Jump to content

Recommended Posts

Thanks in advance.

Trouble just started with-in last week. Started getting search's getting re-directed. Also got some fake virus scanner pop-ups. Tried to fix, on my own...tried Malwarebytes, AVG, Hitman Pro 3.5, Super antiSpyware...few others. Helped some. I can't run windows update...page will not load. Still getting search re-directs. Also, seems like when I run some of these tools they still find stuff. Please Help...

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 1:59:40 PM, on 7/27/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.17055)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround

Mixer\CTSysVol.exe

C:\WINDOWS\system32\Rundll32.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Documents and Settings\All Users\Application

Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE

C:\Program Files\Flip Video\FlipShare\FlipShareService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar

=

http://cgi.verizon.net/bookmarks/bmredir.a...=all&bw=dsl

&cd=6.0&bm=ho_search

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page

= http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search

Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page

= http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet

Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet

Explorer\Search,CustomizeSearch =

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} -

(no file)

O2 - BHO: Adobe PDF Reader Link Helper -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter -

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program

Files\AVG\AVG9\avgssie.dll

O2 - BHO: JQSIEStartDetectorImpl -

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program

Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: EpsonToolBandKicker Class -

{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program

Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page -

{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program

Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem

Event Monitor\IntelMEM.exe

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound

Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media

Experience\PCMService.exe"

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program

Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common

Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [Motive SmartBridge]

C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program

Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP

Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE

C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program

Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [HitmanPro35] "C:\Program Files\Hitman Pro

3.5\HitmanPro35[1].exe" /scan:boot

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [EPSON Stylus Photo R380 Series]

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBOA.EXE /FU

"C:\WINDOWS\TEMP\E_S8E.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program

Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program

Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [ptlwvgmu] C:\Documents and

Settings\NetworkService\Local Settings\Application

Data\dfcyvnjtd\vwpaqfrtssd.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program

Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')

O8 - Extra context menu item: Add to Google Photos

Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O9 - Extra button: Travelaxe -

{32A32D38-B8ED-4b3f-AFD0-EF23B697B5C1} - C:\Program

Files\Travelaxe\Travelaxe.exe

O9 - Extra button: Real.com -

{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: MUSICMATCH MX Web Player -

{d81ca86b-ef63-42af-bee3-4502d9a03c2d} -

http://wwws.musicmatch.com/mmz/openWebRadio.html (file

missing)

O9 - Extra button: (no name) -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe

O15 - Trusted Zone: *.antimalwareguard.com (HKLM)

O15 - Trusted Zone: *.antispyexpert.com (HKLM)

O15 - Trusted Zone: *.avsystemcare.com (HKLM)

O15 - Trusted Zone: *.gomyhit.com (HKLM)

O15 - Trusted Zone: *.imageservr.com (HKLM)

O15 - Trusted Zone: *.onerateld.com (HKLM)

O15 - Trusted Zone: *.safetydownload.com (HKLM)

O15 - Trusted Zone: *.spyguardpro.com (HKLM)

O15 - Trusted Zone: *.storageguardsoft.com (HKLM)

O15 - Trusted Zone: *.trustedantivirus.com (HKLM)

O15 - Trusted Zone: *.virusremover2008.com (HKLM)

O15 - Trusted Zone: *.virusschlacht.com (HKLM)

O16 - DPF: vzTCPConfig -

http://www2.verizon.net/help/fios_settings...ude/vzTCPConfig

.CAB

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com

Configuration Class) -

https://activatemywifi.verizon.net/sdcCommo...wnload/WIFI/Ver

izon%20WiFi%20Installer.cab

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi

Class) - http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows

Genuine Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro

ActiveX Scan Agent 6.6) -

http://housecall65.trendmicro.com/housecal...let/html/native

/x86/win32/activex/hcImpl.cab

O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793}

(SurferNETWORK Plugin) -

http://rd1.surfernetwork.com/surferplugin.ocx

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows

Live Safety Center Base Module) -

http://cdn.scan.onecare.live.com/resource/...oad/scanner/wls

cbase6662.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}

(MUWebControl Class) -

http://www.update.microsoft.com/microsoftu.../v6/V5Controls/

en/x86/client/muweb_site.cab?1280236306218

O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon

Wireless Media Upload) -

http://picture.vzw.com/activex/VerizonWire...ploadControl.ca

b

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan

Installer Class) -

http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} -

http://www.linksysfix.com/check/netset/install/gtdownls.cab

O16 - DPF: {C32F59BF-180B-416A-ABF7-161060990A88} -

http://download.verizon.net/sfp/Cabs/max_u.../cVOLUpdate_1-0

-0.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave

Flash Object) -

http://fpdownload2.macromedia.com/get/shoc.../cabs/flash/swf

lash.cab

O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools

WebPlayer Class) -

http://3dlifeplayer.dl.3dvia.com/player/in...l/installer.exe

O16 - DPF: {DABFA9AD-4E31-43F4-9D60-4CDD20F57F28}

(PhotomaxUploader.ActiveXControl) -

http://www.photomax.com/web/PhotomaxUploader.CAB

O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -

O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044}

(AxisMediaControlEmb Class) -

http://65.5.111.18/activex/AMC.cab

O18 - Protocol: bwfile-8876480 -

{9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: linkscanner -

{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program

Files\AVG\AVG9\avgpp.dll

O18 - Filter hijack: text/html -

{db7a0886-d3f7-410c-9789-c7f62cb15b31} - (no file)

O20 - Winlogon Notify: !SASWinLogon - C:\Program

Files\SUPERAntiSpyware\SASWINLO.DLL

O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file

missing)

O22 - SharedTaskScheduler: Browseui preloader -

{438755C2-A8BA-11D1-B96B-00A0C90312E1} -

C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon -

{8C7461EF-2B13-11d2-BE35-3078302C2030} -

C:\WINDOWS\system32\browseui.dll

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies

CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: Creative Service for CDROM Access - Creative

Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) -

SEIKO EPSON CORPORATION - C:\Documents and Settings\All

Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE

O23 - Service: FlipShare Service - Unknown owner - C:\Program

Files\Flip Video\FlipShare\FlipShareService.exe

O23 - Service: GameConsoleService - WildTangent, Inc. -

C:\Program Files\HP Games\HP Game

Console\GameConsoleService.exe

O23 - Service: Google Updater Service (gusvc) - Google -

C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) -

Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Imapi Helper - Alex Feinman - C:\Program

Files\Alex Feinman\ISO Recorder\ImapiHelper.exe

O23 - Service: iPod Service (iPodService) - Apple Computer,

Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) -

Sun Microsystems, Inc. - C:\Program

Files\Java\jre6\bin\jqs.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel®

Corporation - C:\Program

Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA

Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP -

C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) -

Unknown owner - C:\Program Files\Common Files\Roxio

Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)

O23 - Service: SAMSUNG WiselinkPro Service (WiselinkPro) -

Unknown owner - C:\Program Files\SAMSUNG\SAMSUNG PC Share

Manager\WiselinkPro.exe

--

End of file - 11985 bytes

Link to post
Share on other sites

  • 2 weeks later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.