Jump to content

clam

Members
  • Posts

    3
  • Joined

  • Last visited

Posts posted by clam

  1. My computer was infected with 'Security Tool' about a week ago. I found manual instructions on how to remove it and things seem to be ok except that Google and Yahoo searches result in a blank screen now, and GMail does not work either (says page cannot be found) - so I think I missed something or maybe have some other malware that I have not been able to identify. I have run MalwareBytes and scanned with AVG Antivirus, and followed the pinned instructions. I could not get GMER to complete, as the system freezes each time it is run, but the other logs are attached.

    Here is the HiJack this log - I would appreciate it if someone could review these logs, and thank you for any advice/suggestions that are made!

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 9:59:53 AM, on 12/29/2009

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16945)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE

    C:\Program Files\iWin Games\iWinTrusted.exe

    C:\Program Files\Maxtor\Sync\SyncServices.exe

    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\wscntfy.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\RUNDLL32.EXE

    C:\WINDOWS\RTHDCPL.EXE

    C:\Program Files\QuickTime\qttask.exe

    C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe

    C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe

    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

    C:\PROGRA~1\Yahoo!\YOP\yop.exe

    C:\WINDOWS\system32\rundll32.exe

    C:\PROGRA~1\AVG\AVG8\avgtray.exe

    C:\Program Files\Messenger\MSMSGS.EXE

    C:\WINDOWS\system32\wuauclt.exe

    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

    C:\Program Files\OpenOffice.org 2.4\program\soffice.exe

    C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN

    C:\PROGRA~1\Yahoo!\browser\ycommon.exe

    C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe

    C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

    C:\PROGRA~1\AVG\AVG8\avgrsx.exe

    C:\PROGRA~1\AVG\AVG8\avgnsx.exe

    C:\PROGRA~1\AVG\AVG8\avgemc.exe

    C:\Program Files\AVG\AVG8\avgcsrvx.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ewtn.com/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    O1 - Hosts: 78.159.110.59 www.google.com

    O1 - Hosts: 78.159.110.59 www.google.de

    O1 - Hosts: 78.159.110.59 www.google.fr

    O1 - Hosts: 78.159.110.59 www.google.co.uk

    O1 - Hosts: 78.159.110.59 www.google.com.br

    O1 - Hosts: 78.159.110.59 www.google.it

    O1 - Hosts: 78.159.110.59 www.google.es

    O1 - Hosts: 78.159.110.59 www.google.co.jp

    O1 - Hosts: 78.159.110.59 www.google.com.mx

    O1 - Hosts: 78.159.110.59 www.google.ca

    O1 - Hosts: 78.159.110.59 www.google.com.au

    O1 - Hosts: 78.159.110.59 www.google.nl

    O1 - Hosts: 78.159.110.59 www.google.co.za

    O1 - Hosts: 78.159.110.59 www.google.be

    O1 - Hosts: 78.159.110.59 www.google.gr

    O1 - Hosts: 78.159.110.59 www.google.at

    O1 - Hosts: 78.159.110.59 www.google.se

    O1 - Hosts: 78.159.110.59 www.google.ch

    O1 - Hosts: 78.159.110.59 www.google.pt

    O1 - Hosts: 78.159.110.59 www.google.dk

    O1 - Hosts: 78.159.110.59 www.google.fi

    O1 - Hosts: 78.159.110.59 www.google.ie

    O1 - Hosts: 78.159.110.59 www.google.no

    O1 - Hosts: 78.159.110.59 search.yahoo.com

    O1 - Hosts: 78.159.110.59 us.search.yahoo.com

    O1 - Hosts: 78.159.110.59 uk.search.yahoo.com

    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

    O2 - BHO: eGames Toolbar - {4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - C:\PROGRA~1\EGAMES~1\EGAMES~1.DLL

    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

    O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)

    O3 - Toolbar: eGames Toolbar - {4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - C:\PROGRA~1\EGAMES~1\EGAMES~1.DLL

    O3 - Toolbar: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyP1.dll

    O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

    O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

    O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"

    O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

    O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart

    O4 - HKLM\..\Run: [Arucer] rundll32 C:\WINDOWS\system32\Arucer.dll,Arucer

    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background

    O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    O4 - HKCU\..\Run: [EPSON Stylus Photo RX595 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICLA.EXE /FU "C:\DOCUME~1\Parents\LOCALS~1\Temp\E_SE.tmp" /EF "HKCU"

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler

    O4 - HKCU\..\Run: [Parents] C:\Documents and Settings\Parents\Parents.exe /i

    O4 - HKCU\..\RunOnce: [shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; YPC 3.2.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.miniclip.com/games/down-hill-chill/en/"

    O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe

    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

    O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm

    O9 - Extra button: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll

    O9 - Extra 'Tools' menuitem: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

    O16 - DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} (Auctiva Image Uploader Control) - http://www.auctiva.com/Aurigma/ImageUploader57.cab

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1198379050285

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1198380399500

    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab

    O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} -

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

    O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll

    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

    O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)

    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

    O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE

    O23 - Service: Google Update Service (gupdate1ca17a6d78901ee) (gupdate1ca17a6d78901ee) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe

    O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe

    O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

    O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe

    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe

    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe

    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

    --

    End of file - 13480 bytes

    Attach.txt

    DDS.txt

  2. Hello,

    My computer was infected with 'Security Tool' about a week ago. I followed manual instructions to remove it and everything seems to be working except Google Search and GMail. Search returns a blank page and GMail says page cannot be displayed - so I think there is something that I must have missed. I have run Malwarebytes Anti-Malware, and scanned with the latest AVG version. I am also attaching the dds.txt and attach.txt logs but was not able to run GMER (system kept freezing).

    Thank you for any help and suggestions that you can offer!

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 9:59:53 AM, on 12/29/2009

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16945)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE

    C:\Program Files\iWin Games\iWinTrusted.exe

    C:\Program Files\Maxtor\Sync\SyncServices.exe

    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\wscntfy.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\RUNDLL32.EXE

    C:\WINDOWS\RTHDCPL.EXE

    C:\Program Files\QuickTime\qttask.exe

    C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe

    C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe

    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

    C:\PROGRA~1\Yahoo!\YOP\yop.exe

    C:\WINDOWS\system32\rundll32.exe

    C:\PROGRA~1\AVG\AVG8\avgtray.exe

    C:\Program Files\Messenger\MSMSGS.EXE

    C:\WINDOWS\system32\wuauclt.exe

    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

    C:\Program Files\OpenOffice.org 2.4\program\soffice.exe

    C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN

    C:\PROGRA~1\Yahoo!\browser\ycommon.exe

    C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe

    C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

    C:\PROGRA~1\AVG\AVG8\avgrsx.exe

    C:\PROGRA~1\AVG\AVG8\avgnsx.exe

    C:\PROGRA~1\AVG\AVG8\avgemc.exe

    C:\Program Files\AVG\AVG8\avgcsrvx.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

    http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ewtn.com/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

    http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

    http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

    http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

    http://go.microsoft.com/fwlink/?LinkId=69157

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    O1 - Hosts: 78.159.110.59 www.google.com

    O1 - Hosts: 78.159.110.59 www.google.de

    O1 - Hosts: 78.159.110.59 www.google.fr

    O1 - Hosts: 78.159.110.59 www.google.co.uk

    O1 - Hosts: 78.159.110.59 www.google.com.br

    O1 - Hosts: 78.159.110.59 www.google.it

    O1 - Hosts: 78.159.110.59 www.google.es

    O1 - Hosts: 78.159.110.59 www.google.co.jp

    O1 - Hosts: 78.159.110.59 www.google.com.mx

    O1 - Hosts: 78.159.110.59 www.google.ca

    O1 - Hosts: 78.159.110.59 www.google.com.au

    O1 - Hosts: 78.159.110.59 www.google.nl

    O1 - Hosts: 78.159.110.59 www.google.co.za

    O1 - Hosts: 78.159.110.59 www.google.be

    O1 - Hosts: 78.159.110.59 www.google.gr

    O1 - Hosts: 78.159.110.59 www.google.at

    O1 - Hosts: 78.159.110.59 www.google.se

    O1 - Hosts: 78.159.110.59 www.google.ch

    O1 - Hosts: 78.159.110.59 www.google.pt

    O1 - Hosts: 78.159.110.59 www.google.dk

    O1 - Hosts: 78.159.110.59 www.google.fi

    O1 - Hosts: 78.159.110.59 www.google.ie

    O1 - Hosts: 78.159.110.59 www.google.no

    O1 - Hosts: 78.159.110.59 search.yahoo.com

    O1 - Hosts: 78.159.110.59 us.search.yahoo.com

    O1 - Hosts: 78.159.110.59 uk.search.yahoo.com

    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program

    Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter -

    {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

    O2 - BHO: eGames Toolbar - {4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} -

    C:\PROGRA~1\EGAMES~1\EGAMES~1.DLL

    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program

    Files\Spybot - Search & Destroy\SDHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

    Files\Java\jre1.6.0_04\bin\ssv.dll

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} -

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

    files\google\googletoolbar1.dll

    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -

    C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

    files\google\googletoolbar1.dll

    O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)

    O3 - Toolbar: eGames Toolbar - {4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} -

    C:\PROGRA~1\EGAMES~1\EGAMES~1.DLL

    O3 - Toolbar: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program

    Files\MyPlayCity\tbMyP1.dll

    O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE

    C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common

    Files\InstallShield\UpdateService\isuspm.exe" -startup

    O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common

    Files\InstallShield\UpdateService\issch.exe" -start

    O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch

    Status\maxmenumgr.exe"

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"

    O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe

    /logon

    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

    O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart

    O4 - HKLM\..\Run: [Arucer] rundll32 C:\WINDOWS\system32\Arucer.dll,Arucer

    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio

    Shared\9.0\SharedCOM\RoxWatchTray9.exe"

    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader

    9.0\Reader\Reader_sl.exe"

    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background

    O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search &

    Destroy\TeaTimer.exe

    O4 - HKCU\..\Run: [EPSON Stylus Photo RX595 Series]

    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICLA.EXE /FU

    "C:\DOCUME~1\Parents\LOCALS~1\Temp\E_SE.tmp" /EF "HKCU"

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common

    Files\InstallShield\UpdateService\isuspm.exe" -scheduler

    O4 - HKCU\..\Run: [Parents] C:\Documents and Settings\Parents\Parents.exe /i

    O4 - HKCU\..\RunOnce: [shockwave Updater]

    C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0

    (compatible; MSIE 7.0; Windows NT 5.1; YPC 3.2.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727;

    .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.0.4506.2152; .NET CLR

    3.5.30729)" -"http://www.miniclip.com/games/down-hill-chill/en/"

    O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org

    2.4\program\quickstart.exe

    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common

    Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

    O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw -

    res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm

    O9 - Extra button: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} -

    C:\Program Files\Upromise\upromisetoolbar.dll

    O9 - Extra 'Tools' menuitem: Upromise TurboSaver -

    {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

    Files\Java\jre1.6.0_04\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

    C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program

    Files\Spybot - Search & Destroy\SDHelper.dll

    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration -

    {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search &

    Destroy\SDHelper.dll

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

    C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

    C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}

    - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program

    Files\Yahoo!\Common\Yinsthelper.dll

    O16 - DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} (Auctiva Image Uploader Control) -

    http://www.auctiva.com/Aurigma/ImageUploader57.cab

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

    http://www.update.microsoft.com/windowsupd...web_site.cab?11

    98379050285

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

    http://www.update.microsoft.com/microsoftu...uweb_site.cab?1

    198380399500

    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) -

    http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab

    O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} -

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

    http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

    O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program

    Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll

    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program

    Files\AVG\AVG8\avgpp.dll

    O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)

    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program

    Files\Lavasoft\Ad-Aware\aawservice.exe

    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. -

    C:\PROGRA~1\AVG\AVG8\avgemc.exe

    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. -

    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

    O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON

    CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3

    SSRP\E_S40RP7.EXE

    O23 - Service: Google Update Service (gupdate1ca17a6d78901ee) (gupdate1ca17a6d78901ee) -

    Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program

    Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program

    Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe

    O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program

    Files\Maxtor\Sync\SyncServices.exe

    O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA

    Corporation\nTune\nTuneService.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

    C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common

    Files\Intuit\QuickBooks\QBCFMonitorService.exe

    O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common

    Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home

    9\RoxioUPnPRenderer9.exe

    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home

    9\RoxioUpnpService9.exe

    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program

    Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe

    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio

    Shared\9.0\SharedCOM\RoxMediaDB9.exe

    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program

    Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

    --

    End of file - 13480 bytes

    Attach.txt

    DDS.txt

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.