• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Elilah2002

I think it is malware ZANGO - Merged

17 posts in this topic

Hello something appears to have hacked my system causing several keys to not type properly and it issuper slow to open web pages. I have done a HJT log and was wondering if someonecould please look at it, as it looks pretty normal to me. SPYBOT says ZANGO has 28 entries which cant Remove! Thankyou in advance!!

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:42:51 AM, on 22/01/2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18865)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

C:\Windows\System32\spool\drivers\w32x86\3\E_FATIEDP.EXE

C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe

C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe

C:\Windows\system32\SearchFilterHost.exe

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\IPSBHO.DLL

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll

O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll

O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll

O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

O4 - HKLM\..\Run: [updatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

O4 - HKLM\..\Run: [updatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe"

O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\RunOnce: [iWinArcadeIECleanup] C:\Users\Lee\AppData\Local\Temp\iWinArcadeAutocleanup.bat

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN

O4 - HKCU\..\Run: [EPSON TX100 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEDP.EXE /FU "C:\Windows\TEMP\E_S4A96.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O13 - Gopher Prefix:

O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab

O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/JoJo's%20Fashion%20Show%202%20-%20Las%20Cruces/Images/armhelper.ocx

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e7ea6efc\aestsrv.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: BrowserQuest Service - Unknown owner - C:\ProgramData\BrowserQuest\browserquest115.exe

O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe

O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e7ea6efc\STacSV.exe

 

--

End of file - 10312 bytes

Share this post


Link to post
Share on other sites

Hello I think somthing has attacked my browser. the computer is really slow and pages wont load. I have a hjt log: thank you.It wont let me save my HJT Log to this tread. I am not sure what to do, if anyone coudhl itwuldbe mst appreciated!

 

Danielle

 

Hi,

 

Help us help you.

 

Please read this article and follow the protocol.

http://spywareinfoforum.com/index.php?showtopic=23382

Then submit a fresh HijackThis log. One of our helpers will take care of you. It's the only way we can give you sound advice.

 

Copy and paste your HijackThis log in your next reply.

=*=

Edited by nasdaq
HijackThis log requested.

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

 

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

 

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

Hello I think somthing has attacked my browser. the computer is really slow and pages wont load. I have a hjt log: thank you.It wont let me save my HJT Log to this tread. I am not sure what to do, if anyone coudhl itwuldbe mst appreciated!

 

Danielle

 

Hi,

 

Help us help you.

 

Please read this article and follow the protocol.

http://spywareinfoforum.com/index.php?showtopic=23382

Then submit a fresh HijackThis log. One of our helpers will take care of you. It's the only way we can give you sound advice.

 

Copy and paste your HijackThis log in your next reply.

=*=

 

Hi Sorry,

 

I think I posted my log somewhere else, so I have done your instructions to redownload HJT, and here is my fresh log. I must have a delay on my computer because message didnt come through until today. i confused becaue the reply on the log was to post it in the 3 days forum. but I must have posted it in the wrong section. Sorry for my confusion, and thank you for your help!

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 5:34:49 PM, on 25/01/2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18882)

Boot mode: Normal

 

Running processes:

C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe

C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=91&bd=Presario&pf=cnnb

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\IPSBHO.DLL

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll

O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll

O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll

O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

O4 - HKLM\..\Run: [updatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

O4 - HKLM\..\Run: [updatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe"

O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN

O4 - HKCU\..\Run: [EPSON TX100 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEDP.EXE /FU "C:\Windows\TEMP\E_S4A96.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O13 - Gopher Prefix:

O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab

O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/JoJo's%20Fashion%20Show%202%20-%20Las%20Cruces/Images/armhelper.ocx

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e7ea6efc\aestsrv.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: BrowserQuest Service - Unknown owner - C:\ProgramData\BrowserQuest\browserquest117.exe

O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe

O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e7ea6efc\STacSV.exe

 

--

End of file - 10293 bytes

Share this post


Link to post
Share on other sites

Hello Elilah2002 and welcome to SWI.

 

I'm lance_yien and will be helping you.

 

- Your log shows 2 antispyware programs running on your computer: "Spybot - Search & Destroy's TeaTimer", "Windows Defender".

 

Running more than one resident protection program of the same type (antivirus, firewall or antispyware program) at the same time can result in unwanted conflict.

This can reduce the effectiveness of all your programs individually and may slowdown your computer.

 

I suggest you disable these programs, and I will tell you what to do later:

 

  • To disable Spybot-S&D's TeaTimer, please run Spybot-S&D, go to the Mode menu and make sure Advanced Mode is selected.
    On the left hand side, choose Tools => Resident and uncheck Resident TeaTimer. Click and OK at any prompts. Then close Spybot-S&D.
     
  • To disable Windows Defender, please open the program => Tools => General Settings and scroll down to Real Time Protection Options. Uncheck "Turn on Real Time Protection (recommended)" and click on the "Save" button. Then close Windows Defender.

 

Please, print out these instructions or copy them to a Notepad file for an easer reading and download, to your Desktop:

 

  • Malwarebytes Anti-Malware from here or here
     
  • Security Check by screen317 from here or here.
     
  • ComboFix© by sUBs from here or here

 

Now, please make sure you are connected to the Internet and:

 

  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
     
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware

     

    [*]Then click Finish.

    [*]MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.

    If you encounter any problems while downloading the updates, please manually download them from here and just double-click on mbam-rules.exe to install.

    [*]On the Scanner tab:

     

    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.

     

    [*]If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.

    [*]The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.

    [*]When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".

    [*]Click OK to close the message box and continue with the removal process.

    [*]Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.

    [*]Make sure that everything is checked, and click Remove Selected.

    [*]When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer (see Note below).

    [*]The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.

    [*]Copy and paste the contents of that report in your next reply and exit MBAM.

 

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

 

For complete or visual instructions on installing and running Malwarebytes Anti-Malware, please see here

 

Then, please familiarize yourself with ComboFix here before running it.

I recommend you print out the information from this page or copy them to a Notepad file as well.

 

Please ensure you have disabled all anti virus and anti malware programs and run ComboFix.

 

Notes:

 

  • It is very important that you have the Windows Recovery Console installed because without it, ComboFix shall not attempt the fixing of some serious infections.
    It's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
     
  • Please, DO NOT click ComboFix's window while it is running. This may cause it to hang.

 

Finally, please double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt

 

Please post the contents of that document with the Malwarebytes Anti-Malware log and C:\ComboFix.txt.

Please include a fresh HijackThis log and let me know how your computer is functioning now.

Edited by lance_yien

Share this post


Link to post
Share on other sites

Hello Elilah2002 and welcome to SWI.

 

I'm lance_yien and will be helping you.

 

- Your log shows 2 antispyware programs running on your computer: "Spybot - Search & Destroy's TeaTimer", "Windows Defender".

 

Running more than one resident protection program of the same type (antivirus, firewall or antispyware program) at the same time can result in unwanted conflict.

This can reduce the effectiveness of all your programs individually and may slowdown your computer.

 

I suggest you disable these programs, and I will tell you what to do later:

 

  • To disable Spybot-S&D's TeaTimer, please run Spybot-S&D, go to the Mode menu and make sure Advanced Mode is selected.
    On the left hand side, choose Tools => Resident and uncheck Resident TeaTimer. Click and OK at any prompts. Then close Spybot-S&D.
     
  • To disable Windows Defender, please open the program => Tools => General Settings and scroll down to Real Time Protection Options. Uncheck "Turn on Real Time Protection (recommended)" and click on the "Save" button. Then close Windows Defender.

 

Please, print out these instructions or copy them to a Notepad file for an easer reading and download, to your Desktop:

 

  • Malwarebytes Anti-Malware from here or here
     
  • Security Check by screen317 from here or here.
     
  • ComboFix© by sUBs from here or here

 

Now, please make sure you are connected to the Internet and:

 

  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
     
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware

     

    [*]Then click Finish.

    [*]MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.

    If you encounter any problems while downloading the updates, please manually download them from here and just double-click on mbam-rules.exe to install.

    [*]On the Scanner tab:

     

    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.

     

    [*]If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.

    [*]The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.

    [*]When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".

    [*]Click OK to close the message box and continue with the removal process.

    [*]Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.

    [*]Make sure that everything is checked, and click Remove Selected.

    [*]When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer (see Note below).

    [*]The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.

    [*]Copy and paste the contents of that report in your next reply and exit MBAM.

 

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

 

For complete or visual instructions on installing and running Malwarebytes Anti-Malware, please see here

 

Then, please familiarize yourself with ComboFix here before running it.

I recommend you print out the information from this page or copy them to a Notepad file as well.

 

Please ensure you have disabled all anti virus and anti malware programs and run ComboFix.

 

Notes:

 

  • It is very important that you have the Windows Recovery Console installed because without it, ComboFix shall not attempt the fixing of some serious infections.
    It's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
     
  • Please, DO NOT click ComboFix's window while it is running. This may cause it to hang.

 

Finally, please double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt

 

Please post the contents of that document with the Malwarebytes Anti-Malware log and C:\ComboFix.txt.

Please include a fresh HijackThis log and let me know how your computer is functioning now.

 

 

Hello,

Firstly thank you very much for helping me and your instructions were great to understand! In regards to my system, typing of the keys appears to have been fixed, so whatever was attached to them was deleted because now I can type perfectly without it missing keys. Secondly the only problem I appear to have now is the fact that pages take about 20 times slower to open than before. So I thought it may not be spyware but other things, so i defragged system didnt work, cleared all temporary caches etc. and customised security settings and updates Java. Nothing seemed to improve it. it took me about five minutes to get this thread to load.

 

So here is COMBO FIX report

 

ComboFix 10-01-26.05 - Lee 27/01/2010 23:02:48.1.1 - x86

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.61.1033.18.1789.1062 [GMT 10.5:30]

Running from: c:\users\Lee\Downloads\ComboFix1.exe

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\$recycle.bin\S-1-5-21-1160812510-1670133929-16812908-500

c:\$recycle.bin\S-1-5-21-718287445-650586682-4277700044-500

c:\windows\system32\oem6.inf

 

.

((((((((((((((((((((((((( Files Created from 2009-12-27 to 2010-01-27 )))))))))))))))))))))))))))))))

.

 

2010-01-27 12:41 . 2010-01-27 12:41 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-01-27 12:41 . 2010-01-27 12:41 -------- d-----w- c:\users\Danielle\AppData\Local\temp

2010-01-27 11:18 . 2010-01-27 11:18 -------- d-----w- c:\users\Lee\AppData\Roaming\Malwarebytes

2010-01-27 11:18 . 2010-01-07 05:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-27 11:17 . 2010-01-27 11:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-01-27 11:17 . 2010-01-27 11:17 -------- d-----w- c:\programdata\Malwarebytes

2010-01-27 11:17 . 2010-01-07 05:37 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-27 07:31 . 2010-01-27 07:31 -------- d-----w- c:\users\Danielle\AppData\Local\Hewlett-Packard

2010-01-27 07:31 . 2010-01-27 07:31 -------- d-----w- c:\users\Danielle\AppData\Roaming\Hewlett-Packard

2010-01-27 07:30 . 2010-01-27 07:30 -------- d-----w- c:\users\Danielle\AppData\Roaming\ATI

2010-01-27 07:30 . 2010-01-27 07:30 -------- d-----w- c:\users\Danielle\AppData\Local\ATI

2010-01-27 07:30 . 2010-01-27 07:30 106968 ----a-w- c:\users\Danielle\AppData\Local\GDIPFONTCACHEV1.DAT

2010-01-26 06:11 . 2010-01-26 06:11 388096 ----a-r- c:\users\Lee\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe

2010-01-26 06:11 . 2010-01-26 06:11 -------- d-----w- c:\program files\TrendMicro

2010-01-25 07:42 . 2009-06-29 23:07 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys

2010-01-23 03:25 . 2010-01-23 03:25 -------- d-----w- c:\users\Lee\AppData\Roaming\Fever Frenzy

2010-01-23 01:56 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll

2010-01-23 01:56 . 2009-11-03 19:41 411648 ----a-w- c:\windows\system32\drivers\http.sys

2010-01-23 01:56 . 2009-11-03 21:43 24064 ----a-w- c:\windows\system32\nshhttp.dll

2010-01-23 01:56 . 2009-11-03 21:42 30720 ----a-w- c:\windows\system32\httpapi.dll

2010-01-22 10:46 . 2010-01-22 10:46 -------- d-----w- c:\users\Lee\AppData\Roaming\PoBros

2010-01-22 10:46 . 2010-01-22 10:46 -------- d-----w- c:\programdata\PoBros

2010-01-22 03:03 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll

2010-01-22 03:03 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll

2010-01-21 13:48 . 2010-01-21 13:48 -------- d-----w- c:\program files\Trend Micro

2010-01-21 12:21 . 2009-12-17 06:44 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-01-19 10:33 . 2010-01-19 10:33 -------- d-----w- c:\users\Lee\AppData\Roaming\Go-Go Gourmet Chef of the Year

2010-01-19 05:50 . 2010-01-25 07:42 -------- d-----w- c:\program files\Panda Security

2010-01-19 05:41 . 2010-01-19 09:29 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2010-01-19 05:41 . 2010-01-19 05:41 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-01-18 10:56 . 2010-01-18 10:56 -------- d-----w- c:\users\Lee\AppData\Roaming\casanova

2010-01-18 06:45 . 2010-01-18 06:45 -------- d-----w- c:\programdata\Becky Brogan

2010-01-16 09:05 . 2010-01-16 09:05 -------- d-----w- c:\users\Lee\AppData\Roaming\TheFixerUpper

2010-01-15 09:50 . 2010-01-15 09:50 -------- d-----w- c:\programdata\WildWestQuest2

2010-01-15 09:45 . 2010-01-15 09:45 -------- d-----w- c:\programdata\HiddenSecretsNightmare

2010-01-13 06:49 . 2010-01-13 06:49 -------- d-----w- c:\users\Lee\AppData\Roaming\WildTangentv1002

2010-01-13 05:56 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll

2010-01-13 05:56 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll

2010-01-10 00:31 . 2010-01-10 00:31 -------- d-----w- c:\users\Lee\AppData\Local\Seven Zip

2010-01-09 09:34 . 2010-01-09 09:34 -------- d-----w- c:\users\Lee\AppData\Roaming\WildGames 3 Days Zoo Mystery

2010-01-07 09:16 . 2010-01-07 09:18 -------- d-----w- c:\program files\Jojos Fashion Show World Tour

2010-01-07 09:15 . 2006-10-26 09:26 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll

2010-01-07 09:15 . 2006-10-26 09:26 32592 ----a-w- c:\windows\system32\msonpmon.dll

2010-01-07 08:55 . 2010-01-07 08:55 -------- d-----w- c:\program files\Microsoft Visual Studio 8

2010-01-07 07:49 . 2010-01-07 07:51 -------- d-----w- c:\users\Lee\AppData\Roaming\Virtual City

2010-01-06 11:54 . 2010-01-06 11:54 -------- d-----w- c:\users\Lee\AppData\Roaming\Little Worlds Online

2010-01-06 07:28 . 2010-01-06 07:28 -------- d-----w- c:\users\Lee\AppData\Roaming\Awem

2010-01-06 06:23 . 2010-01-06 06:23 -------- d-----w- c:\users\Lee\AppData\Roaming\Princess Isabella

2010-01-06 02:47 . 2010-01-06 02:47 -------- d-----w- c:\users\Lee\AppData\Local\Grubby Games

2010-01-06 02:43 . 2010-01-06 02:43 -------- d-----w- c:\users\Lee\AppData\Local\sowhat

2010-01-05 04:32 . 2010-01-05 04:32 -------- d-----w- c:\users\Lee\AppData\Roaming\LaJangada

2010-01-05 02:31 . 2010-01-06 02:53 -------- d-----w- c:\users\Lee\AppData\Roaming\Winv1001

2010-01-05 02:00 . 2010-01-05 02:00 -------- d-----w- c:\users\Lee\AppData\Local\STARGAZE_IMAGE_CACHE

2010-01-05 02:00 . 2010-01-05 02:00 -------- d-----w- c:\programdata\Alawar Stargaze

2010-01-05 00:31 . 2010-01-05 00:31 -------- d-----w- c:\programdata\Kristanix Games

2010-01-04 09:05 . 2010-01-27 01:46 -------- d-----w- c:\program files\WildGames

2010-01-04 08:54 . 2010-01-04 08:54 -------- d-----w- c:\users\Lee\AppData\Roaming\YoudaGames

2010-01-04 08:25 . 2010-01-04 08:25 -------- d-----w- c:\users\Lee\AppData\Roaming\Gold Casual Games

2010-01-04 03:42 . 2010-01-04 03:42 -------- d-----w- c:\programdata\BC Soft Games

2010-01-04 02:36 . 2010-01-04 02:37 -------- d-----w- c:\users\Lee\AppData\Roaming\GTM_Bodie

2010-01-04 02:32 . 2010-01-04 02:33 -------- d-----w- c:\users\Lee\AppData\Local\FireAndIce

2010-01-04 01:24 . 2010-01-04 01:24 -------- d-----w- c:\users\Lee\AppData\Roaming\Winv1002

2010-01-03 23:16 . 2010-01-03 23:16 -------- d-----w- c:\programdata\GameHouse

2010-01-02 07:09 . 2010-01-06 03:53 -------- d-----w- c:\users\Lee\AppData\Roaming\Merscom

2010-01-02 07:09 . 2010-01-06 03:53 -------- d-----w- c:\programdata\Merscom

2010-01-02 03:50 . 2010-01-02 03:50 -------- d-----w- c:\users\Lee\AppData\Local\AlwaysNeat

2010-01-01 11:42 . 2010-01-01 11:42 -------- d-----w- c:\program files\Microsoft

2010-01-01 11:42 . 2010-01-01 11:42 -------- d-----w- c:\program files\MSN Toolbar

2010-01-01 11:42 . 2010-01-01 11:42 -------- d-----w- c:\program files\Microsoft Silverlight

2010-01-01 11:41 . 2010-01-01 11:43 -------- d-----w- c:\program files\MSN Toolbar Installer

2010-01-01 07:54 . 2010-01-18 02:05 -------- d-----w- c:\users\Lee\AppData\Roaming\Flood Light Games

2010-01-01 07:54 . 2010-01-18 02:05 -------- d-----w- c:\programdata\Flood Light Games

2010-01-01 00:50 . 2010-01-01 00:50 -------- d-----w- c:\programdata\GhostFleet

2010-01-01 00:50 . 2010-01-01 00:51 -------- d-----w- c:\users\Lee\AppData\Roaming\GhostFleet

2010-01-01 00:38 . 2010-01-01 00:38 -------- d-----w- c:\users\Lee\AppData\Roaming\URSE Games

2009-12-31 23:35 . 2009-12-31 23:35 -------- d-----w- c:\users\Lee\AppData\Roaming\ValuSoft

2009-12-31 23:35 . 2009-12-31 23:35 -------- d-----w- c:\programdata\ValuSoft

2009-12-31 23:26 . 2010-01-01 10:12 -------- d-----w- c:\users\Lee\AppData\Roaming\Friday's games

2009-12-31 08:47 . 2009-12-31 08:47 -------- d-----w- c:\program files\ReflexiveArcade

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-27 11:32 . 2009-03-10 08:18 12 ----a-w- c:\windows\bthservsdp.dat

2010-01-27 01:45 . 2009-03-10 09:22 -------- d-----w- c:\programdata\WildTangent

2010-01-26 12:10 . 2009-03-10 11:03 -------- d-----w- c:\program files\Common Files\Java

2010-01-26 12:09 . 2009-03-10 11:03 -------- d-----w- c:\program files\Java

2010-01-23 03:19 . 2009-12-27 09:16 -------- d-----w- c:\users\Lee\AppData\Roaming\Boomzap

2010-01-22 04:35 . 2009-08-02 13:40 -------- d-----w- c:\programdata\MumboJumbo

2010-01-21 11:10 . 2009-11-24 07:44 -------- d-----w- c:\programdata\iWin Games

2010-01-18 14:25 . 2009-06-29 07:11 -------- d-----w- c:\users\Lee\AppData\Roaming\PlayFirst

2010-01-18 14:25 . 2009-06-29 07:11 -------- d-----w- c:\programdata\PlayFirst

2010-01-17 07:05 . 2009-12-07 06:05 -------- d-----w- c:\users\Lee\AppData\Roaming\MysteryStudio

2010-01-14 00:42 . 2009-11-08 11:00 181120 ------w- c:\windows\system32\MpSigStub.exe

2010-01-13 16:34 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2010-01-12 07:00 . 2009-12-12 12:29 -------- d-----w- c:\users\Lee\AppData\Roaming\iMaxGen

2010-01-10 00:41 . 2009-11-28 02:58 -------- d-----w- c:\program files\iWin.com

2010-01-09 00:56 . 2009-06-22 08:51 106968 ----a-w- c:\users\Lee\AppData\Local\GDIPFONTCACHEV1.DAT

2010-01-07 09:24 . 2009-03-10 09:41 -------- d-----w- c:\programdata\Microsoft Help

2010-01-07 09:08 . 2006-11-02 12:35 -------- d-----w- c:\program files\MSBuild

2010-01-07 09:01 . 2009-03-10 09:45 -------- d-----w- c:\program files\Microsoft Works

2010-01-06 11:39 . 2009-07-15 09:18 -------- d-----w- c:\programdata\Gogii

2010-01-05 22:20 . 2009-11-19 11:20 -------- d-----w- c:\program files\RealArcade

2010-01-05 22:19 . 2009-06-28 10:08 -------- d-----w- c:\users\Lee\AppData\Roaming\Gamelab

2010-01-05 03:32 . 2009-12-07 10:27 -------- d-----w- c:\users\Lee\AppData\Roaming\SpinTop Games

2010-01-02 06:38 . 2010-01-22 03:28 916480 ----a-w- c:\windows\system32\wininet.dll

2010-01-02 06:32 . 2010-01-22 03:28 71680 ----a-w- c:\windows\system32\iesetup.dll

2010-01-02 06:32 . 2010-01-22 03:28 109056 ----a-w- c:\windows\system32\iesysprep.dll

2010-01-02 04:57 . 2010-01-22 03:28 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2009-12-29 08:32 . 2009-12-29 08:32 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf

2009-12-27 21:41 . 2009-12-27 21:41 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf

2009-12-27 21:14 . 2009-12-27 21:14 -------- d-----w- c:\program files\Windows Portable Devices

2009-12-27 21:14 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat

2009-12-27 06:25 . 2009-08-02 13:46 -------- d-----w- c:\users\Lee\AppData\Roaming\funkitron

2009-12-27 05:25 . 2009-12-27 05:25 -------- d-----w- c:\users\Lee\AppData\Roaming\Mean Hamster Software

2009-12-27 05:25 . 2009-12-27 05:25 -------- d-----w- c:\programdata\Mean Hamster Software

2009-12-27 04:34 . 2009-12-27 04:34 -------- d-----w- c:\users\Lee\AppData\Roaming\FlyWheelGames

2009-12-25 09:54 . 2009-12-25 09:54 -------- d-----w- c:\users\Lee\AppData\Roaming\Ludia

2009-12-25 09:54 . 2009-12-25 09:54 -------- d-----w- c:\programdata\Ludia

2009-12-25 08:44 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar

2009-12-25 08:44 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar

2009-12-25 08:44 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery

2009-12-25 08:44 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration

2009-12-25 08:44 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender

2009-12-25 08:39 . 2009-12-25 08:39 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf

2009-12-22 03:37 . 2009-12-22 03:37 -------- d-----w- c:\programdata\Artist Colony

2009-12-21 12:47 . 2009-12-21 12:47 -------- d-----w- c:\users\Lee\AppData\Roaming\BrokenHearts

2009-12-21 00:18 . 2009-12-10 07:44 -------- d-----w- c:\users\Lee\AppData\Roaming\EscapeTheMuseum2

2009-12-18 09:54 . 2009-12-18 09:54 -------- d-----w- c:\users\Lee\AppData\Roaming\MastersOfMystery2

2009-12-18 09:25 . 2009-12-18 09:25 -------- d-----w- c:\users\Lee\AppData\Roaming\Games

2009-12-18 08:01 . 2009-12-18 08:01 -------- d-----w- c:\users\Lee\AppData\Roaming\Little Games Company

2009-12-18 08:01 . 2009-12-18 08:01 -------- d-----w- c:\programdata\Little Games Company

2009-12-18 02:35 . 2009-12-18 02:35 -------- d-----w- c:\users\Lee\AppData\Roaming\Gamers Digital

2009-12-18 02:35 . 2009-12-18 02:35 -------- d-----w- c:\programdata\Gamers Digital

2009-12-15 08:48 . 2009-12-15 08:48 -------- d-----w- c:\users\Lee\AppData\Roaming\ChaYoWo Games

2009-12-15 06:49 . 2009-12-15 06:49 -------- d-----w- c:\users\Lee\AppData\Roaming\Orneon

2009-12-14 09:32 . 2009-12-12 08:13 -------- d-----w- c:\users\Lee\AppData\Roaming\Big Fish Games

2009-12-12 05:41 . 2009-12-12 05:41 -------- d-----w- c:\users\Lee\AppData\Roaming\Curious Sense

2009-12-12 05:41 . 2009-12-12 05:41 -------- d-----w- c:\programdata\Curious Sense

2009-12-11 01:23 . 2009-12-11 01:20 -------- d-----w- c:\users\Lee\AppData\Roaming\Suspects and Clues Players

2009-12-11 01:20 . 2009-12-11 01:20 -------- d-----w- c:\users\Lee\AppData\Roaming\Suspects and Clues Prefs

2009-12-11 01:20 . 2009-12-11 01:20 -------- d-----w- c:\users\Lee\AppData\Roaming\Spinapse

2009-12-11 01:20 . 2009-12-11 01:20 -------- d-----w- c:\users\Lee\AppData\Roaming\IOMediaSupport6SZZ001s

2009-12-11 00:10 . 2009-12-02 12:11 -------- d-----w- c:\users\Lee\AppData\Roaming\blg

2009-12-11 00:10 . 2009-12-02 12:11 -------- d-----w- c:\programdata\blg

2009-12-08 11:32 . 2009-06-25 12:23 -------- d-----w- c:\programdata\JollyBear

2009-12-07 09:26 . 2009-12-07 09:26 -------- d-----w- c:\users\Lee\AppData\Roaming\Playrix Entertainment

2009-12-07 07:20 . 2009-12-07 07:19 -------- d-----w- c:\users\Lee\AppData\Roaming\TitanicMystery

2009-12-07 07:20 . 2009-12-07 07:20 -------- d-----w- c:\programdata\1912 Titanic Mystery

2009-12-06 02:46 . 2009-12-06 02:46 -------- d-----w- c:\users\Lee\AppData\Roaming\EPSON

2009-12-06 02:00 . 2009-11-25 10:02 -------- d-----w- c:\programdata\PopCap Games

2009-12-03 07:36 . 2009-12-03 07:36 2560 ----a-w- c:\windows\_MSRSTRT.EXE

2009-12-03 05:18 . 2009-12-03 05:18 249856 ----a-w- c:\programdata\PlayFirst\Games\components\pfMultiplayer.dll

2009-12-03 05:17 . 2009-12-03 05:17 466944 ----a-w- c:\programdata\PlayFirst\Games\pfHarness\pfHarness.dll

2009-12-03 03:51 . 2009-12-03 03:51 -------- d-----w- c:\users\Lee\AppData\Roaming\SpinTop

2009-12-02 11:10 . 2009-12-02 11:10 -------- d-----w- c:\users\Lee\AppData\Roaming\Dekovir

2009-12-02 09:46 . 2009-12-02 09:46 -------- d-----w- c:\users\Lee\AppData\Roaming\Cat's Eye Games

2009-11-29 06:45 . 2009-11-29 06:45 -------- d-----w- c:\users\Lee\AppData\Roaming\GamesCafe

2009-11-29 00:47 . 2009-11-29 00:47 -------- d-----w- c:\users\Lee\AppData\Roaming\cerasus.media

2009-11-28 22:02 . 2009-11-28 22:02 -------- d-----w- c:\users\Lee\AppData\Roaming\PopCapv1002

2009-11-28 22:02 . 2009-06-23 12:36 -------- d-----w- c:\programdata\SpinTop Games

2009-03-10 08:52 . 2009-03-10 08:41 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]

"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-11-18 966656]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-30 61440]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-03-31 217088]

"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]

"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]

"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-11-26 210216]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 206128]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]

"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-10-15 446556]

"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-08 240992]

"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"VistaSp2"=hex(b):b3,fa,b7,79,3f,85,ca,01

 

R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [25/01/2010 6:12 PM 28552]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NIS\1000000.07D\SymEFA.sys [10/03/2009 7:25 PM 309296]

R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NIS\1000000.07D\BHDrvx86.sys [10/03/2009 7:25 PM 254512]

R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NIS\1000000.07D\ccHPx86.sys [10/03/2009 7:25 PM 362544]

R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20080826.006\IDSVix86.sys [10/03/2009 7:25 PM 289840]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_e7ea6efc\AEstSrv.exe [24/05/2009 1:34 PM 77824]

R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [10/03/2009 7:25 PM 115560]

R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [10/03/2009 10:27 PM 365952]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [19/01/2010 4:11 PM 1153368]

R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [10/03/2009 7:39 PM 222512]

R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [24/01/2008 10:53 PM 52736]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/03/2009 7:25 PM 99376]

R3 usbfilter;AMD USB Filter Driver;c:\windows\System32\drivers\usbfilter.sys [22/06/2009 7:16 PM 22072]

S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21/01/2008 1:03 PM 21504]

S3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [21/07/2008 8:23 PM 100184]

S3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\NIS\1000000.07D\symndisv.sys [10/03/2009 7:25 PM 40496]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

bthsvcs REG_MULTI_SZ BthServ

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com.au/

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

.

- - - - ORPHANS REMOVED - - - -

 

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

AddRemove-BFGC - c:\program files\bfgclient\Uninstall.exe

AddRemove-com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 - c:\program files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-01-27 23:11

Windows 6.0.6002 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]

"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Completion time: 2010-01-27 23:15:23

ComboFix-quarantined-files.txt 2010-01-27 12:45

 

Pre-Run: 98,504,318,976 bytes free

Post-Run: 98,458,275,840 bytes free

 

- - End Of File - - 3B28362A72D098AE1A657558BC291695

 

HERE IS SECURITY CHECK report:

Results of screen317's Security Check version 0.99.1

Windows Vista Service Pack 2 (UAC is enabled)

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

Norton Internet Security

WMIC entry does not exist for antivirus; attempting automatic update.

``````````````````````````````

Anti-malware/Other Utilities Check:

Spybot - Search & Destroy

Java 6 Update 18

Java 6 Update 7

Java Auto Updater

Out of date Java installed!

Adobe Flash Player 10

Adobe Reader 9

``````````````````````````````

Process Check:

objlist.exe by Laurent

Norton ccSvcHst.exe

Windows Defender MSASCui.exe

``````````````````````````````

DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

 

`````````End of Log```````````

 

 

HERE IS MBAM log:

 

Malwarebytes' Anti-Malware 1.44

Database version: 3644

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18882

 

27/01/2010 10:01:52 PM

mbam-log-2010-01-27 (22-01-52).txt

 

Scan type: Quick Scan

Objects scanned: 112803

Time elapsed: 5 minute(s), 0 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 15

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{014da6c1-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{014da6cb-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{014da6c1-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Astrocom (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\NeoChronos (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

C:\Users\Lee\iexplore.exe (Trojan.Agent) -> Quarantined and deleted successfully.

 

 

HERE IS FRESH HJT LOG:

 

Logfile of Trend Micro HijackThis v2.0.3 (BETA)

Scan saved at 11:57:22 PM, on 27/01/2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18882)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\notepad.exe

C:\Windows\explorer.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\SearchFilterHost.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\IPSBHO.DLL

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll

O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll

O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll

O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

O4 - HKLM\..\Run: [updatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

O4 - HKLM\..\Run: [updatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe"

O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab

O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/JoJo's%20Fashion%20Show%202%20-%20Las%20Cruces/Images/armhelper.ocx

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e7ea6efc\aestsrv.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe

O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e7ea6efc\STacSV.exe

 

--

End of file - 9927 bytes

Share this post


Link to post
Share on other sites

 

Hello,

Firstly thank you very much for helping me and your instructions were great to understand! In regards to my system, typing of the keys appears to have been fixed, so whatever was attached to them was deleted because now I can type perfectly without it missing keys. Secondly the only problem I appear to have now is the fact that pages take about 20 times slower to open than before. So I thought it may not be spyware but other things, so i defragged system didnt work, cleared all temporary caches etc. and customised security settings and updates Java. Nothing seemed to improve it. it took me about five minutes to get this thread to load.

 

Good to know that your problem appears to have been fixed. Your logs appear clean.

 

Please print out these instructions or copy them to a Notepad file for an easer reading and download ATF Cleaner to your Desktop from here.

 

Please click ATF-Cleaner.exe (on your Desktop) to run the program.

Click Select All at the bottom of the list. Then click the Empty Selected button.

 

- If you use Firefox browser, please click Firefox at the top and choose Select All from the list. Then click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

 

- If you use Opera browser, please click Opera at the top and choose Select All from the list. Then click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

 

Click Exit on the Main menu to close the program.

 

Disabling these programs from the startup list can help for a better speed of your computer: LabelPrint, DVD Suite, Reader 9.0, Power2Go, PowerDirector, MSN Toolbar, Office12.

 

To do this, please run HijackThis and select "Do a system scan only".

 

Place a checkmark next to each entry referring to the program (in bold) you want to disable:

 

O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

O4 - HKLM\..\Run: [updatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

O4 - HKLM\..\Run: [updatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"

O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

 

Now please close all open windows except HJT and press "Fix checked". Then, reboot your computer.

 

Please let me know how your computer is functioning now.

--

 

P.S. Please when replying use the Add Reply button post-10-126012383895.gif. I do not need to see my previous instructions. Thank you!

Share this post


Link to post
Share on other sites

Hello

 

I am sorry for quoting you but that is one of the problems, pages and icons dont load properly and I just clicked to add reply but it all came up sorry! Also I think the computer is working a little better but I Cant get hijack this to delete the files. it says I need to be administrator to remove files. Im sorry i am not used to vista operating system. but could you please let me know how to be able to use hijack this to remove those start up files because that very well could be why computer is slow.could that be a reason?

Share this post


Link to post
Share on other sites

Hello Elilah2002,

 

Please right-click the HijackThis icon and choose "Run as Administrator".

 

:)

Share this post


Link to post
Share on other sites

Hello I think somthing has attacked my browser. the computer is really slow and pages wont load. I have a hjt log: thank you.It wont let me save my HJT Log to this tread. I am not sure what to do, if anyone coudhl itwuldbe mst appreciated!

 

Danielle

 

Hi,

 

Help us help you.

 

Please read this article and follow the protocol.

http://spywareinfoforum.com/index.php?showtopic=23382

Then submit a fresh HijackThis log. One of our helpers will take care of you. It's the only way we can give you sound advice.

 

Copy and paste your HijackThis log in your next reply.

=*=

Share this post


Link to post
Share on other sites

Originally I could do that with the version of hijack this I previously downloaded. But when i got your instructions an reinstalled it, it doesnt allow that option. So do you think I have the right edition, or should i reinstall it and see if that fixes it?

 

Cheers

danielle

Share this post


Link to post
Share on other sites

Please disable these programs and re-try:

 

  • Windows Defender by opening the program => Tools => General Settings and scroll down to Real Time Protection Options. Uncheck "Turn on Real Time Protection (recommended)" and click on the "Save" button. Then close Windows Defender.
     
  • Windows Firewall from the "Control panel" => "Security center"

Edited by lance_yien

Share this post


Link to post
Share on other sites

Hello I think somthing has attacked my browser. the computer is really slow and pages wont load. I have a hjt log: thank you.It wont let me save my HJT Log to this tread. I am not sure what to do, if anyone coudhl itwuldbe mst appreciated!

 

Danielle

 

Hi,

 

Help us help you.

 

Please read this article and follow the protocol.

http://spywareinfoforum.com/index.php?showtopic=23382

Then submit a fresh HijackThis log. One of our helpers will take care of you. It's the only way we can give you sound advice.

 

Copy and paste your HijackThis log in your next reply.

=*=

Share this post


Link to post
Share on other sites

Hello

 

I disabled the firewall and defender and redid the hijack this log but it still wouldnt let me remove the files. I have full admin right sunder this account, but when I try to use hiajck this I get an error message saying that

 

"For some reason your system denied write access to hosts file. if any hijacked domains are in this file, hijaqck this may not be able to fix them. if that happens you need to edit the file yourself. to do this: click start, run and type : notepadc;\windowns/system32\drivers\etc\hosts

 

and press enter. find the lines hijack this reports and delete them save the file as hosts and reboot.

 

for vista simply exit hijack this right click the icon and choose run as administrator.

 

I have the vista system, but I dont have run as administrator as one of the options.

Share this post


Link to post
Share on other sites

Hello Elilah2002,

 

Please download OTL by OldTimer to your Desktop from here or here.

 

  • Make sure all other windows are closed and double click on the icon to run it. Let it run uninterrupted.
     
  • When the window appears, underneath Output at the top change it to Minimal Output.
     
  • Check the boxes beside LOP Check and Purity Check.
     
  • Under the "Custom Scans/Fixes" box paste this in
     

    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    c:\$recycle.bin\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    explorer.exe
    svchost.exe
    userinit.exe
    qmgr.dll
    proquota.exe
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    Beep.SYS
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    ahcix86.sys
    srsvc.dll
    /md5stop
     
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
     
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
     
  • Please copy (Edit ->Select All, Edit -> Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

 

Note: If you can't post the logs into this thread, then please try to add them as an attachment.

 

If you can't do that either, then please send them to me as a Personal Message.

Edited by lance_yien

Share this post


Link to post
Share on other sites

Due to the lack of feedback, this topic is closed.

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

 

Everyone else, please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0