automatically. Here is the log, hope it helps at all: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:56:00, on 07/09/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18943) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\System32\igfxpers.exe C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\HP\HP Software Update\hpwuschd2.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\AVG\AVG9\avgtray.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\iTunes\iTunesHelper.exe F:\Program Setups\utorrent 1.6.1.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchProtocolHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lloydstsb.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll R3 - URLSearchHook: BIGMAC Toolbar - {914ccf81-67fd-4f05-b8d7-c72d27dfd4aa} - C:\Program Files\BIGMAC\tbBIG1.dll O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: BIGMAC Toolbar - {914ccf81-67fd-4f05-b8d7-c72d27dfd4aa} - C:\Program Files\BIGMAC\tbBIG1.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O3 - Toolbar: BIGMAC Toolbar - {914ccf81-67fd-4f05-b8d7-c72d27dfd4aa} - C:\Program Files\BIGMAC\tbBIG1.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,Regi sterModule O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [µTorrent] "F:\Program Setups\utorrent 1.6.1.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [mediafix70700en02.exe] C:\Users\Mark\AppData\Roaming\F2CA051789FE7AF1AD6E F9261D6EF3BE\mediafix70700en02.exe O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O4 - User Startup: Antimalware Doctor.lnk = C:\Users\Mark\AppData\Roaming\F2CA051789FE7AF1AD6E F9261D6EF3BE\mediafix70700en02.exe O4 - User Startup: winhelp.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{B9D35F0A-7CFD-48BB-8E1F-9125DF604E03}: NameServer = 192.168.1.1,192.168.1.2 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O20 - AppInit_DLLs: APSHook.dll,avgrsstx.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing) O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 11721 bytes |
#3
|
||||
|
||||
My Dad is there with you. This virus has his computer all but stopped. I can do some things in safe mode, and I tried to run all the removal tools suggested online and in other forums to no avail. He decided he wanted to do a clean install, and it won't even let him do that. My question is: can you use the restore disc in safe mode?
|
#4
|
||||
|
||||
k9mom007 - Please click on - New Topic - button: here
As it´s confusing with more problems in same topic. dannythedog -> Please download Combofix from: Here And save to the desktop. Close all other browser windows. Double-click on the combofix icon found on your desktop. Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete. When finished, it will produce a logfile located at C:\combofix.txt. Post the contents of that log in your next reply The logs will be reasonably large so you may have to divide them into sections and make several posts to post them. NB. If you are using any P2P (file sharing) programs, please remove them before we clean your computer.. We do not clean logs that have P2P applications installed as this can cause reinfection during your cleaning. |
#5
|
|||
|
|||
Hi,
the P2P program is a GUI.exe and as it isn't installed, i right clicked on it and shut it down before running the combofix. Also combofix said to turn off any antivirus and antispyware first, but after searching, AVG doesn't turn off or close down besides uninstalling it and didn't fancy losing all the updates and that, so ran the combofix scan with it on. If you say i should uninstall it and then run it i will as you are the expert and i am a numty, i will post the report anyway and will follow your guidance to the letter: ComboFix 10-09-07.03 - Mark 08/09/2010 18:36:21.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2038.913 [GMT 1:00] Running from: c:\users\Mark\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ADS - Windows: deleted 24 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\FlashGet Network c:\users\Mark\AppData\Local\Windows Server c:\users\Mark\AppData\Local\Windows Server\admin.txt c:\users\Mark\AppData\Local\Windows Server\flags.ini c:\users\Mark\AppData\Local\Windows Server\hlp.dat c:\users\Mark\AppData\Local\Windows Server\server.dat c:\users\Mark\AppData\Local\Windows Server\uses32.dat c:\users\Mark\AppData\Roaming\BITS c:\users\Mark\AppData\Roaming\BITS\BITS.ini c:\users\Mark\AppData\Roaming\BITS\DHTTable.dat c:\users\Mark\AppData\Roaming\BITS\pl.dat c:\users\Mark\AppData\Roaming\BITS\ProxyList.ini c:\users\Mark\AppData\Roaming\BITS\Torrent\2009122 2110959.torrent c:\users\Mark\AppData\Roaming\BITS\Torrent\2009122 2110959.torrent.filelist c:\users\Mark\AppData\Roaming\BITS\Torrent\2009122 2111021.torrent c:\users\Mark\AppData\Roaming\BITS\Torrent\2009122 2111021.torrent.filelist c:\users\Mark\AppData\Roaming\BITS\Torrent\2009122 2111022.torrent.filelist c:\users\Mark\AppData\Roaming\BITS\Torrent\2009122 2111022.torrent.hybridlist c:\users\Mark\AppData\Roaming\BITS\Torrent\2009122 2111022.torrent.statistic c:\users\Mark\AppData\Roaming\BITS\UPnP.ini c:\users\Mark\AppData\Roaming\F2CA051789FE7AF1AD6E F9261D6EF3BE c:\users\Mark\AppData\Roaming\F2CA051789FE7AF1AD6E F9261D6EF3BE\enemies-names.txt c:\users\Mark\AppData\Roaming\F2CA051789FE7AF1AD6E F9261D6EF3BE\local.ini c:\users\Mark\AppData\Roaming\F2CA051789FE7AF1AD6E F9261D6EF3BE\lsrslt.ini c:\users\Mark\AppData\Roaming\FlashGetBHO c:\users\Mark\AppData\Roaming\FlashGetBHO\FlashGet BHO3.dll c:\users\Mark\AppData\Roaming\FlashGetBHO\GetAllUr l.htm c:\users\Mark\AppData\Roaming\FlashGetBHO\GetUrl.h tm c:\users\Mark\AppData\Roaming\inst.exe c:\users\Mark\AppData\Roaming\Microsoft\Windows\St art Menu\Antimalware Doctor.lnk c:\users\Mark\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Antimalware Doctor c:\users\Mark\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk c:\users\Mark\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Antimalware Doctor\Uninstall.lnk c:\users\Mark\AppData\Roaming\Microsoft\Windows\Te mplates\memory.tmp c:\windows\system32\secushr.dat |
#6
|
|||
|
|||
((((((((((((((((((((((((( Files Created from 2010-08-08 to 2010-09-08 )))))))))))))))))))))))))))))))
. 2010-09-08 17:48 . 2010-09-08 17:48 -------- d-----w- c:\users\Mcx1\AppData\Local\temp 2010-09-08 17:48 . 2010-09-08 17:48 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-09-07 20:08 . 2010-09-07 20:08 -------- d-----w- c:\program files\Trend Micro 2010-09-07 18:26 . 2010-09-08 17:23 -------- d-----w- c:\users\Mark\AppData\Local\Windows 2010-09-05 14:55 . 2010-09-05 14:55 -------- d-----w- c:\program files\iPod 2010-09-05 14:55 . 2010-09-05 14:56 -------- d-----w- c:\program files\iTunes 2010-08-21 13:06 . 2010-08-21 13:06 -------- d-----w- c:\program files\QuickTime . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2010-09-08 17:49 . 2007-07-25 02:06 1076 ----a-w- c:\windows\bthservsdp.dat 2010-09-08 17:27 . 2009-06-14 20:14 -------- d-----w- c:\users\Mark\AppData\Roaming\uTorrent 2010-09-07 20:08 . 2010-09-07 20:08 388096 ----a-r- c:\users\Mark\AppData\Roaming\Microsoft\Installer\ {45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-09-07 17:38 . 2009-07-28 19:24 -------- d-----w- c:\users\Mark\AppData\Roaming\HpUpdate 2010-09-05 14:55 . 2009-06-14 20:24 -------- d-----w- c:\program files\Common Files\Apple 2010-09-05 14:49 . 2010-09-05 14:49 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe 2010-08-29 07:38 . 2009-09-30 22:00 -------- d-----w- c:\users\Mark\AppData\Roaming\vlc 2010-08-12 17:47 . 2007-06-29 06:10 -------- d-----w- c:\programdata\Microsoft Help 2010-08-12 17:42 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-07-15 17:58 . 2009-06-14 12:39 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-07-15 17:58 . 2010-07-15 17:58 12536 ----a-w- c:\windows\system32\avgrsstx.dll 2010-07-15 17:55 . 2009-06-14 12:39 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-07-08 10:33 . 2010-08-21 14:40 50176 ----a-w- c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Prof iles\pqsbzcgb.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\ebayShortc utMaker.dll 2010-07-08 10:33 . 2010-08-21 14:40 80896 ----a-w- c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Prof iles\pqsbzcgb.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\ebayAccess Component.dll 2010-06-26 06:05 . 2010-08-12 17:39 916480 ----a-w- c:\windows\system32\wininet.dll 2010-06-26 06:02 . 2010-08-12 17:39 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-06-26 06:02 . 2010-08-12 17:39 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-06-26 04:25 . 2010-08-12 17:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2010-06-22 18:36 . 2010-06-22 18:36 85504 ----a-w- c:\users\Mark\AppData\Roaming\SystemRequirementsLa b\srlproxy_cyri_4.1.71.0A.dll 2010-06-21 17:32 . 2009-12-18 20:10 5972 ----a-w- c:\users\Mark\AppData\Local\d3d9caps.dat 2010-06-21 13:37 . 2010-08-12 17:39 2037760 ----a-w- c:\windows\system32\win32k.sys 2010-06-18 17:31 . 2010-08-12 17:39 36864 ----a-w- c:\windows\system32\rtutils.dll 2010-06-18 15:04 . 2010-08-12 17:39 302080 ----a-w- c:\windows\system32\drivers\srv.sys 2010-06-18 15:04 . 2010-08-12 17:39 144896 ----a-w- c:\windows\system32\drivers\srv2.sys 2010-06-16 16:04 . 2010-08-12 17:39 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-06-11 16:16 . 2010-08-12 17:39 274944 ----a-w- c:\windows\system32\schannel.dll 2010-06-11 16:15 . 2010-08-12 17:39 1248768 ----a-w- c:\windows\system32\msxml3.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) |
#7
|
|||
|
|||
*Note* empty entries & legit default entries are not shown
REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704] "{914ccf81-67fd-4f05-b8d7-c72d27dfd4aa}"= "c:\program files\BIGMAC\tbBIG1.dll" [2009-06-24 2094616] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_CLASSES_ROOT\clsid\{914ccf81-67fd-4f05-b8d7-c72d27dfd4aa}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{914ccf81-67fd-4f05-b8d7-c72d27dfd4aa}] 2009-06-24 22:18 2094616 ----a-w- c:\program files\BIGMAC\tbBIG1.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2010-04-19 09:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704] "{914ccf81-67fd-4f05-b8d7-c72d27dfd4aa}"= "c:\program files\BIGMAC\tbBIG1.dll" [2009-06-24 2094616] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CLASSES_ROOT\clsid\{914ccf81-67fd-4f05-b8d7-c72d27dfd4aa}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704] "{914CCF81-67FD-4F05-B8D7-C72D27DFD4AA}"= "c:\program files\BIGMAC\tbBIG1.dll" [2009-06-24 2094616] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CLASSES_ROOT\clsid\{914ccf81-67fd-4f05-b8d7-c72d27dfd4aa}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "µTorrent"="f:\program setups\utorrent 1.6.1.exe" [2007-11-18 177152] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-03-11 159744] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-04-24 176128] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776] "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128] "CognizanceTS"="c:\progra~1\BIOSCR~1\VeriSoft\Bin\ ASTSVCC.dll" [2003-12-22 17920] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424] "Persistence"="c:\windows\system32\igfxpers.ex e" [2008-02-11 133656] "TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-02-16 1169776] "AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-02-16 1945960] "Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-02-16 149024] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-15 2065760] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce] "Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128] c:\users\Mark\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup\ Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1996-11-21 111376] Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1996-11-21 51984] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-8-14 813584] [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\APSHook.dll c:\windows\System32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):ef,9e,4f,a6,34,41,ca,01 |
#8
|
|||
|
|||
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 SysMouseFilterF3;SysMouseFilterF3;c:\windows\syste m32\DRIVERS\SysMouseFilterF3.sys [2008-11-13 18808] R3 UCharger;Energizer Usb Charger Driver;c:\windows\system32\Drivers\UCharger.sys [2007-05-15 13765] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30 319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S0 hotcore3;hotcore3;c:\windows\system32\drivers\hotc ore3.sys [2007-03-07 38448] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-15 216400] S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-07-15 243024] S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-19 21504] S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-19 21504] S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-15 308136] S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ Cognizance REG_MULTI_SZ ASBroker ASChannel LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder 2010-09-08 c:\windows\Tasks\User_Feed_Synchronization-{5CA5C4EA-B553-4CA7-A19E-8650EC9A95AA}.job - c:\windows\system32\msfeedssync.exe [2010-08-12 04:24] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.lloydstsb.com/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=Pavilion &pf=laptop uInternet Settings,ProxyOverride = *.local IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 TCP: {B9D35F0A-7CFD-48BB-8E1F-9125DF604E03} = 192.168.1.1,192.168.1.2 FF - ProfilePath - c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Prof iles\pqsbzcgb.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT830223&SearchSource=3&q={se archTerms} FF - prefs.js: browser.startup.homepage - hxxp://www.afterdawn.com/ FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\compone nts\IGeared_tavgp_xputils2.dll FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\compone nts\IGeared_tavgp_xputils3.dll FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\compone nts\IGeared_tavgp_xputils35.dll FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\compone nts\xpavgtbapi.dll FF - component: c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Prof iles\pqsbzcgb.default\extensions\{00b8e20c-5c71-4c2f-85a5-6ad541500df0}\components\FFExternalAlert.dll FF - component: c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Prof iles\pqsbzcgb.default\extensions\{00b8e20c-5c71-4c2f-85a5-6ad541500df0}\components\RadioWMPCore.dll FF - component: c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Prof iles\pqsbzcgb.default\extensions\{44fc8675-9d92-4845-9598-f3d0b8a8151e}\components\FFExternalAlert.dll FF - component: c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Prof iles\pqsbzcgb.default\extensions\{44fc8675-9d92-4845-9598-f3d0b8a8151e}\components\RadioWMPCore.dll FF - component: c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Prof iles\pqsbzcgb.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\ebayAccess Component.dll FF - component: c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Prof iles\pqsbzcgb.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\ebayShortc utMaker.dll FF - component: c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Prof iles\pqsbzcgb.default\extensions\{a6e4a4eb-d169-4e99-8988-250fcbafe767}\components\FFExternalAlert.dll FF - component: c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Prof iles\pqsbzcgb.default\extensions\{a6e4a4eb-d169-4e99-8988-250fcbafe767}\components\RadioWMPCore.dll FF - component: c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Prof iles\pqsbzcgb.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}\components\nsCatcher.dll FF - plugin: c:\users\Mark\AppData\LocalLow\Unity\WebPlayer\loa der\npUnity3D32.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); |
#9
|
|||
|
|||
- - - - ORPHANS REMOVED - - - -
HKCU-Run-mediafix70700en02.exe - c:\users\Mark\AppData\Roaming\F2CA051789FE7AF1AD6E F9261D6EF3BE\mediafix70700en02.exe HKLM-Run-NapsterShell - c:\program files\Napster\napster.exe ************************************************** ************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-09-08 18:53 Windows 6.0.6002 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\users\Mark\AppData\Local\Temp\catchme.dll 53248 bytes executable scan completed successfully hidden files: 1 ************************************************** ************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(768) c:\windows\system32\relog_ap.dll - - - - - - - > 'Explorer.exe'(1420) c:\windows\system32\APSHook.dll c:\program files\Bioscrypt\VeriSoft\Bin\ItClient.dll c:\program files\K-Lite Codec Pack\Filters\Haali\splitter.ax c:\program files\K-Lite Codec Pack\Filters\Haali\mkzlib.dll c:\program files\K-Lite Codec Pack\Filters\Haali\mkunicode.dll c:\program files\K-Lite Codec Pack\Filters\Haali\mkx.dll c:\program files\K-Lite Codec Pack\Filters\Haali\mp4.dll c:\program files\K-Lite Codec Pack\ffdshow\ffdshow.ax c:\program files\K-Lite Codec Pack\Filters\vsfilter.dll c:\program files\K-Lite Codec Pack\Filters\DivXDecH264.ax . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Acronis\Schedule2\schedul2.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe c:\program files\AVG\AVG9\avgnsx.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\system32\DRIVERS\xaudio.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\program files\HP\QuickPlay\Kernel\TV\CLSched.exe c:\program files\AVG\AVG9\avgrsx.exe c:\program files\AVG\AVG9\avgchsvx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\program files\Bioscrypt\VeriSoft\Bin\AsGHost.exe c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe c:\program files\Windows Media Player\wmpnetwk.exe . ************************************************** ************************ . Completion time: 2010-09-08 18:59:52 - machine was rebooted ComboFix-quarantined-files.txt 2010-09-08 17:59 Pre-Run: 6,138,568,704 bytes free Post-Run: 5,953,576,960 bytes free - - End Of File - - 331004CE3A48D41BF7B3F30C6DDC2B9E |
#10
|
||||
|
||||
Looks clean.
Download Ccleaner: Here Click on -> “Download Latest Version” Once installed, run CCleaner click the Windows tab Select the following: Internet Explorer: Temp Internet History Recently Typed URLs Delete Index.dat files System: Empty Recycle Bin Temporary Files Memory Dumps Chkdsk File Fragments Then click Run Cleaner (bottom right) then Exit Please download Malwarebytes' Anti-Malware: Here to your desktop. Double-click mbam-setup and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select Perform full scan, then click Scan. When the scan is complete, click OK, then Show Results to view the results. Be sure that everything is checked, and click Remove Selected. When completed, a log will open in Notepad. Please save it to a convenient location. NB. If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Post hijackthis log along with Malwarebytes' Anti-Malware log, and tell how things are running ? |
#11
|
|||
|
|||
I will do as you asked right now,
just wanted to say that AVG has just popped up after starting my pc up/opening firefox, one of the two caused it, and said there is a "Resident Shield Alert". Multiple infections, file: C:\Users\Mark\AppData\Local\Windows\winhelp.exe infection: Trojan horse SpamTool.GKQ result: infected |
#12
|
|||
|
|||
Clicked remove threat as power user and remove all unhealed infections
and the result is "object is inaccessible" |
#13
|
|||
|
|||
Just running Malwarebytes full scan now,
That AVG Resident shield Alert is popping up every few seconds now with the same result, i keep clicking to move to vault. |
#14
|
|||
|
|||
Upon scanning with hijack this again, the following message pops up:
For some reason your system denied write access to the hosts file. If any hijacked domains are in this file, HijackThis may NOT be able to fix this. If that happens, you need to edit the file yourself. To do this, click Start, Run and type: notepad C:\Windows\System32\drivers\etc\hosts and press enter. Find the line(s) HijackThis reports and delete them. Save the file as 'hosts' (with quotes), and reboot. For Vista: simply, exit HijackThis, right click on the HijackThis icon, choose 'run as administrator'. I click ok and the scan starts, the a blank logfile appears. Does it every time. I will post the Malwarebytes log now. |
#15
|
|||
|
|||
Sorry spoke to soon, it worked then.
Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:27:30, on 09/09/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18943) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe C:\Windows\Explorer.EXE C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\System32\igfxpers.exe C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\HP\HP Software Update\hpwuschd2.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\AVG\AVG9\avgtray.exe C:\Program Files\iTunes\iTunesHelper.exe F:\Program Setups\utorrent 1.6.1.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\DllHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lloydstsb.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll R3 - URLSearchHook: BIGMAC Toolbar - {914ccf81-67fd-4f05-b8d7-c72d27dfd4aa} - C:\Program Files\BIGMAC\tbBIG1.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: BIGMAC Toolbar - {914ccf81-67fd-4f05-b8d7-c72d27dfd4aa} - C:\Program Files\BIGMAC\tbBIG1.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O3 - Toolbar: BIGMAC Toolbar - {914ccf81-67fd-4f05-b8d7-c72d27dfd4aa} - C:\Program Files\BIGMAC\tbBIG1.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,Regi sterModule O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [µTorrent] "F:\Program Setups\utorrent 1.6.1.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O4 - User Startup: winhelp.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{B9D35F0A-7CFD-48BB-8E1F-9125DF604E03}: NameServer = 192.168.1.1,192.168.1.2 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O20 - AppInit_DLLs: C:\WINDOWS\System32\APSHook.dll C:\WINDOWS\System32\avgrsstx.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing) O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 11091 bytes |
![]() |
Bookmarks |
«
Previous Topic
|
Next Topic
»
|
|
![]() |
||||
Topic | Topic Starter | Forum | Replies | Last Post |
antimalware doctor- combo fix log | k9mom007 | Malware Removal | 283 | September 23rd, 2010 10:55 PM |
Trying to remove Antimalware doctor | peter762033 | Malware Removal | 11 | August 25th, 2010 06:41 AM |
Antimalware doctor | Jerry56 | Windows XP | 4 | August 17th, 2010 06:56 PM |
antimalware doctor | Saga286 | Malware Removal | 1 | July 29th, 2010 05:12 AM |
Virus Doctor | Richard86 | Malware Removal | 40 | April 9th, 2009 06:27 AM |
All times are GMT +1. The time now is 11:13 PM.