|
The Friendly Place to Get Help and Support! Here you will find free, friendly and courteous help and support for all your computing and photography needs. We also have forums where you can just relax and have fun, talk about anything you want to discuss within board guidelines, and share your interests and hobbies with others. Our portal (Home) page contains several activities and games where you can just relax. It also contains an ecard service. You are welcome to browse the forums to see what we have to offer, but you must register in order to participate. Some forums, games and activities are viewable only after you register. If you are new, click here to get started. |
 |
|
| Author |
Message |
wwe9112
Royal Geek
User is Offline
Joined: 14 Jun 2007
Posts: 1106
|
| Posted: Sat Jul 12, 2008 2:02 pm Post subject: |
|
|
| Quote: |
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:00:02 PM, on 7/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2BCD565F-D0BA-4107-88DA-D14DBDD0C377} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {45C171AD-4F7B-4F3A-9B4B-F1BDD97486A1} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {863CD344-0404-4F7B-B3B2-EB1214176393} - (no file)
O2 - BHO: (no name) - {89602E18-857A-4067-9F82-5F005DD41D46} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A543B70F-ADEF-4780-80BC-864548F30BD9} - (no file)
O2 - BHO: (no name) - {B3BDF8F6-F017-47D4-B6D8-B2FAB794BD01} - (no file)
O2 - BHO: (no name) - {E8349145-F631-4469-A7FE-C11BF2B051DC} - (no file)
O2 - BHO: (no name) - {F2D684F3-7732-48DA-8A6D-B8421A7792C2} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{156F12C0-B2C7-443D-B117-C5D6086918A5}: NameServer = 71.252.0.12 71.242.0.12
O17 - HKLM\System\CS1\Services\Tcpip\..\{156F12C0-B2C7-443D-B117-C5D6086918A5}: NameServer = 71.252.0.12 71.242.0.12
O17 - HKLM\System\CS4\Services\Tcpip\..\{156F12C0-B2C7-443D-B117-C5D6086918A5}: NameServer = 71.252.0.12 71.242.0.12
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Advanced WindowsCare Boost Service (AwcService) - IObit - C:\Program Files\IObit\Advanced WindowsCare 3 Beta\awcservice.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\Windows\runservice.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: wampapache - Apache Software Foundation - J:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - J:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
--
End of file - 8113 bytes
|
OK thanks...there it is...My pc seems to be running like it did after I redid it, so I must f had that for a while and a pop-up triggered it or something...I hope that was the only one, and it should be as I don't download much stuff.
_________________
if there was room for another God, and Almighty was ok with it, He would pick me because I'm just that darn good |
|
| Back to top |
|
|
Repa
Site Admin
User is Offline
Joined: 26 Nov 2006
Posts: 1752
Location: North Carolina
|
| Posted: Sat Jul 12, 2008 6:43 pm Post subject: |
|
|
No problem. Everything looks ok now. Suggest you do the following right away:
1. Turn off System Restore(Vista Instructions):
a. Click Start
b. Right-Click Computer > Properties > choose Advanced System Settings option in the left menu listing
c. If UAC is enabled, you will get a UAC prompt. At this, click Continue.
d. Click System Protection tab
e. Untick any drive listed and in the popup window and click Turn off System Restore.
f. Click Apply > Ok
This will get rid of any bad files remaining in the Restore files.
2. Empty out these three(3) folders by running Disk Cleaner. Make sure these 3 are checked and then press "ok" to remove:
Temporary Files
Temporary Internet Files
Recycle Bin
3. Open your IE browser and select Tools>Internet Options:
Delete cookies
Delete Files – check delete all offline content
Click ok
4. Run ccleaner if you have it.
5. Turn System Restore back on (To re-enable System Restore, follow steps 1.a - 1.d above for turning it off and then Tick the Drives you wish to enable System Restore on and click Apply and OK.
6. Set a new restore point.
I suggest you go to the following threads and follow them to avoid future infections:
http://www.freepowerboards.com/geeksmore/geeksmore-about28.html
http://www.freepowerboards.com/geeksmore/geeksmore-about29.html
http://www.freepowerboards.com/geeksmore/geeksmore-about1398.html
If you get infected again, go here:
http://www.freepowerboards.com/geeksmore/geeksmore-about31.html
and follow the instructions in step order. Then ask questions if you run into a problem that you don't understand.
If you do the above procedures and also use SiteAdvisor to warn you about risky sites, it's highly likely that you can avoid having further infections.
_________________
Older than dirt! |
|
| Back to top |
|
|
wwe9112
Royal Geek
User is Offline
Joined: 14 Jun 2007
Posts: 1106
|
| Posted: Sat Jul 12, 2008 7:14 pm Post subject: |
|
|
OK repa. I'll do that thanx. I think I know what gave it to me when I was looking though stuff. I downloaded this thing, and then that's when everything went to heck.(The thing was a cd ssshhh) I did all those steps any how other then the system restore and I have it off any how I think. My step father turned it off last time he came to update my system if I'm not mistaking, but I'll check...
Just for the record. I do those tuts I did the one on cleaning and such, and the one on removing stuff, and speeding up start up or what ever...
Any how thanks.
_________________
if there was room for another God, and Almighty was ok with it, He would pick me because I'm just that darn good |
|
| Back to top |
|
|
Repa
Site Admin
User is Offline
Joined: 26 Nov 2006
Posts: 1752
Location: North Carolina
|
| Posted: Sun Jul 13, 2008 6:01 am Post subject: |
|
|
If you download something, save it to a folder first and do scans on it with your anti-virus and other malware scanners before opening it. That can save you a lot of heartache.
_________________
Older than dirt! |
|
| Back to top |
|
|
wwe9112
Royal Geek
User is Offline
Joined: 14 Jun 2007
Posts: 1106
|
| Posted: Sun Jul 13, 2008 2:14 pm Post subject: |
|
|
| Repa wrote: |
| If you download something, save it to a folder first and do scans on it with your anti-virus and other malware scanners before opening it. That can save you a lot of heartache. |
I did  , windows defender is what came up with it on a reboot if i'm not mistaking, or it rebooted it self, or something along them lines.
_________________
if there was room for another God, and Almighty was ok with it, He would pick me because I'm just that darn good |
|
| Back to top |
|
|
|
|
|
|
All times are GMT - 7 Hours
Goto page Previous 1, 2
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
Affiliates and Friends:
    
  
| |
|
