Da Pirates Posted February 24, 2010 Share Posted February 24, 2010 [hide= HiJackThis Log Is Here]Logfile of Trend Micro HijackThis v2.0.3 (BETA)Scan saved at 3:37:25 PM, on 2/24/2010Platform: Unknown Windows (WinNT 6.01.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16385)Boot mode: Normal Running processes:C:\Windows\system32\taskhost[Caution: Executable File]C:\Windows\system32\taskeng[Caution: Executable File]C:\Windows\system32\Dwm[Caution: Executable File]C:\Windows\msa[Caution: Executable File]C:\Windows\Explorer[Caution: Executable File]C:\Users\MOMAND~1\AppData\Local\Temp\Fvl[Caution: Executable File]C:\Windows\System32\rundll32[Caution: Executable File]C:\Program Files\Synaptics\SynTP\SynTPEnh[Caution: Executable File]C:\Program Files\HP\HP Software Update\hpwuSchd2[Caution: Executable File]C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain[Caution: Executable File]C:\Program Files\Synaptics\SynTP\SynTPHelper[Caution: Executable File]C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL[Caution: Executable File]C:\Program Files\HP\QuickPlay\QPService[Caution: Executable File]C:\Program Files\Alwil Software\Avast4\ashDisp[Caution: Executable File]C:\Program Files\Java\jre6\bin\jusched[Caution: Executable File]C:\Program Files\iTunes\iTunesHelper[Caution: Executable File]C:\Program Files\Common Files\LightScribe\LightScribeControlPanel[Caution: Executable File]C:\Program Files\Steam\Steam[Caution: Executable File]C:\Users\MOMAND~1\AppData\Local\Temp\mvNat[Caution: Executable File]C:\Program Files\Hewlett-Packard\Shared\HpqToaster[Caution: Executable File]C:\Windows\system32\ctfmon[Caution: Executable File]C:\Program Files\Mozilla Firefox\firefox[Caution: Executable File]C:\Program Files\TrendMicro\HiJackThis\HiJackThis[Caution: Executable File] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnbR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnbR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnbR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhostO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32[Caution: Executable File] C:\Windows\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32[Caution: Executable File] C:\Windows\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh[Caution: Executable File]O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager[Caution: Executable File]" -launchedbyloginO4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler[Caution: Executable File]O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2[Caution: Executable File]O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain[Caution: Executable File]O4 - HKLM\..\Run: [QlbCtrl[Caution: Executable File]] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl[Caution: Executable File] /StartO4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService[Caution: Executable File]"O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu[Caution: Executable File]" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu[Caution: Executable File]" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"O4 - HKLM\..\Run: [updatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu[Caution: Executable File]" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp[Caution: Executable File]O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched[Caution: Executable File]"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl[Caution: Executable File]"O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM[Caution: Executable File]"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask[Caution: Executable File]" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper[Caution: Executable File]"O4 - HKCU\..\Run: [Google Update] "C:\Users\Mom And Jeff\AppData\Local\Google\Update\GoogleUpdate[Caution: Executable File]" /cO4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel[Caution: Executable File] -hiddenO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr[Caution: Executable File]" /backgroundO4 - HKCU\..\Run: [steam] "c:\program files\steam\steam[Caution: Executable File]" -silentO4 - HKCU\..\Run: [TOY5KNQ8OC] C:\Users\MOMAND~1\AppData\Local\Temp\Fvl[Caution: Executable File]O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar[Caution: Executable File] /autoRun (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin[Caution: Executable File] (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar[Caution: Executable File] /autoRun (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin[Caution: Executable File] (User 'NETWORK SERVICE')O4 - Startup: 8011.lnk = ?O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL[Caution: Executable File]/3000O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLLO13 - Gopher Prefix: O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/da2/PCPitStop2.cabO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService[Caution: Executable File]O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv[Caution: Executable File]O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ[Caution: Executable File]O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv[Caution: Executable File]O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv[Caution: Executable File]O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder[Caution: Executable File]O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx[Caution: Executable File]O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService[Caution: Executable File]O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService[Caution: Executable File]O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service[Caution: Executable File]O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex[Caution: Executable File]O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT[Caution: Executable File]O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService[Caution: Executable File]O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc[Caution: Executable File]O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc[Caution: Executable File]O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService[Caution: Executable File]O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo[Caution: Executable File]O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService[Caution: Executable File]O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService[Caution: Executable File]O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio[Caution: Executable File] --End of file - 9206 bytes[/hide] I'm using Avast antivirus and it's going crazy every 10 mins popping up at random times. When I went to sleep last night, I left my computer running. Came back in the morning and there were 7 IE windows open with pop up ads and avast had like 5 instances open. Can someone tell me what caused this virus and how to get rid of permanently? Avast keeps detecting it and I delete it but it just keeps coming back. BR BR BR? HUEHUEHEUEHUE Link to comment Share on other sites More sharing options...
Mil Posted February 24, 2010 Share Posted February 24, 2010 http://www.hijackthis.de/ says that the problem is due to C:\Windows\msa[Caution: Executable File]. A quick Google says that this is malware. How to remove. Link to comment Share on other sites More sharing options...
kapeg90 Posted February 25, 2010 Share Posted February 25, 2010 Try to download some freeware Adware programs from Download.com Try Adware or SUPERAntiSpyware :) Link to comment Share on other sites More sharing options...
Will H Posted February 26, 2010 Share Posted February 26, 2010 Try to download some freeware Adware programs from Download.com Try Adware or SUPERAntiSpyware :) Better, just get Microsoft Security Essentials and forget about it. ~ W ~ Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now