• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
    • Budfred

      PLEASE READ - Reversing upgrade   02/23/2017

      We have found that this new upgrade is somewhat of a disaster.  We are finding lots of glitches in being able to post and administer the forum.  Additionally, there are new costs associated with the upgrade that we simply cannot afford.  As a result, we have decided to reverse course and go back to the previous version of our software.  Since this will involve restoring it from a backup, we will lose posts that have been added since January 30 or possibly even some before that.    If you started a topic during that time, we urge you to make backups of your posts and you will need to start the topics over again after the change.  You can simply paste the copies of your posts that you created at that point.    If you joined the forum this month, you will need to re-register since your membership will be lost along with the posts.  Since you have a concealed password, we cannot simply restore your membership for you.   We are going to backup as much as we can so that it will reduce inconvenience for our members.  Unfortunately we cannot back everything up since much will be incompatible with the old version of our software.  We apologize for the confusion and regret the need to do this even though it is not viable to continue with this version of the software.   We plan to begin the process tomorrow evening and, if it goes smoothly, we shouldn't be offline for very long.  However, since we have not done this before, we are not sure how smoothly it will go.  We ask your patience as we proceed.   EDIT: I have asked our hosting service to do the restore at 9 PM Central time and it looks like it will go forward at that time.  Please prepare whatever you need to prepare so that we can restore your topics when the forum is stable again.

Search the Community

Showing results for tags 'virus'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Spyware, thiefware, browser hijackers, and other advertising parasites
    • Malware Removal
    • Spywatch
    • Smartphone Troubleshooting
  • SpywareInfo
    • Guests and Unvalidated
    • News and Announcements
    • SpywareInfo Web Site, Forums, and Newsletter
    • Frequently Asked Questions
    • SWI Community News
  • General Computing Issues
    • Security Warnings
    • Software Update Announcements
    • Software
    • PC Checkup and Troubleshooting
    • Firewalls and Proxies
    • Virus and Trojan Removal and Prevention Methods
  • Miscellaneous
    • Open Forum
    • On the web
    • Computer Horror Stories
    • Test

Calendars

  • Community Calendar

Found 4 results

  1. I have a Travelmate 4060 which I believe has a bad virus on it. I wish I could produce some logs for this topic but I am unable to, since the laptop boots to the Acer screen seeks the hard drive then just sits at the Acer post. I have tries to get into the bios using the F2 key to get into the bios but it will not go into the bios. Is there a utility that can be used to get access to the hard drive and then run some utilities to get information? Please contact me when you get this email.
  2. Aloha, It's been a while. I'm trying to remotely help a friend across the borders, so TeamViewer is my remote app of choice that you may see running in some of these logs. Looks like she has more than a few compromised positions, and even something that appears to be blocking her access to Microsoft office. (Which she bought with her old laptop, but now it's popping up activation needed, and her code doesn't appear to accept anymore after formerly working for years.) Way outta my league of fixing minor things. Here are logs galore attached. It's a Toshiba, a bit older laptop, and I think all the specs should be in the various logs attached. The Kapersky scan struggled to run multiple times and wouldn't let me copy the result (Using CTRL+A copy method) so it's on the laptop if needed for the future, but wasn't fully functional. Her system is very sluggish, even for one that old. Thanks for any help, and awaiting instructions. Humbly yours, Z Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.07.03.10 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 shana :: SHANA-PC [administrator] 7/5/2013 8:59:13 PM MBAM-log-2013-07-06 (11-57-20).txt Scan type: Full scan (C:\|Q:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 536971 Time elapsed: 8 hour(s), 39 minute(s), 14 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 6 HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Software.Updater) -> No action taken. HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Software.Updater) -> No action taken. HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Software.Updater) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} (PUP.Software.Updater) -> No action taken. HKCR\Updater.AmiUpd.1 (PUP.Software.Updater) -> No action taken. HKCR\Updater.AmiUpd (PUP.Software.Updater) -> No action taken. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 7 C:\Users\shana\AppData\Local\SwvUpdater\Updater.exe (PUP.Software.Updater) -> No action taken. C:\ComboFix\office 2010\Office 2010 Toolkit\Office 2010 Toolkit.exe (RiskWare.Tool.CK) -> No action taken. C:\Windows\assembly\GAC\Desktop.ini (Trojan.0access) -> No action taken. C:\Windows\Installer\{a8826605-2627-b5e8-bfd6-08eb4c376c20}\U\00000004.@ (Rootkit.Zaccess) -> No action taken. C:\Windows\Installer\{a8826605-2627-b5e8-bfd6-08eb4c376c20}\U\000000cb.@ (Rootkit.0Access) -> No action taken. C:\Windows\Installer\{a8826605-2627-b5e8-bfd6-08eb4c376c20}\U\80000000.@ (Trojan.0Access) -> No action taken. C:\Windows\Tasks\AmiUpdXp.job (PUP.Software.Updater) -> No action taken. (end) DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16447 Run by shana at 21:18:28 on 2013-07-05 Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1013.381 [GMT -7:00] . SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes ================ . C:\windows\system32\wininit.exe C:\windows\system32\lsm.exe C:\windows\System32\spoolsv.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\windows\system32\taskhost.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Users\shana\AppData\Local\Smartbar\Application\QuickShare.exe C:\Users\shana\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\PC Checkup\SymcPCCULaunchSvc.exe C:\Program Files\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe C:\Windows\system32\TODDSrv.exe C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\windows\system32\SearchIndexer.exe C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe C:\Program Files\TeamViewer\Version8\TeamViewer.exe C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\TeamViewer\Version8\tv_w32.exe c:\program files\teamviewer\version8\TeamViewer_Desktop.exe C:\Users\shana\Desktop\From Zo\HijackThis.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\windows\system32\igfxsrvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\windows\system32\conhost.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\windows\system32\svchost.exe -k imgsvc C:\windows\System32\svchost.exe -k secsvcs C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation . ============== Pseudo HJT Report =============== . uURLSearchHooks: WhiteSmoke New Toolbar: {739df940-c5ee-4bab-9d7e-270894ae687a} - c:\program files\whitesmoke_new\prxtbWhit.dll mURLSearchHooks: WhiteSmoke New Toolbar: {739df940-c5ee-4bab-9d7e-270894ae687a} - c:\program files\whitesmoke_new\prxtbWhit.dll BHO: LessTabs: {3178A392-8963-471E-B7A2-969CB58D6496} - c:\program files\lesstabs\ie32\LessTabsClientIE.dll BHO: QuickShare WidgetEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} - BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL BHO: WhiteSmoke New Toolbar: {739df940-c5ee-4bab-9d7e-270894ae687a} - c:\program files\whitesmoke_new\prxtbWhit.dll BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\users\shana\appdata\roaming\defaulttab\defaulttab\DefaultTabBHO.dll BHO: SelectionLinks: {878B8524-AED5-4870-9A96-A515440DAC75} - c:\program files\oapps\SelectionLinks.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: WhiteSmoke New Toolbar: {739DF940-C5EE-4BAB-9D7E-270894AE687A} - c:\program files\whitesmoke_new\prxtbWhit.dll TB: WhiteSmoke New Toolbar: {739df940-c5ee-4bab-9d7e-270894ae687a} - c:\program files\whitesmoke_new\prxtbWhit.dll TB: QuickShare Widget: {ae07101b-46d4-4a98-af68-0333ea26e113} - uRun: [EPSON WorkForce 310 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatifha.exe /fu "c:\users\shana\appdata\local\temp\E_S3515.tmp" /EF "HKCU" uRun: [browser Infrastructure Helper] c:\users\shana\appdata\local\smartbar\application\QuickShare.exe startup mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" dRun: [searchProtect] \SearchProtect\bin\cltmng.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll TCP: NameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{877E1211-87CD-4376-B5CA-07D622C7C175} : DHCPNameServer = 68.111.16.30 68.111.16.25 TCP: Interfaces\{F597CB81-0595-4298-890A-1AF01190CE6F} : DHCPNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{F597CB81-0595-4298-890A-1AF01190CE6F}\2656C6B696E6E2638303 : DHCPNameServer = 192.168.2.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll Notify: igfxcui - igfxdev.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\users\shana\appdata\roaming\mozilla\firefox\profiles\2cito2ww.default\ FF - prefs.js: browser.search.selectedEngine - WhiteSmoke New Customized Web Search FF - plugin: c:\progra~1\mif5ba~1\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll FF - plugin: c:\program files\myfuncards_5mei\installr\1.bin\NP5mEISb.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\users\shana\appdata\roaming\mozilla\firefox\profiles\2cito2ww.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}\plugins\np-mswmp.dll FF - plugin: c:\users\shana\appdata\roaming\mozilla\firefox\profiles\2cito2ww.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}\plugins\npConduitFirefoxPlugin.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll FF - ExtSQL: 2013-05-06 16:56; {739df940-c5ee-4bab-9d7e-270894ae687a}; c:\users\shana\appdata\roaming\mozilla\firefox\profiles\2cito2ww.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a} FF - ExtSQL: 2013-05-06 16:57; lesstabs@lesstabs.com; c:\program files\mozilla firefox\extensions\lesstabs@lesstabs.com FF - ExtSQL: 2013-05-31 15:35; addon@defaulttab.com; c:\users\shana\appdata\roaming\mozilla\firefox\profiles\2cito2ww.default\extensions\addon@defaulttab.com.xpi . ============= SERVICES / DRIVERS =============== . . =============== Created Last 30 ================ . 2013-07-06 03:58:14 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2013-07-05 22:32:05 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{c5c4f491-80cf-4419-b3a6-dbf84bcb8bc6}\offreg.dll 2013-07-03 08:22:50 -------- d-----w- c:\program files\MyPC Backup 2013-07-01 23:01:30 -------- d-----w- c:\users\shana\appdata\local\Smartbar 2013-07-01 22:59:31 -------- d-----w- c:\program files\OApps 2013-07-01 22:57:37 -------- d-----w- c:\program files\WhiteSmoke_New . ==================== Find3M ==================== . 2013-06-19 18:51:59 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-06-19 18:51:59 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-04-11 14:22:56 770384 ----a-w- c:\windows\system32\msvcr100.dll 2013-04-11 14:22:56 421200 ----a-w- c:\windows\system32\msvcp100.dll . ============= FINISH: 22:05:51.53 =============== Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:43:27 PM, on 7/5/2013 Platform: Unknown Windows (WinNT 6.01.3505 SP1) MSIE: Internet Explorer v9.00 (9.00.8112.16447) Boot mode: Normal Running processes: C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\windows\system32\taskhost.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Users\shana\AppData\Local\Smartbar\Application\QuickShare.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe C:\Program Files\TeamViewer\Version8\TeamViewer.exe C:\Users\shana\Desktop\From Zo\HijackThis.exe C:\Users\shana\Desktop\From Zo\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/Toshiba/en-us R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&CUI=UN15402857218665611&UM=2&ctid=CT3289847 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: WhiteSmoke New Toolbar - {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files\WhiteSmoke_New\prxtbWhit.dll O2 - BHO: LessTabs - {3178A392-8963-471E-B7A2-969CB58D6496} - C:\Program Files\LessTabs\IE32\LessTabsClientIE.dll O2 - BHO: QuickShare WidgetEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - mscoree.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL O2 - BHO: WhiteSmoke New - {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files\WhiteSmoke_New\prxtbWhit.dll O2 - BHO: DefaultTabBHO - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\shana\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll O2 - BHO: HelloWorldBHO - {878B8524-AED5-4870-9A96-A515440DAC75} - C:\Program Files\OApps\SelectionLinks.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: WhiteSmoke New Toolbar - {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files\WhiteSmoke_New\prxtbWhit.dll O3 - Toolbar: QuickShare Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [EPSON WorkForce 310 Series] C:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIFHA.EXE /FU "C:\Users\shana\AppData\Local\Temp\E_S3515.tmp" /EF "HKCU" O4 - HKCU\..\Run: [browser Infrastructure Helper] C:\Users\shana\AppData\Local\Smartbar\Application\QuickShare.exe startup O4 - HKUS\S-1-5-18\..\Run: [searchProtect] \SearchProtect\bin\cltmng.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [searchProtect] \SearchProtect\bin\cltmng.exe (User 'Default user') O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O13 - Gopher Prefix: O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://gsn.worldwinner.com/games/v47/shared/FunGamesLoader.cab O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DefaultTabUpdate - Unknown owner - C:\Users\shana\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Norton PC Checkup Application Launcher - Symantec Corporation - C:\Program Files\PC Checkup\SymcPCCULaunchSvc.exe O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- End of file - 9138 bytes Results of screen317's Security Check version 0.99.68 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Out of date HijackThis installed! Malwarebytes Anti-Malware version 1.75.0.1300 HijackThis 2.0.2 Java 6 Update 14 Java version out of Date! Adobe Flash Player 11.7.700.224 Adobe Reader 10.1.7 Adobe Reader out of Date! Mozilla Firefox (22.0) Google Chrome 23.0.1271.64 ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes' Anti-Malware mbamscheduler.exe Kaspersky Lab Kaspersky Security Scan 2.0 kss.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 19% Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log`````````````````````` Please just copy and paste the logs as plain text into your posts. Not all Helpers will want to open unknown attachments. I've added the text and removed the attachments. TheJoker
  3. Hi Could you please check the following to see if everythings look ok. Call it a type of M.O.T. I attach firstly a scan from Malwarebytes Anti-Malware and secondly from hijackthis - Malwarebytes Anti-Malware Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.05.05.05 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Tony123 :: TONYW [administrator] 05/05/2013 17:38:47 mbam-log-2013-05-05 (17-38-47).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 380651 Time elapsed: 2 hour(s), 5 minute(s), 40 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) HijackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:47:49, on 05/05/2013 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16476) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\system32\taskeng.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Trusteer\Rapport\bin\RapportService.exe C:\Program Files\Launch Manager\LManager.exe C:\Program Files\Video Web Camera\traybar.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Video Web Camera\CEC_MAIN.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe c:\program files\common files\installshield\updateservice\isuspm.exe C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe C:\Users\Tony123\AppData\Local\Google\Update\1.3.21.145\GoogleCrashHandler.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&s=2&o=vp32&d=0709&m=dotma R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&s=2&o=vp32&d=0709&m=dotma R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by MSN & Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ÿþ1 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Video Web Camera\traybar.exe" O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\Windows\TEMP\E_S9920.tmp" /EF "HKCU" O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKCU\..\Run: [iSUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKCU\..\Run: [Google Update] "C:\Users\Tony123\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: Musicmatch Jukebox.lnk = C:\Program Files\Musicmatch\Musicmatch Jukebox\mmjb.exe O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O13 - Gopher Prefix: O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos-beta/OnlineScanner.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 10561 bytes Await your reply Mr Angry (aka Lord23sutch - aka Tony) EDIT: Please read the Instructions http://www.spywareinfoforum.com/index.php?showtopic=79038 and post logs... You are using an obsolete copy of HijackThis and we need the DDS and SecurityCheck logs as well... Our helpers need details to review in order to help...
  4. My mother's email account (yahoo, via Firefox) sent out a probable malware link to entire address book. Have run ccleaner and avg scan, deleted something which looked unfamiliar from C drive (I didn't do it so I don't know what it was), and uninstalled McAfee which may have been interfering with the running of AVG. Ran further scan with AVG, nothing found. Posting the required logs nevertheless just to check that no further signs of malware before going ahead and changing all passwords, just for fear of other email/ shopping/ banking accounts getting hijacked or passwords getting keylogged! All help greatly appreciated. Mbam, dds and checkup to follow.