Guest dorsil Posted October 22, 2008 Posted October 22, 2008 hi urgently i'm having similar i have AVAST FREE EDITION HIJACK THIS MALWARE ANTI BYTES ATF-CLEANER CC CLEANER SUPER ANTI SPYWARE FREE EDITION thanks ,the annoying message is attached what to do? thanks Quote
Guest Wolfeymole Posted October 22, 2008 Posted October 22, 2008 Please don't hijack other peoples threads Dorsil. Quote
Guest dorsil Posted October 22, 2008 Posted October 22, 2008 oh come on Wolfeymole, why you answered me like that?i'm frustrated ,i saw that tread and kept on that issue, i have no reason to hijack no one's land,and i suppose to have help not that kind of answer,if you knows me as a real person u retire what you said,i leave my work aside to help friends when i know their answer not do as you said i'm so disappointed thanks Quote
Tootech Posted October 22, 2008 Posted October 22, 2008 Try this, Download ComboFix from A guide and tutorial on using ComboFix Start up in Safe Mode, run CCleaner, then run ComboFix. Restart normally. If it has gone, you could do to run a full spyware scan with something like Ad-Aware, Spybot or Spyware Doctor, just to check for bits and pieces still hanging around. Let us know how you get on. Tootech Quote
RandyL Posted October 22, 2008 Posted October 22, 2008 Hi dorsil; No offense was was meant. But it is extremely important that new threads are made in situations like this. This is so that you can get the best of help which is what we all want. Rarely are two issues exactly alike and we want yours to be specific just like everyone elses. That being said can you detail the information? Quote We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.Get help with computer problems. Join Free PC Help here Donations are welcome. Read Here
Guest dorsil Posted October 22, 2008 Posted October 22, 2008 yes it was an offence for me, so thanks for who is trying to help,even Wolfeymole himself,now i'm gonna do the steps and then i'll post thanks for now Quote
Guest Wolfeymole Posted October 22, 2008 Posted October 22, 2008 Run HJT and post a full log back Dorsil. Quote
Guest dorsil Posted October 22, 2008 Posted October 22, 2008 (edited) @ Wolfeymole,thanks the screen attached has gone now after i ran twice malware anti bytes/atf/cc cleaner and super anti spyware also spy bot that in all had found many,was deleted and seems ok now,maybe i have something else ,but still the windows security icon has come again and is in task bar thanks Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:22:17 PM, on 10/22/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20900) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ANTIVIRUS SETUPS\AVAST ANTIVIRUS\aswUpdSv.exe C:\Program Files\ANTIVIRUS SETUPS\AVAST ANTIVIRUS\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ANTIVIRUS SETUPS\Ashampoo AntiSpyware\Ashampoo AntiSpyWare 2\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\Program Files\Cyberlink\Shared files\RichVideo.exe C:\Program Files\ANTIVIRUS SETUPS\AVAST ANTIVIRUS\ashMaiSv.exe C:\Program Files\ANTIVIRUS SETUPS\AVAST ANTIVIRUS\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ANTIVI~1\AVASTA~1\ashDisp.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe C:\Program Files\DVD BURNING SETUPS\CyberLink PowerDVD Ultra 8.0.2021\PowerDVD8\PDVD8Serv.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ANTIVIRUS SETUPS\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\ANTIVIRUS SETUPS\HIJACK THIS\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = PC-Antispy R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\ANTIVI~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: (no name) - {F9533BCB-36F0-4697-942B-3FB3473CFE57} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ANTIVI~1\AVASTA~1\ashDisp.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\DVD BURNING SETUPS\CyberLink PowerDVD Ultra 8.0.2021\PowerDVD8\PDVD8Serv.exe" O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\DVD BURNING SETUPS\CyberLink PowerDVD Ultra 8.0.2021\PowerDVD8\Language\Language.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-20\..\RunOnce: [iE7-11] rundll32 advpack.dll,LaunchINFSection NR_IE7en.inf,AfterUserStart (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [iE7-11] rundll32 advpack.dll,LaunchINFSection NR_IE7en.inf,AfterUserStart (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [iE7-11] rundll32 advpack.dll,LaunchINFSection NR_IE7en.inf,AfterUserStart (User 'Default user') O4 - Startup: autostart.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\ANTIVI~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\ANTIVI~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O20 - Winlogon Notify: !SASWinLogon - C:\WINDOWS\ O20 - Winlogon Notify: khfExWME - khfExWME.dll (file missing) O21 - SSODL: vwnskbot - {27E42F1C-A769-4E78-BA15-09794163C67A} - (no file) O21 - SSODL: qnflkotm - {36A69741-CD80-4B1D-B353-1B896F93D4B4} - \qnflkotm.dll (file missing) O23 - Service: Ashampoo AntiSpyWare 2 Service (AASW2_Service) - Unknown owner - C:\Program Files\ANTIVIRUS SETUPS\Ashampoo AntiSpyware\Ashampoo AntiSpyWare 2\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\ANTIVIRUS SETUPS\AVAST ANTIVIRUS\aswUpdSv.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\ANTIVIRUS SETUPS\AVAST ANTIVIRUS\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\ANTIVIRUS SETUPS\AVAST ANTIVIRUS\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\ANTIVIRUS SETUPS\AVAST ANTIVIRUS\ashWebSv.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe -- End of file - 6882 byteshijackthis.zip Edited October 22, 2008 by Dalo Harkin Quote
Dalo Harkin Posted October 22, 2008 Posted October 22, 2008 Your computer could be infected with Malware. Malware is software designed to infiltrate or damage a computer system without the owner's informed consent. It is a combination of the words malicious and software. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code. Required Cleanup StepsDisable the Spybot Search & Destroy TEA TIMER if you use it and if it is enabled Run a Temporary file and cache cleaner (ATF) Run 2 Anti-Malware scanners (Listed Below) Run an Online Anti-Virus / Anti-Malware Scanner (Listed Below) Clear out old System Restore points If continued Malware type activity is present you may be asked to post a TrendMicro™ HijackThis™ Log file, do not do so unless requested. The reason to run multiple scanners is to ensure that no single scanner is missing something. The time it takes will vary depending on your system and your internet connection speed. Typically the SUPERAntiSpyware and Malwarebytes scanners will take between 10 to 90 minutes. The ESET online scan should take between 1 to 3 hours. In most cases, these scans will suffice to clean and disinfect your computer. Heavily infected systems or slower PCs can take much longer to scan and clean. For best results print the following instructions and bookmark this Web page To keep this guide printer-friendly, use your cursor to highlight the contents below. From your browser select File - Print and in the printer dialog box under "Print range" click the Selection choice to print out these instructions for removal of malware. http://i306.photobucket.com/albums/nn266/FPCH/Malware%20Guide/printer-selection.gif ____________________________________________ STEP 1 Disable Spybot Search & Destroys' TEA TIMER: (if installed, if not go to Step 2)Run Spybot-S&D in Advanced Mode. If it is not already set to do this Go to the Mode menu select "Advanced Mode" On the left hand side, Click on Tools Then click on the Resident Icon in the List Uncheck "Resident TeaTimer" and OK any prompts. Restart your computer. __________________________________________________ STEP 2 Follow these instructions carefully. Download ATF-Cleaner from Snapfiles.com to remove un-needed temporary files from your computer that may contain malware. You can also download it from Majorgeeks.com When you run ATF-Cleaner, check the items as shown below for Main. For FireFox, be sure to click on the FireFox tab on top and check the items as shown below for FireFox NOTE: If you don't have FireFox or Opera installed then they will be grayed out and can be ignored Then click on "Empty Selected". http://i306.photobucket.com/albums/nn266/FPCH/Malware%20Guide/atf-cleaner01.gif. http://i306.photobucket.com/albums/nn266/FPCH/Malware%20Guide/atf-cleaner02.gif __________________________________________________ STEP 3 Install and run the free version (not the Professional version) of SUPERAntiSpyware from SUPERAntiSpyware.com Accept any prompts to allow SUPERAntiSpyware to install the latest rules and infection definition files. You do not have to send them your e-mail address, just click next. You can leave the automated check for updates on. You can uncheck "Send a diagnostic report to research center" if you don't want to send the information. DO NOT allow SUPERAntiSpyware to protect your Home Page settings. On the Top Left select the Scan your computer button. Make sure there is a CHECK MARK on all Fixed Drives. Click "Perform a Complete Scan". Click "Next" to Repair issues found and reboot the computer when prompted to do so. __________________________________________________ STEP 4 Install and run Malwarebytes' Anti-Malware from Malwarebytes - (direct download) Accept all defaults for the installer Allow the program to update the definitions Click on the Quick Scan and click Next. If any items are found allow it to clean them and then Reboot your computer. __________________________________________________ STEP 5 Run an online scan with ESET from Free Virus Scan: Use ESET's Online Antivirus Scanner You must use Internet Explorer for this online scan. FireFox, Opera, etc will not work for this scan. If your computer is running Window's Vista, then you must first start Internet Explorer as an Administrator. To do so, right-click on the Internet Explorer icon in the Start Menu and select "Run as administrator" from the popup context menu. Accept the terms and click "Start". Once the scanner is ready, check "Remove found threats" AND "Scan unwanted applications". Click "Start" to begin the scan. When completed restart your computer __________________________________________________ Make sure your internet firewall security is enabled, and then please return to Extreme Tech Support - Free PC Help and tell us how the computer seems to be operating. At that time, you will receive instructions to assist you in removing malicious programs from your Add/Remove program list if warranted. If required this is the download link for TrendMicro™ HijackThis™ Unless instructed to by the Technician helping you then do not download this tool. Once you and the Technician agree that your system appears to be clean then you should delete all your System Restore points and recreate a new one. Please follow the instructions here How to turn off and turn on System Restore in Windows XP How to turn off and turn on System Restore in Windows Vista Quote Intel Q6600 @ 4Ghz (Watercooled)Asus P5K premium black pearl4GB OCZ Reaper 8500260GTX Join Free PC Help - Register here Donations are welcome - here PC Build We are all members helping other members.Please return here where you may be able to help someone else.After all, no one knows everything and you may have the answer that someone needs.
Guest dorsil Posted October 22, 2008 Posted October 22, 2008 thanks m8's,i did all recomended,because i had saved this before,i spent all the day scanning,and now i'm gonna scan the online scan,but everything is ok now thanks Quote
Guest dorsil Posted October 22, 2008 Posted October 22, 2008 why as i'm due to run the online scan the eser online page is freezing everything? Quote
Guest Wolfeymole Posted October 22, 2008 Posted October 22, 2008 Dorsil Do you have the XP disk for your machine? Quote
Guest dorsil Posted October 22, 2008 Posted October 22, 2008 hi,now ok i've made a re-start and now is scannig,found allready 3 threats,we'll see at the end thanks Quote
Guest Wolfeymole Posted October 22, 2008 Posted October 22, 2008 Let us know what happens mate. Quote
Guest dorsil Posted October 22, 2008 Posted October 22, 2008 i got these maybe are deleted with the scans i made during the dayfree scan.doc Quote
RandyL Posted October 22, 2008 Posted October 22, 2008 You should be clean now. Is everything still working OK? What Ashampoo products are you running? I hope it's not the antivirus because you already have Avast and you should never run two different AV programs. Quote We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.Get help with computer problems. Join Free PC Help here Donations are welcome. Read Here
Guest dorsil Posted October 22, 2008 Posted October 22, 2008 yes, it seems I’m clean now,and a bit faster , so i recommend what you said and all the tasks I made, it was needed a twice scan of each I had as stated earlier have a trial shampoo antispyware, but all happened is when I extracted a adobe Photoshop setup Quote
RandyL Posted October 22, 2008 Posted October 22, 2008 Good deal dorsil. Your log shows PC-Antispy as your start page which I think is spyware. Can you post another log now that you have run the scans twice. Perhaps seth will pop in and take a look at it. Quote We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.Get help with computer problems. Join Free PC Help here Donations are welcome. Read Here
Guest dorsil Posted October 23, 2008 Posted October 23, 2008 yes m8,here anothfile,but although is clean having the same things in the scanshijackthis.zip Quote
Guest Wolfeymole Posted October 23, 2008 Posted October 23, 2008 Please post the log unzipped please. Quote
Guest dorsil Posted October 23, 2008 Posted October 23, 2008 i've tried but it's telling me that hijackthis.log is an invalid file,any other method? thanks Quote
Guest Wolfeymole Posted October 23, 2008 Posted October 23, 2008 Copy the Notepad text back here like you did before. Quote
Guest Wolfeymole Posted October 23, 2008 Posted October 23, 2008 You should have simply copied the whole lot and pasted into your reply like so Dorsil Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:13:48 PM, on 10/23/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20900) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ANTIVIRUS SETUPS\AVAST ANTIVIRUS\aswUpdSv.exe C:\Program Files\ANTIVIRUS SETUPS\AVAST ANTIVIRUS\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ANTIVIRUS SETUPS\Ashampoo AntiSpyware\Ashampoo AntiSpyWare 2\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Cyberlink\Shared files\RichVideo.exe C:\Program Files\ANTIVIRUS SETUPS\AVAST ANTIVIRUS\ashMaiSv.exe C:\Program Files\ANTIVIRUS SETUPS\AVAST ANTIVIRUS\ashWebSv.exe C:\PROGRA~1\ANTIVI~1\AVASTA~1\ashDisp.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe C:\Program Files\DVD BURNING SETUPS\CyberLink PowerDVD Ultra 8.0.2021\PowerDVD8\PDVD8Serv.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DVD BURNING SETUPS\uTorrent.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\ANTIVIRUS SETUPS\HIJACK THIS\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {420959A7-1B3F-49EE-848E-6DE631A39223} - C:\WINDOWS\system32\yayvVMEV.dll (file missing) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\ANTIVI~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {58128320-9B10-4C1E-BEE6-8EA1E4947484} - C:\WINDOWS\system32\awttstQk.dll (file missing) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: (no name) - {F9533BCB-36F0-4697-942B-3FB3473CFE57} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ANTIVI~1\AVASTA~1\ashDisp.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\DVD BURNING SETUPS\CyberLink PowerDVD Ultra 8.0.2021\PowerDVD8\PDVD8Serv.exe" O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\DVD BURNING SETUPS\CyberLink PowerDVD Ultra 8.0.2021\PowerDVD8\Language\Language.exe" O4 - HKLM\..\Run: [74c5e9e4] rundll32.exe "C:\WINDOWS\system32\tuggvkif.dll",b O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-20\..\RunOnce: [iE7-11] rundll32 advpack.dll,LaunchINFSection NR_IE7en.inf,AfterUserStart (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [iE7-11] rundll32 advpack.dll,LaunchINFSection NR_IE7en.inf,AfterUserStart (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [iE7-11] rundll32 advpack.dll,LaunchINFSection NR_IE7en.inf,AfterUserStart (User 'Default user') O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\ANTIVI~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\ANTIVI~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O20 - Winlogon Notify: !SASWinLogon - C:\WINDOWS\ O20 - Winlogon Notify: khfExWME - khfExWME.dll (file missing) O20 - Winlogon Notify: yayvVMEV - yayvVMEV.dll (file missing) O23 - Service: Ashampoo AntiSpyWare 2 Service (AASW2_Service) - Unknown owner - C:\Program Files\ANTIVIRUS SETUPS\Ashampoo AntiSpyware\Ashampoo AntiSpyWare 2\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\ANTIVIRUS SETUPS\AVAST ANTIVIRUS\aswUpdSv.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\ANTIVIRUS SETUPS\AVAST ANTIVIRUS\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\ANTIVIRUS SETUPS\AVAST ANTIVIRUS\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\ANTIVIRUS SETUPS\AVAST ANTIVIRUS\ashWebSv.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe -- End of file - 6986 bytes Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.