We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
Pop up blocker.
Comments
-
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 20:12:26, on 08/03/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\sistray.EXE
C:\WINDOWS\system32\keyhook.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://ebanking.northernbank.co.uk/html/activex/e-Safekey/NB/e-Safekey.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 5132 bytesNorn Iron Club member 4730 -
fix this
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
then run combofix
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
and post that log fileEx forum ambassador
Long term forum member0 -
we need to do some serious updates to windows but leave that until it's cleanEx forum ambassador
Long term forum member0 -
Ok thanks, how do f ix this ?
copy ad paste that searchhook line?
or is it just one action:combofix that yuo gave me link to?Norn Iron Club member 4730 -
sorry, run hijackthis , tick that item and then click on the fix button
then download combofix and run thatEx forum ambassador
Long term forum member0 -
http://www.bleepingcomputer.com/images/favicon.ico
http://img.bleepingcomputer.com/navbars/home-navbar.gif
http://www.bleepingcomputer.com/forums/style_images/1/tile_back.gif
http://www.bleepingcomputer.com/forums/style_images/1/tile_sub.gif
http://www.bleepingcomputer.com/forums/style_images/1/nav.gif
http://www.bleepingcomputer.com/forums/style_images/1/nav_m.gif
http://static.2mdn.net/1836541/MicrosoftBIEB_TextAd_300x100_Asset6.swf?click!!!!!http%3A//ad.doubleclick.net/click%253Bh%253Dv8/3957/3/0/%252a/b%253B222848715%253B4-0%253B0%253B43701741%253B3823-300/100%253B35693157/35710998/1%253Bu%253D%252Cns-78829483_1268083150%252C1172f1ecee0055c%252Cit_general_opensource%252C%253B%257Eaopt%253D2/0/ff/1%253B%257Esscs%253D%253fhttp%3A//360itadvice.com/themes/360itadvice/msAssetLink.php%3Ftype%3DMS%2520Asset%26category%3DSharePoint%2520%3A%2520Proven%2520%3A%2520SP%2520Whitepaper%26name%3DReduce%2520Costs%2520with%2520SQL%2520Server%25202008%26link%3Dhttp%3A//360itadvice.com/twelve-ways-to-reduce-costs-with-sql-server-2008-2/
http://images.intellitxt.com/ast/adTypes/2_bing.gif
http://img.photobucket.com/albums/v666/sUBs/donate_3.gif
http://img.bleepingcomputer.com/combofix/en/download.jpg
http://img.bleepingcomputer.com/combofix/en/download-save.jpg
http://img.bleepingcomputer.com/combofix/en/cf-icon.jpg
http://img.bleepingcomputer.com/combofix/en/open-file-warning.jpg
http://img.bleepingcomputer.com/combofix/en/cf-preparing.jpg
http://img.bleepingcomputer.com/combofix/en/disclaimer.jpg
http://img.bleepingcomputer.com/combofix/en/erunt.jpg
http://img.bleepingcomputer.com/combofix/en/recovery-console-prompt.jpg
http://img.bleepingcomputer.com/combofix/en/recovery-console-installed.jpg
http://img.bleepingcomputer.com/combofix/en/autoscan.jpg
http://img.bleepingcomputer.com/combofix/en/still-scanning-clockchanges.jpg
http://img.bleepingcomputer.com/combofix/en/still-scanning-showing-stag.jpg
http://img.bleepingcomputer.com/combofix/en/preparing-log-report.jpg
http://img.bleepingcomputer.com/combofix/en/almost-done.jpg
http://img.bleepingcomputer.com/combofix/en/cf-log.jpg
http://img.bleepingcomputer.com/combofix/usage/rc.gif
http://img.bleepingcomputer.com/combofix/en/repair.jpg
http://img.bleepingcomputer.com/combofix/en/tray-repair.jpg
http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png
http://s0.2mdn.net/888452/PID_1257832_160x600_parent.swf
http://pagead2.googlesyndication.com/pagead/imgad?id=CKmPhNaD5OH6aRDQAhiYAjIIjsjpGFeKKPM
http://pagead2.googlesyndication.com/pagead/images/i.png
http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.pngNorn Iron Club member 4730 -
Is there an icon for nervous perspiration?!!!Norn Iron Club member 4730
-
whats all the images in post 17 ??Ex forum ambassador
Long term forum member0 -
I thought it was the log from combofix!
will try again
this is really hard.
It warned e about running AVG but i cant turn it off and dont want to uninstall it?What shld I do?Sorry, shall we resume tomorrow?Im taking up too much of your time.Norn Iron Club member 4730 -
Ex forum ambassador
Long term forum member0
This discussion has been closed.
Confirm your email address to Create Threads and Reply

Categories
- All Categories
- 350.2K Banking & Borrowing
- 252.8K Reduce Debt & Boost Income
- 453.2K Spending & Discounts
- 243.2K Work, Benefits & Business
- 597.6K Mortgages, Homes & Bills
- 176.5K Life & Family
- 256.2K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards