Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Windows Updater Hijacked-Log Attached

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Windows Updater Hijacked-Log Attached

Unread postby meangreene » September 28th, 2009, 4:43 pm

I usually run Malwarebytes Anti Malware every few days, and have noticed every time that there are 2 files that say windows updater hijacked (or something of that nature). Today I went in to see if I could update windows through automatic updates and was not able to do so. I have tried everything and nothing works! I use Avira as my anti virus as well as the Malwarebytes program. Neither are able to remove/repair this problem. Below is my log file. Any help is appreciated. Thanks! Oh...I am running Windows XP if that matters.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:31:49 PM, on 9/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Avira\AntiVir Desktop\sched.exe
F:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
F:\Program Files\Common Files\AOL\1201579038\ee\AOLSoftware.exe
F:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
F:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
F:\Program Files\Avira\AntiVir Desktop\avgnt.exe
F:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
F:\Program Files\QuickTime\QTTask.exe
F:\Program Files\Java\jre6\bin\jusched.exe
F:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
F:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
F:\Program Files\Avira\AntiVir Desktop\avguard.exe
F:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
F:\PROGRA~1\Webshots\Webshots.scr
F:\Program Files\Bonjour\mDNSResponder.exe
F:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
F:\Program Files\Java\jre6\bin\jqs.exe
F:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
F:\WINDOWS\system32\HPZipm12.exe
F:\Program Files\CyberLink\Shared Files\RichVideo.exe
F:\WINDOWS\system32\java.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\MsPMSPSv.exe
F:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
F:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
F:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
F:\Program Files\ATI Technologies\ATI.ACE\cli.exe
F:\Program Files\ATI Technologies\ATI.ACE\cli.exe
F:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
F:\WINDOWS\system32\dllhost.exe
F:\WINDOWS\explorer.exe
F:\Program Files\AOL 9.1a\waol.exe
F:\Program Files\AOL 9.1a\shellmon.exe
F:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=F:\WINDOWS\system32\userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {30d76d11-5e0b-4ea9-91f2-18a84bf68061} - (no file)
O2 - BHO: Torrents-Search-Engine Toolbar - {3b419ee1-1fa8-47b9-9aec-6b60ac2e3fca} - F:\Program Files\Torrents-Search-Engine\tbTor1.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Torrents-Search-Engine Toolbar - {3b419ee1-1fa8-47b9-9aec-6b60ac2e3fca} - F:\Program Files\Torrents-Search-Engine\tbTor1.dll
O4 - HKLM\..\Run: [ATICCC] "F:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [CTSysVol] F:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] F:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [HostManager] F:\Program Files\Common Files\AOL\1201579038\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [HP Software Update] F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NVMixerTray] "F:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TrayServer] F:\Program Files\MAGIX\Movie_Edit_Pro_14\TrayServer.exe
O4 - HKLM\..\Run: [MaxMenuMgr] "F:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [avgnt] "F:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [nmctxth] "F:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] F:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "F:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "F:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [AOL Fast Start] "F:\Program Files\AOL 9.1a\AOL.EXE" -b
O4 - Startup: Webshots.lnk = F:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.windowsupdate.com
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/ ... TSUEng.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/tes ... eGames.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 1580660796
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/B ... ofupld.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/67/i ... downls.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {e06e2e99-0aa1-11d4-aba6-0060082aa75c} -
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/ ... /CTPID.cab
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - F:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - F:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - F:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - F:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - F:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - F:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - F:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - F:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Linksys Updater (linksysupdater) - Unknown owner - F:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: NBService - Nero AG - F:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - F:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - F:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - F:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: UPnPService - Magix AG - F:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - F:\WINDOWS\

--
End of file - 11455 bytes
meangreene
Active Member
 
Posts: 8
Joined: September 28th, 2009, 4:37 pm
Advertisement
Register to Remove

Re: Windows Updater Hijacked-Log Attached

Unread postby MWR 3 day Mod » October 3rd, 2009, 12:29 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Windows Updater Hijacked-Log Attached

Unread postby peku006 » October 4th, 2009, 7:06 am

Hello and welcome to Malware Removal.

My name is peku006 and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

Please observe these rules while we work:

  • If you don't know or understand something please don't hesitate to ask
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • It is important that you reply to this thread. Do not start a new topic.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Absence of symptoms does not mean that everything is clear.

1 - Download and Run DDS

Please disable any anti-malware program that will block scripts from running before running DDS.

Please download DDS from one of the links below and save it to your desktop:

Image
Download DDS and save it to your desktop from Link1
Link2
Link3
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop.

2 - Status Check

Please reply with
  • DDS.txt
  • Attach.txt

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Windows Updater Hijacked-Log Attached

Unread postby meangreene » October 4th, 2009, 11:24 am

I ran DDS and have attached both logs as attachements. I want to begin with a huge thank you!
You do not have the required permissions to view the files attached to this post.
meangreene
Active Member
 
Posts: 8
Joined: September 28th, 2009, 4:37 pm

Re: Windows Updater Hijacked-Log Attached

Unread postby peku006 » October 4th, 2009, 11:46 am

Hi meangreene

Use of P2P (Person to Person) file sharing programs

I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

BitTorrent
DNA


Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them. Please remove it before we can continue any further. Post back when you have done it so we can continue the cleaning process.

NOTE: Even if you are using a safe P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

Make an uninstall list using HijackThis

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

Image

5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Windows Updater Hijacked-Log Attached

Unread postby meangreene » October 4th, 2009, 12:08 pm

OK, I uninstalled Bit Torrent and have attached the uninstall log from hijack this....

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
Adobe Shockwave Player 11.5
AMD Processor Driver
AOL Uninstaller (Choose which Products to Remove)
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
ATI HYDRAVISION
ATI Parental Control & Encoder
ATI Problem Report Wizard
AudibleManager
Avira AntiVir Personal - Free Antivirus
AVIVO Codecs
AVS DVD Player version 2.4
CardRd81
CCScore
Content Transfer
CR2
Creative MediaSource
Creative MediaSource 5
Creative Removable Disk Manager
Creative System Information
Creative ZEN V Series (R2)
Critical Update for Windows Media Player 11 (KB959772)
Digital Photo Navigator 1.5
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Download Updater (AOL LLC)
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
Firebird SQL Server - MAGIX Edition
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB945060-v3)
Hotfix for Windows XP (KB952287)
HP Customer Participation Program 7.0
HP Document Viewer 7.0
HP Imaging Device Functions 7.0
HP Photosmart Premier Software 6.5
HP Photosmart, Officejet and Deskjet 7.0.A
HP Solution Center 7.0
Java(TM) 6 Update 15
Java(TM) 6 Update 3
Java(TM) 6 Update 7
kgcbaby
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
Linksys EasyLink Advisor
Linksys EasyLink Advisor
MAGIX Goya burnR 1.3.1.3 (US)
MAGIX Movie Edit Pro 14 7.5.2.11 (US)
MAGIX PC Visit
MAGIX Photo Manager 2007 4.1.1.77 (US)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft DirectX Transform optional components
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft Office PowerPoint Viewer 2003
Microsoft Office Sounds
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB925673)
Music Transfer
Nero 7 Essentials
neroxml
netbrdg
NVIDIA Drivers
NvMixer
OCR Software by I.R.I.S 7.0
OfotoXMI
PowerCinema NE for Everio
PowerDirector Express
PowerProducer
QuickTime
Seagate Manager Installer
Seagate Manager Installer
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
SFR
SHASTA
skin0001
SKINXSDK
Sony Picture Utility
Sound Blaster Live! 24-bit
Spelling Dictionaries Support For Adobe Reader 8
staticcr
Torrents-Search-Engine Toolbar
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Viewpoint Media Player
VPRINTOL
WebEx Support Manager for Internet Explorer
Webshots Desktop
Windows Communication Foundation
Windows Imaging Component
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix - KB895316
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Resource Kit Tools - SubInAcl.exe
Windows Workflow Foundation
Windows XP Creativity Fun Packs - Windows Movie Maker 2
Windows XP Service Pack 3
WinZip
WIRELESS
ZENcast Organizer
meangreene
Active Member
 
Posts: 8
Joined: September 28th, 2009, 4:37 pm

Re: Windows Updater Hijacked-Log Attached

Unread postby peku006 » October 4th, 2009, 12:45 pm

Hi meangreene

still problems with Windows updates ?

1 - Run Malwarebytes' Anti-Malware

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

2 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

3 - Status Check
Please reply with

1. the Malwarebytes' Anti-Malware Log
2. a fresh HijackThis log

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Windows Updater Hijacked-Log Attached

Unread postby meangreene » October 4th, 2009, 6:39 pm

Here is the Malware log:

Malwarebytes' Anti-Malware 1.41
Database version: 2905
Windows 5.1.2600 Service Pack 3

10/4/2009 5:28:51 PM
mbam-log-2009-10-04 (17-28-51).txt

Scan type: Full Scan (C:\|F:\|)
Objects scanned: 258930
Time elapsed: 2 hour(s), 13 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
meangreene
Active Member
 
Posts: 8
Joined: September 28th, 2009, 4:37 pm

Re: Windows Updater Hijacked-Log Attached

Unread postby meangreene » October 4th, 2009, 6:42 pm

And here is the Hijack This log:

I noticed at the end of the log it says that Automatic Updayes shows an "Unknown User"...hmmmm......anyway, all help is GREATLY appreciated!!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:39:05 PM, on 10/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Avira\AntiVir Desktop\sched.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
F:\Program Files\Avira\AntiVir Desktop\avguard.exe
F:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
F:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
F:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
F:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
F:\Program Files\Common Files\AOL\1201579038\ee\AOLSoftware.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Java\jre6\bin\jqs.exe
F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
F:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
F:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
F:\Program Files\Avira\AntiVir Desktop\avgnt.exe
F:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
F:\Program Files\QuickTime\QTTask.exe
F:\WINDOWS\system32\HPZipm12.exe
F:\Program Files\Java\jre6\bin\jusched.exe
F:\Program Files\CyberLink\Shared Files\RichVideo.exe
F:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\MsPMSPSv.exe
F:\Program Files\AOL 9.1a\waol.exe
F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
F:\PROGRA~1\Webshots\Webshots.scr
F:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
F:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
F:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
F:\WINDOWS\system32\java.exe
F:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
F:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
F:\WINDOWS\system32\msiexec.exe
F:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
F:\Program Files\ATI Technologies\ATI.ACE\cli.exe
F:\Program Files\ATI Technologies\ATI.ACE\cli.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\AOL 9.1a\shellmon.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=F:\WINDOWS\system32\userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {30d76d11-5e0b-4ea9-91f2-18a84bf68061} - (no file)
O2 - BHO: Torrents-Search-Engine Toolbar - {3b419ee1-1fa8-47b9-9aec-6b60ac2e3fca} - F:\Program Files\Torrents-Search-Engine\tbTor1.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Torrents-Search-Engine Toolbar - {3b419ee1-1fa8-47b9-9aec-6b60ac2e3fca} - F:\Program Files\Torrents-Search-Engine\tbTor1.dll
O4 - HKLM\..\Run: [ATICCC] "F:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [CTSysVol] F:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] F:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [HostManager] F:\Program Files\Common Files\AOL\1201579038\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [HP Software Update] F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NVMixerTray] "F:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TrayServer] F:\Program Files\MAGIX\Movie_Edit_Pro_14\TrayServer.exe
O4 - HKLM\..\Run: [MaxMenuMgr] "F:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [avgnt] "F:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [nmctxth] "F:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] F:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "F:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "F:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [AOL Fast Start] "F:\Program Files\AOL 9.1a\AOL.EXE" -b
O4 - Startup: Webshots.lnk = F:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.windowsupdate.com
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/ ... TSUEng.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/tes ... eGames.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 1580660796
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/B ... ofupld.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/67/i ... downls.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {e06e2e99-0aa1-11d4-aba6-0060082aa75c} -
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/ ... /CTPID.cab
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - F:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - F:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - F:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - F:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - F:\WINDOWS\
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - F:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - F:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Linksys Updater (linksysupdater) - Unknown owner - F:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: NBService - Nero AG - F:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - F:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - F:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - F:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: UPnPService - Magix AG - F:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - F:\WINDOWS\

--
End of file - 11347 bytes
meangreene
Active Member
 
Posts: 8
Joined: September 28th, 2009, 4:37 pm

Re: Windows Updater Hijacked-Log Attached

Unread postby peku006 » October 6th, 2009, 2:04 am

Hi meangreene

1 - Remove bad HijackThis entries
  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
      O2 - BHO: (no name) - {30d76d11-5e0b-4ea9-91f2-18a84bf68061} - (no file)

  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

2 - Clean temp files

    Download and Run ATF Cleaner
    Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.Double-click ATF Cleaner.exe to open it.

    Under Main choose:
      Windows Temp
      Current User Temp
      All Users Temp
      Temporary Internet Files
      Prefetch
      Java Cache

      *The other boxes are optional*
      Then click the Empty Selected button.
    if you use Firefox:
      Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
    if you use Opera:
      Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Click Exit on the Main menu to close the program

3 - Kaspersky Online Scan

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.

4 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

5 - Status Check
Please reply with

1. the Kaspersky online scanner report
2. a fresh HijackThis log
How's the computer running now? Any problems?

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Windows Updater Hijacked-Log Attached

Unread postby meangreene » October 7th, 2009, 10:03 pm

Kaspersky did not detect any threats at all, so the log is blank. Here is the new Hijack This log:

I am going to try to run Widows Update now...and I am STILL getting the following error message:


Error number: 0x80070002

The website has encountered a problem and cannot display the page you are trying to view. The options provided below might help you solve the problem.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:57:36 PM, on 10/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Avira\AntiVir Desktop\sched.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
F:\Program Files\Avira\AntiVir Desktop\avguard.exe
F:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
F:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
F:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
F:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
F:\Program Files\Common Files\AOL\1201579038\ee\AOLSoftware.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Java\jre6\bin\jqs.exe
F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
F:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
F:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
F:\Program Files\Avira\AntiVir Desktop\avgnt.exe
F:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
F:\Program Files\QuickTime\QTTask.exe
F:\WINDOWS\system32\HPZipm12.exe
F:\Program Files\Java\jre6\bin\jusched.exe
F:\Program Files\CyberLink\Shared Files\RichVideo.exe
F:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\MsPMSPSv.exe
F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
F:\PROGRA~1\Webshots\Webshots.scr
F:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
F:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
F:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
F:\WINDOWS\system32\java.exe
F:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
F:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
F:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
F:\Program Files\ATI Technologies\ATI.ACE\cli.exe
F:\Program Files\ATI Technologies\ATI.ACE\cli.exe
F:\Program Files\AOL 9.1a\waol.exe
F:\Program Files\AOL 9.1a\shellmon.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\WINDOWS\system32\wscntfy.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Java\jre6\bin\java.exe
F:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=F:\WINDOWS\system32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Torrents-Search-Engine Toolbar - {3b419ee1-1fa8-47b9-9aec-6b60ac2e3fca} - F:\Program Files\Torrents-Search-Engine\tbTor1.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Torrents-Search-Engine Toolbar - {3b419ee1-1fa8-47b9-9aec-6b60ac2e3fca} - F:\Program Files\Torrents-Search-Engine\tbTor1.dll
O4 - HKLM\..\Run: [ATICCC] "F:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [CTSysVol] F:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] F:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [HostManager] F:\Program Files\Common Files\AOL\1201579038\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [HP Software Update] F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NVMixerTray] "F:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TrayServer] F:\Program Files\MAGIX\Movie_Edit_Pro_14\TrayServer.exe
O4 - HKLM\..\Run: [MaxMenuMgr] "F:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [avgnt] "F:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [nmctxth] "F:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] F:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "F:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "F:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [AOL Fast Start] "F:\Program Files\AOL 9.1a\AOL.EXE" -b
O4 - Startup: Webshots.lnk = F:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.windowsupdate.com
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/ ... TSUEng.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/tes ... eGames.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 1580660796
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/B ... ofupld.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/67/i ... downls.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {e06e2e99-0aa1-11d4-aba6-0060082aa75c} -
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/ ... /CTPID.cab
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - F:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - F:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - F:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - F:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - F:\WINDOWS\
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - F:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - F:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Linksys Updater (linksysupdater) - Unknown owner - F:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: NBService - Nero AG - F:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - F:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - F:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - F:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: UPnPService - Magix AG - F:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - F:\WINDOWS\

--
End of file - 11277 bytes
meangreene
Active Member
 
Posts: 8
Joined: September 28th, 2009, 4:37 pm

Re: Windows Updater Hijacked-Log Attached

Unread postby peku006 » October 8th, 2009, 1:57 am

Hi meangreene

maybe this page helps you update problem
You receive a "0x80070002" or "0x80070003" error code after you download an update from Windows Update, from Microsoft Update, or from Windows Server Update Services

Remove bad HijackThis entries
  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

      O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
      O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -

  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

Please reply with
a fresh HijackThis log

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Windows Updater Hijacked-Log Attached

Unread postby meangreene » October 8th, 2009, 6:53 am

Fresh log attached:

I am going to also try the steps on the link you provided...thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:39:05 PM, on 10/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Avira\AntiVir Desktop\sched.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
F:\Program Files\Avira\AntiVir Desktop\avguard.exe
F:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
F:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
F:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
F:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
F:\Program Files\Common Files\AOL\1201579038\ee\AOLSoftware.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Java\jre6\bin\jqs.exe
F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
F:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
F:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
F:\Program Files\Avira\AntiVir Desktop\avgnt.exe
F:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
F:\Program Files\QuickTime\QTTask.exe
F:\WINDOWS\system32\HPZipm12.exe
F:\Program Files\Java\jre6\bin\jusched.exe
F:\Program Files\CyberLink\Shared Files\RichVideo.exe
F:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\MsPMSPSv.exe
F:\Program Files\AOL 9.1a\waol.exe
F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
F:\PROGRA~1\Webshots\Webshots.scr
F:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
F:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
F:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
F:\WINDOWS\system32\java.exe
F:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
F:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
F:\WINDOWS\system32\msiexec.exe
F:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
F:\Program Files\ATI Technologies\ATI.ACE\cli.exe
F:\Program Files\ATI Technologies\ATI.ACE\cli.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\AOL 9.1a\shellmon.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=F:\WINDOWS\system32\userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {30d76d11-5e0b-4ea9-91f2-18a84bf68061} - (no file)
O2 - BHO: Torrents-Search-Engine Toolbar - {3b419ee1-1fa8-47b9-9aec-6b60ac2e3fca} - F:\Program Files\Torrents-Search-Engine\tbTor1.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Torrents-Search-Engine Toolbar - {3b419ee1-1fa8-47b9-9aec-6b60ac2e3fca} - F:\Program Files\Torrents-Search-Engine\tbTor1.dll
O4 - HKLM\..\Run: [ATICCC] "F:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [CTSysVol] F:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] F:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [HostManager] F:\Program Files\Common Files\AOL\1201579038\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [HP Software Update] F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NVMixerTray] "F:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TrayServer] F:\Program Files\MAGIX\Movie_Edit_Pro_14\TrayServer.exe
O4 - HKLM\..\Run: [MaxMenuMgr] "F:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [avgnt] "F:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [nmctxth] "F:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] F:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "F:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "F:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [AOL Fast Start] "F:\Program Files\AOL 9.1a\AOL.EXE" -b
O4 - Startup: Webshots.lnk = F:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.windowsupdate.com
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/ ... TSUEng.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/tes ... eGames.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 1580660796
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/B ... ofupld.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/67/i ... downls.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {e06e2e99-0aa1-11d4-aba6-0060082aa75c} -
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/ ... /CTPID.cab
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - F:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - F:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - F:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - F:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - F:\WINDOWS\
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - F:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - F:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Linksys Updater (linksysupdater) - Unknown owner - F:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: NBService - Nero AG - F:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - F:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - F:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - F:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: UPnPService - Magix AG - F:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - F:\WINDOWS\

--
End of file - 11347 bytes
meangreene
Active Member
 
Posts: 8
Joined: September 28th, 2009, 4:37 pm

Re: Windows Updater Hijacked-Log Attached

Unread postby peku006 » October 9th, 2009, 1:44 am

Hi meangreene

How's the computer running now?
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Windows Updater Hijacked-Log Attached

Unread postby NonSuch » October 13th, 2009, 2:34 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27300
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 56 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware