Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

hijack of Opera browser

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

hijack of Opera browser

Unread postby Fac51 » November 14th, 2009, 8:20 pm

Opera has started opening new windows 3 at a time with mostly dead links.I have run 5 malware scanners and 2 full virus scans (avg and a on-line one)with no results.I'm usually ok with tech stuff but this one has me stumped.
Any help would be much appreciated


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:05:02, on 15/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Vtune\TBPanel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Nero\Nero8\Nero StartSmart\NeroStartSmart.exe
C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe
C:\Documents and Settings\Administrator\My

Documents\Downloads\malware\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride

= *.local
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Conversion Toolbar Helper -

{AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat

8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE

C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program

Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [TBPanel] C:\Program Files\Vtune\TBPanel.exe /A
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL

SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User

'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User

'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User

'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Append to existing PDF - res://C:\Program

Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program

Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF -

res://C:\Program Files\Adobe\Acrobat

8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF -

res://C:\Program Files\Adobe\Acrobat

8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF -

res://C:\Program Files\Adobe\Acrobat

8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program

Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program

Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program

Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote -

{2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.microsoft.com/windowsupda ... eb_site.ca

b?1254341750562
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program

Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program

Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program

Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. -

C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. -

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour

Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program

Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems,

Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program

Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService)

- Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program

Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common

Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program

Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. -

C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner -

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 8118 bytes
Fac51
Active Member
 
Posts: 3
Joined: November 14th, 2009, 8:11 pm
Advertisement
Register to Remove

Re: hijack of Opera browser

Unread postby askey127 » November 17th, 2009, 8:02 pm

Hi Fac51,
Please go into Notepad , click the Format menu and Uncheck Wordwrap.
We are set up to read long lines, and word wrap makes it difficult.
-----------------------------------------------------------
Remove Registry items with HighjackThis. Start HijackThis.
Click Do System Scan Only. When the Scan is complete, Check the following entries:
(Some of these lines may be missing)
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Make sure Every other window except HJT is closed (No other tabs showing in the bottom tray), and Click Fix Checked
Click the "X" in the upper right corner of the HiJackThis window to close it.
-----------------------------------------------------------
REBOOT Your Machine
-----------------------------------------------------------
Post a New HiJackThis Log
Start HijackThis
Click Do System Scan and Save a Log File.
When the Scan is complete, select the whole log (Ctrl-A), copy and paste the log contents in a reply.
-----------------------------------------------------------
Retrieve the List of Installed programs Using HJT
Open HijackThis, click Open The Misc Tools Section. Then scroll down the list if you need to, click Open Uninstall Manager and Save List...
The List of installed programs will automatically be saved as uninstall_list.txt in your HiJackThis folder.
In addition, the list opens in Notepad so you can also save as another name in another location if you wish.
Please paste the contents into your next reply.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: hijack of Opera browser

Unread postby Fac51 » November 18th, 2009, 5:36 pm

Hi thanks for your reply,I've followed your instructions on deleting the entries and the information u asked for is listed below :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:28:31, on 18/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Vtune\TBPanel.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\malware\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [TBPanel] C:\Program Files\Vtune\TBPanel.exe /A
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4341750562
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 7687 bytes


µTorrent
Active@ Partition Manager
Add or Remove Adobe Creative Suite 3 Design Premium
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Recommended Settings
Adobe Color JA Extra Settings
Adobe Color NA Extra Settings
Adobe Creative Suite 3 Design Premium
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Player 9 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 9.2
Adobe Setup
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
AMD Processor Driver
Ares 2.1.1
AVG Free 8.5
AVS DVD Player version 2.4
Boilsoft Video Joiner 5.32
BroadJump Client Foundation
Browser Hijack Recover(BHR) 3.0
Call of Duty
CCleaner (remove only)
CDBurnerXP
CDDRV_Installer
Clock G2
Clock G2 Freeware Edition
Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro 7.07
DVD Flick 1.3.0.7
DVD Suite
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.0.8 Be
DVDInfoPro
EASEUS Partition Master 4.0 Home Edition
Eraser 5.8.7
erLT
FormatFactory 2.10
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
HP Customer Participation Program 7.0
HP Imaging Device Functions 7.0
HP Photosmart Essential
HP Photosmart, Officejet and Deskjet 7.0.A
HP Product Assistant
HP Solution Center 7.0
HP Update
ImgBurn
IsoBuster 2.6
Java(TM) 6 Update 15
Java(TM) 6 Update 3
KhalInstallWrapper
LG ODD Auto Firmware Update
LightScribe Applications
LightScribe System Software
LightScribe Template Labeler
Logitech SetPoint
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Expression Web
Microsoft Expression Web
Microsoft Expression Web MUI (English)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (English) 2007
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MSXML 4.0 SP2 (KB954430)
Nero 8 Essentials
neroxml
NVIDIA Drivers
NVIDIA PhysX
OCR Software by I.R.I.S 7.0
OpenOffice.org 2.3
Opera 10.01
PDF Settings
PerformanceTest v7.0
PowerDVD
PowerProducer
Prince of Persia Warrior Within
RAR File Open Knife - Free Opener
RealPlayer
Realtek High Definition Audio Driver
ScanSpyware 3.9.1.9
SecurDisc Viewer
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Sony Ericsson PC Suite 5.007.01
SUPERAntiSpyware Free Edition
Test My Hardware 3.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VCRedistSetup
VIA Platform Device Manager
Vtune 7.5
Vuze
WinAVIVideoConverter
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Fac51
Active Member
 
Posts: 3
Joined: November 14th, 2009, 8:11 pm

Re: hijack of Opera browser

Unread postby askey127 » November 19th, 2009, 7:11 am

Fac51,
-----------------------------------------------
Please Note Our Policy on the Use of P2P (Person to Person / Peer to Peer) file sharing programs
It is posted here: http://malwareremoval.com/forum/viewtopic.php?f=11&t=33112
As a condition of receiving our help, I have included the P2P programs utorrent and Ares in the removal instructions below, so we are not wasting our time.
-----------------------------------------------------------
Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :

utorrent
Ares 2.1.1
ScanSpyware 3.9.1.9

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT Your Machine
---------------------------------------------
Run CKScanner
Download CKScanner from here:http://downloads.malwareremoval.com/CKScanner.exe
Important - Save it to your desktop.
Doubleclick CKScanner.exe and click Search For Files.
After a couple minutes or less, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved.

Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
-----------------------------------------------------------
Post a New HiJackThis Log
Start HijackThis
Click Do System Scan and Save a Log File.
When the Scan is complete, select the whole log (Ctrl-A), copy and paste the log contents in a reply.

So we are looking for the log from CKScanner, and the new log from HiJackThis
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: hijack of Opera browser

Unread postby Fac51 » November 19th, 2009, 5:54 pm

Hi all software removed and the info u requested is below.

CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\administrator\desktop\desktop\imtoo dvd creator v2.0.10.0612\keygen\keygen.exe
c:\documents and settings\administrator\desktop\todisk\inferno dvd\!top secret\albw album wrap extractor & maker + crack.rar
c:\documents and settings\administrator\desktop\todisk\inferno dvd\aio big collection of portables\pass crackers\advanced archive password recovery\all_printable.chr
c:\documents and settings\administrator\desktop\todisk\inferno dvd\aio big collection of portables\pass crackers\advanced archive password recovery\archpr.cmd
c:\documents and settings\administrator\desktop\todisk\inferno dvd\aio big collection of portables\pass crackers\advanced archive password recovery\archpr.cnt
c:\documents and settings\administrator\desktop\todisk\inferno dvd\aio big collection of portables\pass crackers\advanced archive password recovery\archpr.exe
c:\documents and settings\administrator\desktop\todisk\inferno dvd\aio big collection of portables\pass crackers\advanced archive password recovery\archpr.hlp
c:\documents and settings\administrator\desktop\todisk\inferno dvd\aio big collection of portables\pass crackers\advanced archive password recovery\archpr.log
c:\documents and settings\administrator\desktop\todisk\inferno dvd\aio big collection of portables\pass crackers\advanced archive password recovery\archpr.reg
c:\documents and settings\administrator\desktop\todisk\inferno dvd\aio big collection of portables\pass crackers\advanced archive password recovery\caps.chr
c:\documents and settings\administrator\desktop\todisk\inferno dvd\aio big collection of portables\pass crackers\advanced archive password recovery\digits.chr
c:\documents and settings\administrator\desktop\todisk\inferno dvd\aio big collection of portables\pass crackers\advanced archive password recovery\dutch.lng
c:\documents and settings\administrator\desktop\todisk\inferno dvd\aio big collection of portables\pass crackers\advanced archive password recovery\english.lng
c:\documents and settings\administrator\desktop\todisk\inferno dvd\aio big collection of portables\pass crackers\advanced archive password recovery\small.chr
c:\documents and settings\administrator\desktop\todisk\inferno dvd\aio big collection of portables\pass crackers\advanced archive password recovery\special.chr
c:\documents and settings\administrator\desktop\todisk\inferno dvd\aio big collection of portables\pass crackers\advanced archive password recovery\unacev2.dll
c:\documents and settings\administrator\desktop\todisk\inferno dvd\aio big collection of portables\pass crackers\advanced pdf password recovery pro\all_printable.chr
c:\documents and settings\administrator\desktop\todisk\inferno dvd\aio big collection of portables\pass crackers\advanced pdf password recovery pro\apdfprp.chm
c:\documents and settings\administrator\desktop\todisk\inferno dvd\aio big collection of portables\pass crackers\advanced pdf password recovery pro\apdfprp.exe
c:\documents and settings\administrator\desktop\todisk\inferno dvd\aio big collection of portables\pass crackers\advanced pdf password recovery pro\apdfprp.log
c:\documents and settings\administrator\desktop\todisk\inferno dvd\aio big collection of portables\pass crackers\advanced pdf password recovery pro\apdfprp.reg
c:\documents and settings\administrator\desktop\todisk\inferno dvd\aio big collection of portables\pass crackers\advanced pdf password recovery pro\apdfprpnu.cmd
c:\documents and settings\administrator\desktop\todisk\inferno dvd\aio big collection of portables\pass crackers\advanced pdf password recovery pro\apdfprpnu.ini
c:\documents and settings\administrator\desktop\todisk\inferno dvd\aio big collection of portables\pass crackers\advanced pdf password recovery pro\caps.chr
c:\documents and settings\administrator\desktop\todisk\inferno dvd\aio big collection of portables\pass crackers\advanced pdf password recovery pro\digits.chr
c:\documents and settings\administrator\desktop\todisk\inferno dvd\aio big collection of portables\pass crackers\advanced pdf password recovery pro\english.lng
c:\documents and settings\administrator\desktop\todisk\inferno dvd\aio big collection of portables\pass crackers\advanced pdf password recovery pro\small.chr
c:\documents and settings\administrator\desktop\todisk\inferno dvd\aio big collection of portables\pass crackers\advanced pdf password recovery pro\special.chr
c:\documents and settings\administrator\desktop\todisk\inferno dvd\aio big collection of portables\pass crackers\advanced rar password recovery\all_printable.chr
c:\documents and settings\administrator\desktop\todisk\inferno dvd\aio big collection of portables\pass crackers\advanced rar password recovery\arpr.chm
c:\documents and settings\administrator\desktop\todisk\inferno dvd\aio big collection of portables\pass crackers\advanced rar password recovery\arpr.cnt
c:\documents and settings\administrator\desktop\todisk\inferno dvd\aio big collection of portables\pass crackers\advanced rar password recovery\arpr.exe
c:\documents and settings\administrator\desktop\todisk\inferno dvd\aio big collection of portables\pass crackers\advanced rar password recovery\arpr.log
c:\documents and settings\administrator\desktop\todisk\inferno dvd\aio big collection of portables\pass crackers\advanced rar password recovery\arpr.reg
c:\documents and settings\administrator\desktop\todisk\inferno dvd\aio big collection of portables\pass crackers\advanced rar password recovery\arprnu.cmd
c:\documents and settings\administrator\desktop\todisk\inferno dvd\aio big collection of portables\pass crackers\advanced rar password recovery\arprnu.ini
c:\documents and settings\administrator\desktop\todisk\inferno dvd\aio big collection of portables\pass crackers\advanced rar password recovery\english.lng
c:\documents and settings\administrator\desktop\todisk\inferno dvd\aio big collection of portables\pass crackers\keyfinder-pe\xp-key-reader.exe
c:\documents and settings\administrator\desktop\todisk\inferno dvd\aio big collection of portables\pass crackers\koala liscence viewer\klv.cmd
c:\documents and settings\administrator\desktop\todisk\inferno dvd\aio big collection of portables\pass crackers\koala liscence viewer\koalalicenseviewer.exe
c:\documents and settings\administrator\desktop\todisk\inferno dvd\aio big collection of portables\pass crackers\mspass\mspass.chm
c:\documents and settings\administrator\desktop\todisk\inferno dvd\aio big collection of portables\pass crackers\mspass\readme.txt
c:\documents and settings\administrator\desktop\todisk\inferno dvd\ashampoo burning studio v6.02\crack\file_id.diz
c:\documents and settings\administrator\desktop\todisk\inferno dvd\ashampoo burning studio v6.02\crack\keygen.exe
c:\documents and settings\administrator\desktop\todisk\inferno dvd\ashampoo burning studio v6.02\crack\keygen.exe
c:\documents and settings\administrator\desktop\todisk\inferno dvd\ashampoo burning studio v6.02\crack\virility.nfo
c:\documents and settings\administrator\desktop\todisk\inferno dvd\ashampoo burning studio v6.10\crack\keygen.exe
c:\documents and settings\administrator\desktop\todisk\inferno dvd\ashampoo burning studio v6.10\crack\keygen.exe
c:\documents and settings\administrator\desktop\todisk\inferno dvd\ashampoo magical defrag v1.11\crack\ashampoomagicaldefragv111_crack.exe
c:\documents and settings\administrator\desktop\todisk\inferno dvd\ashampoo magical optimizer se 1.10\crack\ashampoomagicaloptimizersev110_crack.exe
c:\documents and settings\administrator\desktop\todisk\inferno dvd\ashampoo photo commander v4.0.1\crack\file_id.diz
c:\documents and settings\administrator\desktop\todisk\inferno dvd\ashampoo photo commander v4.0.1\crack\keygen.exe
c:\documents and settings\administrator\desktop\todisk\inferno dvd\ashampoo photo commander v4.0.1\crack\keygen.exe
c:\documents and settings\administrator\desktop\todisk\inferno dvd\ashampoo photo commander v4.0.1\crack\virility.nfo
c:\documents and settings\administrator\desktop\todisk\inferno dvd\ashampoo powerup xp platinum v2.v2.20\keygen.exe
c:\documents and settings\administrator\desktop\todisk\inferno dvd\ashampoo uninstaller platinum suite.v2.0.0.0\crack\file_id.diz
c:\documents and settings\administrator\desktop\todisk\inferno dvd\ashampoo uninstaller platinum suite.v2.0.0.0\crack\te.nfo
c:\documents and settings\administrator\desktop\todisk\inferno dvd\ashampoo uninstaller platinum suite.v2.0.0.0\crack\crack\ashampoouninstallerplatinumsuitev2000se_crack.exe
c:\documents and settings\administrator\desktop\todisk\inferno dvd\bb flashback v1.5.2.148\keygen\brd.nfo
c:\documents and settings\administrator\desktop\todisk\inferno dvd\bb flashback v1.5.2.148\keygen\file_id.diz
c:\documents and settings\administrator\desktop\todisk\inferno dvd\bonus stuff\wga validation v1.5.532.0 cracked.rar
c:\documents and settings\administrator\desktop\todisk\inferno dvd\cd box labeler pro v1.9.9g\crack\cdboxpro.exe
c:\documents and settings\administrator\desktop\todisk\inferno dvd\cd box labeler pro v1.9.9g\crack\fff.nfo
c:\documents and settings\administrator\desktop\todisk\inferno dvd\cd box labeler pro v1.9.9g\crack\file_id.diz
c:\documents and settings\administrator\desktop\todisk\inferno dvd\cdcheck v3.1.11.0\keygen\czw.nfo
c:\documents and settings\administrator\desktop\todisk\inferno dvd\flash saver v6.00\keygen.exe
c:\documents and settings\administrator\desktop\todisk\inferno dvd\hide ip platinum v2.82\keygen.exe
c:\documents and settings\administrator\desktop\todisk\inferno dvd\hypersnap dx v6.10.00\crack\hprsnap6.hs6lic
c:\documents and settings\administrator\desktop\todisk\inferno dvd\imtoo dvd creator v2.0.10.0612\keygen\keygen.exe
c:\documents and settings\administrator\desktop\todisk\inferno dvd\intervideo dvd copy platinum v5.0b004.24c00\keygen.exe
c:\documents and settings\administrator\desktop\todisk\inferno dvd\live-styler v8.0.30\keygen.exe
c:\documents and settings\administrator\desktop\todisk\inferno dvd\mp3-producer v2.51\keygen\brd.nfo
c:\documents and settings\administrator\desktop\todisk\inferno dvd\mp3-producer v2.51\keygen\file_id.diz
c:\documents and settings\administrator\desktop\todisk\inferno dvd\mp3-producer v2.51\keygen\shareland.org.html
c:\documents and settings\administrator\desktop\todisk\inferno dvd\music label 2006 12.0.3\crack\blizz.nfo
c:\documents and settings\administrator\desktop\todisk\inferno dvd\music label 2006 12.0.3\crack\musiclabel.exe
c:\documents and settings\administrator\desktop\todisk\inferno dvd\nti cd dvd maker platinum v7.0.0.4703\keygen.exe
c:\documents and settings\administrator\desktop\todisk\slysoft clonedvd v2.9.0.1\crack\dvt.nfo
c:\documents and settings\administrator\desktop\todisk\slysoft clonedvd v2.9.0.1\crack\keymaker.exe
c:\documents and settings\administrator\local settings\application data\opera\opera\icons\http%3a%2f%2fcdn-www.cracked.com%2fsites%2fcracked2%2fui%2fimages%2ffavicon.ico
c:\documents and settings\administrator\local settings\application data\opera\opera\icons\http%3a%2f%2fwww.cracked.com%2ffavicon.ico
c:\documents and settings\administrator\local settings\application data\opera\opera\icons\http%3a%2f%2fwww.crackserialcodes.com%2ffavicon.ico
c:\documents and settings\administrator\local settings\application data\opera\opera\icons\http%3a%2f%2fwww.downloadserialcrack.com%2ffavicon.ico
c:\documents and settings\administrator\local settings\application data\opera\opera\icons\www.cracked.com.idx
c:\documents and settings\administrator\local settings\application data\opera\opera\icons\www.crackserialcodes.com.idx
c:\documents and settings\administrator\local settings\application data\opera\opera\icons\www.downloadserialcrack.com.idx
c:\documents and settings\administrator\my documents\cracks n codes\landwarrior.txt
c:\program files\adobe\adobe dreamweaver cs3\configuration\content\reference\html\keygen.html
c:\program files\adobe\adobe dreamweaver cs3\configuration\content\reference\php\crackf.html
scanner sequence 3.ZZ.11
----- EOF -----




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:53:10, on 19/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Vtune\TBPanel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\Administrator\Desktop\CKScanner.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\malware\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [TBPanel] C:\Program Files\Vtune\TBPanel.exe /A
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4341750562
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 7713 bytes
Fac51
Active Member
 
Posts: 3
Joined: November 14th, 2009, 8:11 pm

Re: hijack of Opera browser

Unread postby askey127 » November 19th, 2009, 7:06 pm

I'm sorry, but we will not provide help to anyone with cracked software.
This is how to get and keep a computer infected, besides being illegal.
This thread is closed.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: pgmigg and 48 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware