hpprintspool.exe

  • Luminar21
  • Newbie
  • Newbie
  • Luminar21
  • Posts: 10

Post 3+ Months Ago

i came upon this problem about 2-3 day's ago, ".make sure the path or internet address is correct"? i can find the bad program in registry but cant find it anywhere on my pc from a search heres a HJT log...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:02:12 PM, on 12/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\UnHackMe\hackmon.exe
C:\program files\steam\steam.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\regedit.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [BHR] C:\Program Files\Zamaan's Software\Browser Hijack Retaliator 4.5\BHR.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UnHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 7053 bytes
  • Don2007
  • Web Master
  • Web Master
  • Don2007
  • Posts: 4923
  • Loc: NY

Post 3+ Months Ago

There is nothing there that is "bad" although there are things that I wouldn't have on my PC.

Download, update & run anti malware from malwarebytes.org
  • Luminar21
  • Newbie
  • Newbie
  • Luminar21
  • Posts: 10

Post 3+ Months Ago

i ran a scan earlier and it found nothing, but everytime i click on a link, open a new tab or window, a error message pops up ".make sure the path or internet address is correct." then when i close the error message a new homepage window opens, i even get redirected to other websites now when i click on links.
  • Don2007
  • Web Master
  • Web Master
  • Don2007
  • Posts: 4923
  • Loc: NY

Post 3+ Months Ago

What scan did you run? Was it the scan I suggested?
  • Luminar21
  • Newbie
  • Newbie
  • Luminar21
  • Posts: 10

Post 3+ Months Ago

Don2007 wrote:
What scan did you run? Was it the scan I suggested?



i ran a full scan earlier, but updated it and running another full scan, i also have these very suspicious files in the system 32 with japanese names that are hidden, and only avira is able to detect some of them, i google the names and they turn out to be viruses...
  • Don2007
  • Web Master
  • Web Master
  • Don2007
  • Posts: 4923
  • Loc: NY

Post 3+ Months Ago

Try to unhide & delete the files. Do it in safe mode if necessary

Open a command prompt.
cd \windows\system32

attrib -s *.*
attrib -h *.*
del jap_files

If you need unlocker to unlock them, download it.

You can also try combo fix.

Another idea is to boot the machine with backtrack or some other linux or unix CD & delete them that way.
  • Luminar21
  • Newbie
  • Newbie
  • Luminar21
  • Posts: 10

Post 3+ Months Ago

68 objects with the logfile just in case...
Malwarebytes' Anti-Malware 1.42
Database version: 3289
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/4/2009 3:52:33 PM
mbam-log-2009-12-04 (15-52-26).txt

Scan type: Full Scan (C:\|)
Objects scanned: 305473
Time elapsed: 1 hour(s), 38 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 67

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Security Tool (Rogue.SecurityTool) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\mark\Application Data\PC\faq (Rogue.ControlCenter) -> No action taken.
C:\Documents and Settings\mark\Application Data\PC\faq\images (Rogue.ControlCenter) -> No action taken.

Files Infected:
C:\WINDOWS\system32\legadaza.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\yugovuji.dll (Trojan.Vundo.H) -> No action taken.
C:\PCSX2_0.9.6_binary\Pcsx2\plugins\PadSSSPSX.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\fedavive.exe (Trojan.Dropper) -> No action taken.
C:\WINDOWS\system32\config\default.LOG (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\config\SAM.LOG (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\config\SECURITY.LOG (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\config\software.LOG (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\config\system.LOG (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\CatRoot2\edb.log (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\CatRoot2\tmp.edb (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\Temp\Perflib_Perfdata_614.dat (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\Temp\Perflib_Perfdata_7b8.dat (Trojan.Vundo.H) -> No action taken.
C:\System Volume Information\_restore{5DA55492-48B9-4FBB-8EF6-2448D0AE4765}\RP21\A0005783.exe (Trojan.Dropper) -> No action taken.
C:\System Volume Information\_restore{5DA55492-48B9-4FBB-8EF6-2448D0AE4765}\RP21\A0005767.exe (Trojan.Vundo.H) -> No action taken.
C:\System Volume Information\_restore{5DA55492-48B9-4FBB-8EF6-2448D0AE4765}\RP21\A0005769.exe (Rogue.SystemSecurity) -> No action taken.
C:\System Volume Information\_restore{5DA55492-48B9-4FBB-8EF6-2448D0AE4765}\RP21\A0005770.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{5DA55492-48B9-4FBB-8EF6-2448D0AE4765}\RP21\A0005771.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{5DA55492-48B9-4FBB-8EF6-2448D0AE4765}\RP21\A0005772.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{5DA55492-48B9-4FBB-8EF6-2448D0AE4765}\RP21\A0005773.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{5DA55492-48B9-4FBB-8EF6-2448D0AE4765}\RP21\A0005777.exe (Trojan.Dropper) -> No action taken.
C:\System Volume Information\_restore{5DA55492-48B9-4FBB-8EF6-2448D0AE4765}\RP21\A0005782.exe (Trojan.Dropper) -> No action taken.
C:\System Volume Information\_restore{5DA55492-48B9-4FBB-8EF6-2448D0AE4765}\RP21\A0005784.exe (Trojan.Dropper) -> No action taken.
C:\System Volume Information\_restore{5DA55492-48B9-4FBB-8EF6-2448D0AE4765}\RP21\A0005785.exe (Trojan.Dropper) -> No action taken.
C:\System Volume Information\_restore{5DA55492-48B9-4FBB-8EF6-2448D0AE4765}\RP21\A0005790.exe (Trojan.Dropper) -> No action taken.
C:\System Volume Information\_restore{5DA55492-48B9-4FBB-8EF6-2448D0AE4765}\RP21\A0005804.exe (Trojan.Dropper) -> No action taken.
C:\System Volume Information\_restore{5DA55492-48B9-4FBB-8EF6-2448D0AE4765}\RP21\A0005813.exe (Trojan.Dropper) -> No action taken.
C:\System Volume Information\_restore{5DA55492-48B9-4FBB-8EF6-2448D0AE4765}\RP21\A0005816.exe (Trojan.Dropper) -> No action taken.
C:\System Volume Information\_restore{5DA55492-48B9-4FBB-8EF6-2448D0AE4765}\RP21\A0005817.exe (Trojan.Dropper) -> No action taken.
C:\System Volume Information\_restore{5DA55492-48B9-4FBB-8EF6-2448D0AE4765}\RP21\A0005818.exe (Trojan.Dropper) -> No action taken.
C:\System Volume Information\_restore{5DA55492-48B9-4FBB-8EF6-2448D0AE4765}\RP21\A0005831.exe (Trojan.Dropper) -> No action taken.
C:\System Volume Information\_restore{5DA55492-48B9-4FBB-8EF6-2448D0AE4765}\RP21\A0005833.exe (Trojan.Dropper) -> No action taken.
C:\System Volume Information\_restore{5DA55492-48B9-4FBB-8EF6-2448D0AE4765}\RP21\A0005834.exe (Trojan.Dropper) -> No action taken.
C:\System Volume Information\_restore{5DA55492-48B9-4FBB-8EF6-2448D0AE4765}\RP22\A0005859.dll (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\avguard.tmp (Trojan.Vundo.H) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\MiniMessage\2 (Trojan.Vundo.H) -> No action taken.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat (Trojan.Vundo.H) -> No action taken.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG (Trojan.Vundo.H) -> No action taken.
C:\Documents and Settings\mark\Desktop\pcsx2-r1648\plugins\PadSSSPSX.dll (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\mark\Desktop\PCSX2_0.9.6_binary\Pcsx2\plugins\PadSSSPSX.dll (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\mark\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{FDA483E5-E121-11DE-AC21-0016E68836A3}.dat (Trojan.Vundo.H) -> No action taken.
C:\Documents and Settings\mark\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{FDA483E6-E121-11DE-AC21-0016E68836A3}.dat (Trojan.Vundo.H) -> No action taken.
C:\Documents and Settings\mark\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{FDA483E8-E121-11DE-AC21-0016E68836A3}.dat (Trojan.Vundo.H) -> No action taken.
C:\Documents and Settings\mark\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{FDA483EA-E121-11DE-AC21-0016E68836A3}.dat (Trojan.Vundo.H) -> No action taken.
C:\Documents and Settings\mark\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat (Trojan.Vundo.H) -> No action taken.
C:\Documents and Settings\mark\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG (Trojan.Vundo.H) -> No action taken.
C:\Documents and Settings\mark\Local Settings\Application Data\pndbyx\glknsysguard.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\mark\Local Settings\Temp\~DFAE45.tmp (Trojan.Vundo.H) -> No action taken.
C:\Documents and Settings\mark\Local Settings\Temp\~DFCF96.tmp (Trojan.Vundo.H) -> No action taken.
C:\Documents and Settings\mark\Local Settings\Temp\~DFD334.tmp (Trojan.Vundo.H) -> No action taken.
C:\Documents and Settings\mark\Local Settings\Temp\~DFD821.tmp (Trojan.Vundo.H) -> No action taken.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat (Trojan.Vundo.H) -> No action taken.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG (Trojan.Vundo.H) -> No action taken.
C:\Documents and Settings\mark\Application Data\PC\faq\images\gimg1.jpg (Rogue.ControlCenter) -> No action taken.
C:\Documents and Settings\mark\Application Data\PC\faq\images\gimg10.jpg (Rogue.ControlCenter) -> No action taken.
C:\Documents and Settings\mark\Application Data\PC\faq\images\gimg2.jpg (Rogue.ControlCenter) -> No action taken.
C:\Documents and Settings\mark\Application Data\PC\faq\images\gimg3.jpg (Rogue.ControlCenter) -> No action taken.
C:\Documents and Settings\mark\Application Data\PC\faq\images\gimg4.jpg (Rogue.ControlCenter) -> No action taken.
C:\Documents and Settings\mark\Application Data\PC\faq\images\gimg5.jpg (Rogue.ControlCenter) -> No action taken.
C:\Documents and Settings\mark\Application Data\PC\faq\images\gimg6.jpg (Rogue.ControlCenter) -> No action taken.
C:\Documents and Settings\mark\Application Data\PC\faq\images\gimg7.jpg (Rogue.ControlCenter) -> No action taken.
C:\Documents and Settings\mark\Application Data\PC\faq\images\gimg8.jpg (Rogue.ControlCenter) -> No action taken.
C:\Documents and Settings\mark\Application Data\PC\faq\images\gimg9.jpg (Rogue.ControlCenter) -> No action taken.
C:\Documents and Settings\mark\Local Settings\Temp\e.exe (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\mark\Application Data\PC\Uninstall.exe (Trojan.FakeAlert) -> No action taken.
  • Don2007
  • Web Master
  • Web Master
  • Don2007
  • Posts: 4923
  • Loc: NY

Post 3+ Months Ago

Didn't you tell it to fix those files? Why does it say no action taken.
  • Luminar21
  • Newbie
  • Newbie
  • Luminar21
  • Posts: 10

Post 3+ Months Ago

Don2007 wrote:
Didn't you tell it to fix those files? Why does it say no action taken.



i got it to fix, it was right after the scan.
  • Don2007
  • Web Master
  • Web Master
  • Don2007
  • Posts: 4923
  • Loc: NY

Post 3+ Months Ago

Is everything Ok now?
  • Luminar21
  • Newbie
  • Newbie
  • Luminar21
  • Posts: 10

Post 3+ Months Ago

Don2007 wrote:
Is everything Ok now?



well the make sure the path to the adress error is back, got japanese letters, everytime i open a new window, tab or click on a link, if i close it another homepage pops up, then i get redirected most of the time after clicking on a link, running another full scan.
  • Don2007
  • Web Master
  • Web Master
  • Don2007
  • Posts: 4923
  • Loc: NY

Post 3+ Months Ago

Try combo fix next or search the registry for the jap files.
  • Luminar21
  • Newbie
  • Newbie
  • Luminar21
  • Posts: 10

Post 3+ Months Ago

i tried combo fix yesterday and the IE bug stopped but came back again today, i ran combo fix again today, gonna run malwarebytes again, heres a hjt log...

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gomicrosoftcom/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://gomicrosoftcom/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://gomicrosoftco/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://wwwgooglecom
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbaraskcom/toolbarv/askRedire ... ct=&gc=1&q
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://wwwgooglecom
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [UnHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://ladsmyspacecom/upload/MySpaceUploader1006.cab
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 6625 bytes
  • Don2007
  • Web Master
  • Web Master
  • Don2007
  • Posts: 4923
  • Loc: NY

Post 3+ Months Ago

Why don't the start page & other links in R1 & R0 not have any dots in them?

As I said in my first response, there was nothing bad but there were some things that I just wouldn't have. ask toolbar is one. What's that tuneup thing & the unhackme thing?

I'm also starting to wonder if your DNS was hijacked. It usually shows in hijack this but run ipconfig /all from a command prompt. Post the output.
  • Luminar21
  • Newbie
  • Newbie
  • Luminar21
  • Posts: 10

Post 3+ Months Ago

Don2007 wrote:
Why don't the start page & other links in R1 & R0 not have any dots in them?

As I said in my first response, there was nothing bad but there were some things that I just wouldn't have. ask toolbar is one. What's that tuneup thing & the unhackme thing?

I'm also starting to wonder if your DNS was hijacked. It usually shows in hijack this but run ipconfig /all from a command prompt. Post the output.



wont allow me to post anything with dots, the tune up is a registry cleaner program, and unhackme detects rookits and scans on start up to remove bad dll and bad start up files, like security tool which claims theres a virus and tries to scam money from people to download a program.
i cant use the ip config but here's my path %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\QuickTime\QTSystem
  • Don2007
  • Web Master
  • Web Master
  • Don2007
  • Posts: 4923
  • Loc: NY

Post 3+ Months Ago

Are you saying that ozzu won't let you post any URLs in the hijack this logs?

Why can't you run ipconfig /all from a command prompt?
  • Luminar21
  • Newbie
  • Newbie
  • Luminar21
  • Posts: 10

Post 3+ Months Ago

Don2007 wrote:
Are you saying that ozzu won't let you post any URLs in the hijack this logs?

Why can't you run ipconfig /all from a command prompt?



indeed, not sure why about the command.
  • Don2007
  • Web Master
  • Web Master
  • Don2007
  • Posts: 4923
  • Loc: NY

Post 3+ Months Ago

I see complete URLs in other posts.
  • Luminar21
  • Newbie
  • Newbie
  • Luminar21
  • Posts: 10

Post 3+ Months Ago

my solution may be fixed, i got the blue screeen of death, i used my system restore disc, went on my bro's comp the today and noticed he was getting redirected to websites with certain icons, our router may be hijacked....

Post Information

  • Total Posts in this topic: 19 posts
  • Users browsing this forum: No registered users and 70 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
cron
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.