Jump to content


Photo

I think it is malware ZANGO - Merged


  • This topic is locked This topic is locked
16 replies to this topic

#1 Elilah2002

Elilah2002

    Member

  • Full Member
  • Pip
  • 24 posts

Posted 21 January 2010 - 09:13 AM

Hello something appears to have hacked my system causing several keys to not type properly and it issuper slow to open web pages. I have done a HJT log and was wondering if someonecould please look at it, as it looks pretty normal to me. SPYBOT says ZANGO has 28 entries which cant Remove! Thankyou in advance!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:42:51 AM, on 22/01/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIEDP.EXE
C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\RunOnce: [iWinArcadeIECleanup] C:\Users\Lee\AppData\Local\Temp\iWinArcadeAutocleanup.bat
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [EPSON TX100 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEDP.EXE /FU "C:\Windows\TEMP\E_S4A96.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-29-0.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/JoJo's%20Fashion%20Show%202%20-%20Las%20Cruces/Images/armhelper.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e7ea6efc\aestsrv.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: BrowserQuest Service - Unknown owner - C:\ProgramData\BrowserQuest\browserquest115.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e7ea6efc\STacSV.exe

--
End of file - 10312 bytes

#2 Elilah2002

Elilah2002

    Member

  • Full Member
  • Pip
  • 24 posts

Posted 22 January 2010 - 09:02 PM

Hello I think somthing has attacked my browser. the computer is really slow and pages wont load. I have a hjt log: thank you.It wont let me save my HJT Log to this tread. I am not sure what to do, if anyone coudhl itwuldbe mst appreciated!

Danielle

Hi,

Help us help you.

Please read this article and follow the protocol.
http://spywareinfofo...showtopic=23382
Then submit a fresh HijackThis log. One of our helpers will take care of you. It's the only way we can give you sound advice.

Copy and paste your HijackThis log in your next reply.

=*=

Edited by nasdaq, 23 January 2010 - 11:06 AM.
HijackThis log requested.


#3 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,523 posts

Posted 24 January 2010 - 04:13 PM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.


[this is an automated reply]
This is an automated message. It does not count as help.

#4 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,523 posts

Posted 25 January 2010 - 12:16 PM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.


[this is an automated reply]
This is an automated message. It does not count as help.

#5 Elilah2002

Elilah2002

    Member

  • Full Member
  • Pip
  • 24 posts

Posted 26 January 2010 - 01:20 AM

Hello I think somthing has attacked my browser. the computer is really slow and pages wont load. I have a hjt log: thank you.It wont let me save my HJT Log to this tread. I am not sure what to do, if anyone coudhl itwuldbe mst appreciated!

Danielle

Hi,

Help us help you.

Please read this article and follow the protocol.
http://spywareinfofo...showtopic=23382
Then submit a fresh HijackThis log. One of our helpers will take care of you. It's the only way we can give you sound advice.

Copy and paste your HijackThis log in your next reply.

=*=


Hi Sorry,

I think I posted my log somewhere else, so I have done your instructions to redownload HJT, and here is my fresh log. I must have a delay on my computer because message didnt come through until today. i confused becaue the reply on the log was to post it in the 3 days forum. but I must have posted it in the wrong section. Sorry for my confusion, and thank you for your help!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:34:49 PM, on 25/01/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [EPSON TX100 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEDP.EXE /FU "C:\Windows\TEMP\E_S4A96.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-29-0.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/JoJo's%20Fashion%20Show%202%20-%20Las%20Cruces/Images/armhelper.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e7ea6efc\aestsrv.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: BrowserQuest Service - Unknown owner - C:\ProgramData\BrowserQuest\browserquest117.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e7ea6efc\STacSV.exe

--
End of file - 10293 bytes

#6 lance_yien

lance_yien

    Forum Deity

  • Emeritus
  • PipPipPipPipPip
  • 2,442 posts

Posted 27 January 2010 - 05:09 AM

Hello Elilah2002 and welcome to SWI.

I'm lance_yien and will be helping you.

- Your log shows 2 antispyware programs running on your computer: "Spybot - Search & Destroy's TeaTimer", "Windows Defender".

Running more than one resident protection program of the same type (antivirus, firewall or antispyware program) at the same time can result in unwanted conflict.
This can reduce the effectiveness of all your programs individually and may slowdown your computer.


I suggest you disable these programs, and I will tell you what to do later:

  • To disable Spybot-S&D's TeaTimer, please run Spybot-S&D, go to the Mode menu and make sure Advanced Mode is selected.
    On the left hand side, choose Tools => Resident and uncheck Resident TeaTimer. Click and OK at any prompts. Then close Spybot-S&D.
  • To disable Windows Defender, please open the program => Tools => General Settings and scroll down to Real Time Protection Options. Uncheck "Turn on Real Time Protection (recommended)" and click on the "Save" button. Then close Windows Defender.

Please, print out these instructions or copy them to a Notepad file for an easer reading and download, to your Desktop:

  • Malwarebytes Anti-Malware from here or here
  • Security Check by screen317 from here or here.
  • ComboFix© by sUBs from here or here

Now, please make sure you are connected to the Internet and:

  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:

    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If you encounter any problems while downloading the updates, please manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:

    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer (see Note below).
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware, please see here

Then, please familiarize yourself with ComboFix here before running it.
I recommend you print out the information from this page or copy them to a Notepad file as well.

Please ensure you have disabled all anti virus and anti malware programs and run ComboFix.

Notes:

  • It is very important that you have the Windows Recovery Console installed because without it, ComboFix shall not attempt the fixing of some serious infections.
    It's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Please, DO NOT click ComboFix's window while it is running. This may cause it to hang.

Finally, please double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt

Please post the contents of that document with the Malwarebytes Anti-Malware log and C:\ComboFix.txt.
Please include a fresh HijackThis log and let me know how your computer is functioning now.

Edited by lance_yien, 27 January 2010 - 05:10 AM.

EI | SWI | ZEBULON | Posted Image | Posted Image

My help is free, but if you wish to help keep these forums running please consider a donation. Please, see here for details.

#7 Elilah2002

Elilah2002

    Member

  • Full Member
  • Pip
  • 24 posts

Posted 27 January 2010 - 08:31 AM

Hello Elilah2002 and welcome to SWI.

I'm lance_yien and will be helping you.

- Your log shows 2 antispyware programs running on your computer: "Spybot - Search & Destroy's TeaTimer", "Windows Defender".

Running more than one resident protection program of the same type (antivirus, firewall or antispyware program) at the same time can result in unwanted conflict.
This can reduce the effectiveness of all your programs individually and may slowdown your computer.


I suggest you disable these programs, and I will tell you what to do later:

  • To disable Spybot-S&D's TeaTimer, please run Spybot-S&D, go to the Mode menu and make sure Advanced Mode is selected.
    On the left hand side, choose Tools => Resident and uncheck Resident TeaTimer. Click and OK at any prompts. Then close Spybot-S&D.
  • To disable Windows Defender, please open the program => Tools => General Settings and scroll down to Real Time Protection Options. Uncheck "Turn on Real Time Protection (recommended)" and click on the "Save" button. Then close Windows Defender.

Please, print out these instructions or copy them to a Notepad file for an easer reading and download, to your Desktop:

  • Malwarebytes Anti-Malware from here or here
  • Security Check by screen317 from here or here.
  • ComboFix© by sUBs from here or here

Now, please make sure you are connected to the Internet and:

  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:

    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If you encounter any problems while downloading the updates, please manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:

    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer (see Note below).
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware, please see here

Then, please familiarize yourself with ComboFix here before running it.
I recommend you print out the information from this page or copy them to a Notepad file as well.

Please ensure you have disabled all anti virus and anti malware programs and run ComboFix.

Notes:

  • It is very important that you have the Windows Recovery Console installed because without it, ComboFix shall not attempt the fixing of some serious infections.
    It's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Please, DO NOT click ComboFix's window while it is running. This may cause it to hang.

Finally, please double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt

Please post the contents of that document with the Malwarebytes Anti-Malware log and C:\ComboFix.txt.
Please include a fresh HijackThis log and let me know how your computer is functioning now.



Hello,
Firstly thank you very much for helping me and your instructions were great to understand! In regards to my system, typing of the keys appears to have been fixed, so whatever was attached to them was deleted because now I can type perfectly without it missing keys. Secondly the only problem I appear to have now is the fact that pages take about 20 times slower to open than before. So I thought it may not be spyware but other things, so i defragged system didnt work, cleared all temporary caches etc. and customised security settings and updates Java. Nothing seemed to improve it. it took me about five minutes to get this thread to load.

So here is COMBO FIX report

ComboFix 10-01-26.05 - Lee 27/01/2010 23:02:48.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.61.1033.18.1789.1062 [GMT 10.5:30]
Running from: c:\users\Lee\Downloads\ComboFix1.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1160812510-1670133929-16812908-500
c:\$recycle.bin\S-1-5-21-718287445-650586682-4277700044-500
c:\windows\system32\oem6.inf

.
((((((((((((((((((((((((( Files Created from 2009-12-27 to 2010-01-27 )))))))))))))))))))))))))))))))
.

2010-01-27 12:41 . 2010-01-27 12:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-27 12:41 . 2010-01-27 12:41 -------- d-----w- c:\users\Danielle\AppData\Local\temp
2010-01-27 11:18 . 2010-01-27 11:18 -------- d-----w- c:\users\Lee\AppData\Roaming\Malwarebytes
2010-01-27 11:18 . 2010-01-07 05:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-27 11:17 . 2010-01-27 11:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-27 11:17 . 2010-01-27 11:17 -------- d-----w- c:\programdata\Malwarebytes
2010-01-27 11:17 . 2010-01-07 05:37 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-27 07:31 . 2010-01-27 07:31 -------- d-----w- c:\users\Danielle\AppData\Local\Hewlett-Packard
2010-01-27 07:31 . 2010-01-27 07:31 -------- d-----w- c:\users\Danielle\AppData\Roaming\Hewlett-Packard
2010-01-27 07:30 . 2010-01-27 07:30 -------- d-----w- c:\users\Danielle\AppData\Roaming\ATI
2010-01-27 07:30 . 2010-01-27 07:30 -------- d-----w- c:\users\Danielle\AppData\Local\ATI
2010-01-27 07:30 . 2010-01-27 07:30 106968 ----a-w- c:\users\Danielle\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-26 06:11 . 2010-01-26 06:11 388096 ----a-r- c:\users\Lee\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-01-26 06:11 . 2010-01-26 06:11 -------- d-----w- c:\program files\TrendMicro
2010-01-25 07:42 . 2009-06-29 23:07 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-01-23 03:25 . 2010-01-23 03:25 -------- d-----w- c:\users\Lee\AppData\Roaming\Fever Frenzy
2010-01-23 01:56 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-01-23 01:56 . 2009-11-03 19:41 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-01-23 01:56 . 2009-11-03 21:43 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-01-23 01:56 . 2009-11-03 21:42 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-01-22 10:46 . 2010-01-22 10:46 -------- d-----w- c:\users\Lee\AppData\Roaming\PoBros
2010-01-22 10:46 . 2010-01-22 10:46 -------- d-----w- c:\programdata\PoBros
2010-01-22 03:03 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll
2010-01-22 03:03 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-01-21 13:48 . 2010-01-21 13:48 -------- d-----w- c:\program files\Trend Micro
2010-01-21 12:21 . 2009-12-17 06:44 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-19 10:33 . 2010-01-19 10:33 -------- d-----w- c:\users\Lee\AppData\Roaming\Go-Go Gourmet Chef of the Year
2010-01-19 05:50 . 2010-01-25 07:42 -------- d-----w- c:\program files\Panda Security
2010-01-19 05:41 . 2010-01-19 09:29 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-19 05:41 . 2010-01-19 05:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-18 10:56 . 2010-01-18 10:56 -------- d-----w- c:\users\Lee\AppData\Roaming\casanova
2010-01-18 06:45 . 2010-01-18 06:45 -------- d-----w- c:\programdata\Becky Brogan
2010-01-16 09:05 . 2010-01-16 09:05 -------- d-----w- c:\users\Lee\AppData\Roaming\TheFixerUpper
2010-01-15 09:50 . 2010-01-15 09:50 -------- d-----w- c:\programdata\WildWestQuest2
2010-01-15 09:45 . 2010-01-15 09:45 -------- d-----w- c:\programdata\HiddenSecretsNightmare
2010-01-13 06:49 . 2010-01-13 06:49 -------- d-----w- c:\users\Lee\AppData\Roaming\WildTangentv1002
2010-01-13 05:56 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 05:56 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-10 00:31 . 2010-01-10 00:31 -------- d-----w- c:\users\Lee\AppData\Local\Seven Zip
2010-01-09 09:34 . 2010-01-09 09:34 -------- d-----w- c:\users\Lee\AppData\Roaming\WildGames 3 Days Zoo Mystery
2010-01-07 09:16 . 2010-01-07 09:18 -------- d-----w- c:\program files\Jojos Fashion Show World Tour
2010-01-07 09:15 . 2006-10-26 09:26 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-01-07 09:15 . 2006-10-26 09:26 32592 ----a-w- c:\windows\system32\msonpmon.dll
2010-01-07 08:55 . 2010-01-07 08:55 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-01-07 07:49 . 2010-01-07 07:51 -------- d-----w- c:\users\Lee\AppData\Roaming\Virtual City
2010-01-06 11:54 . 2010-01-06 11:54 -------- d-----w- c:\users\Lee\AppData\Roaming\Little Worlds Online
2010-01-06 07:28 . 2010-01-06 07:28 -------- d-----w- c:\users\Lee\AppData\Roaming\Awem
2010-01-06 06:23 . 2010-01-06 06:23 -------- d-----w- c:\users\Lee\AppData\Roaming\Princess Isabella
2010-01-06 02:47 . 2010-01-06 02:47 -------- d-----w- c:\users\Lee\AppData\Local\Grubby Games
2010-01-06 02:43 . 2010-01-06 02:43 -------- d-----w- c:\users\Lee\AppData\Local\sowhat
2010-01-05 04:32 . 2010-01-05 04:32 -------- d-----w- c:\users\Lee\AppData\Roaming\LaJangada
2010-01-05 02:31 . 2010-01-06 02:53 -------- d-----w- c:\users\Lee\AppData\Roaming\Winv1001
2010-01-05 02:00 . 2010-01-05 02:00 -------- d-----w- c:\users\Lee\AppData\Local\STARGAZE_IMAGE_CACHE
2010-01-05 02:00 . 2010-01-05 02:00 -------- d-----w- c:\programdata\Alawar Stargaze
2010-01-05 00:31 . 2010-01-05 00:31 -------- d-----w- c:\programdata\Kristanix Games
2010-01-04 09:05 . 2010-01-27 01:46 -------- d-----w- c:\program files\WildGames
2010-01-04 08:54 . 2010-01-04 08:54 -------- d-----w- c:\users\Lee\AppData\Roaming\YoudaGames
2010-01-04 08:25 . 2010-01-04 08:25 -------- d-----w- c:\users\Lee\AppData\Roaming\Gold Casual Games
2010-01-04 03:42 . 2010-01-04 03:42 -------- d-----w- c:\programdata\BC Soft Games
2010-01-04 02:36 . 2010-01-04 02:37 -------- d-----w- c:\users\Lee\AppData\Roaming\GTM_Bodie
2010-01-04 02:32 . 2010-01-04 02:33 -------- d-----w- c:\users\Lee\AppData\Local\FireAndIce
2010-01-04 01:24 . 2010-01-04 01:24 -------- d-----w- c:\users\Lee\AppData\Roaming\Winv1002
2010-01-03 23:16 . 2010-01-03 23:16 -------- d-----w- c:\programdata\GameHouse
2010-01-02 07:09 . 2010-01-06 03:53 -------- d-----w- c:\users\Lee\AppData\Roaming\Merscom
2010-01-02 07:09 . 2010-01-06 03:53 -------- d-----w- c:\programdata\Merscom
2010-01-02 03:50 . 2010-01-02 03:50 -------- d-----w- c:\users\Lee\AppData\Local\AlwaysNeat
2010-01-01 11:42 . 2010-01-01 11:42 -------- d-----w- c:\program files\Microsoft
2010-01-01 11:42 . 2010-01-01 11:42 -------- d-----w- c:\program files\MSN Toolbar
2010-01-01 11:42 . 2010-01-01 11:42 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-01 11:41 . 2010-01-01 11:43 -------- d-----w- c:\program files\MSN Toolbar Installer
2010-01-01 07:54 . 2010-01-18 02:05 -------- d-----w- c:\users\Lee\AppData\Roaming\Flood Light Games
2010-01-01 07:54 . 2010-01-18 02:05 -------- d-----w- c:\programdata\Flood Light Games
2010-01-01 00:50 . 2010-01-01 00:50 -------- d-----w- c:\programdata\GhostFleet
2010-01-01 00:50 . 2010-01-01 00:51 -------- d-----w- c:\users\Lee\AppData\Roaming\GhostFleet
2010-01-01 00:38 . 2010-01-01 00:38 -------- d-----w- c:\users\Lee\AppData\Roaming\URSE Games
2009-12-31 23:35 . 2009-12-31 23:35 -------- d-----w- c:\users\Lee\AppData\Roaming\ValuSoft
2009-12-31 23:35 . 2009-12-31 23:35 -------- d-----w- c:\programdata\ValuSoft
2009-12-31 23:26 . 2010-01-01 10:12 -------- d-----w- c:\users\Lee\AppData\Roaming\Friday's games
2009-12-31 08:47 . 2009-12-31 08:47 -------- d-----w- c:\program files\ReflexiveArcade

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-27 11:32 . 2009-03-10 08:18 12 ----a-w- c:\windows\bthservsdp.dat
2010-01-27 01:45 . 2009-03-10 09:22 -------- d-----w- c:\programdata\WildTangent
2010-01-26 12:10 . 2009-03-10 11:03 -------- d-----w- c:\program files\Common Files\Java
2010-01-26 12:09 . 2009-03-10 11:03 -------- d-----w- c:\program files\Java
2010-01-23 03:19 . 2009-12-27 09:16 -------- d-----w- c:\users\Lee\AppData\Roaming\Boomzap
2010-01-22 04:35 . 2009-08-02 13:40 -------- d-----w- c:\programdata\MumboJumbo
2010-01-21 11:10 . 2009-11-24 07:44 -------- d-----w- c:\programdata\iWin Games
2010-01-18 14:25 . 2009-06-29 07:11 -------- d-----w- c:\users\Lee\AppData\Roaming\PlayFirst
2010-01-18 14:25 . 2009-06-29 07:11 -------- d-----w- c:\programdata\PlayFirst
2010-01-17 07:05 . 2009-12-07 06:05 -------- d-----w- c:\users\Lee\AppData\Roaming\MysteryStudio
2010-01-14 00:42 . 2009-11-08 11:00 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 16:34 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-12 07:00 . 2009-12-12 12:29 -------- d-----w- c:\users\Lee\AppData\Roaming\iMaxGen
2010-01-10 00:41 . 2009-11-28 02:58 -------- d-----w- c:\program files\iWin.com
2010-01-09 00:56 . 2009-06-22 08:51 106968 ----a-w- c:\users\Lee\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-07 09:24 . 2009-03-10 09:41 -------- d-----w- c:\programdata\Microsoft Help
2010-01-07 09:08 . 2006-11-02 12:35 -------- d-----w- c:\program files\MSBuild
2010-01-07 09:01 . 2009-03-10 09:45 -------- d-----w- c:\program files\Microsoft Works
2010-01-06 11:39 . 2009-07-15 09:18 -------- d-----w- c:\programdata\Gogii
2010-01-05 22:20 . 2009-11-19 11:20 -------- d-----w- c:\program files\RealArcade
2010-01-05 22:19 . 2009-06-28 10:08 -------- d-----w- c:\users\Lee\AppData\Roaming\Gamelab
2010-01-05 03:32 . 2009-12-07 10:27 -------- d-----w- c:\users\Lee\AppData\Roaming\SpinTop Games
2010-01-02 06:38 . 2010-01-22 03:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 03:28 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-22 03:28 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-22 03:28 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-29 08:32 . 2009-12-29 08:32 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-12-27 21:41 . 2009-12-27 21:41 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-12-27 21:14 . 2009-12-27 21:14 -------- d-----w- c:\program files\Windows Portable Devices
2009-12-27 21:14 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-27 06:25 . 2009-08-02 13:46 -------- d-----w- c:\users\Lee\AppData\Roaming\funkitron
2009-12-27 05:25 . 2009-12-27 05:25 -------- d-----w- c:\users\Lee\AppData\Roaming\Mean Hamster Software
2009-12-27 05:25 . 2009-12-27 05:25 -------- d-----w- c:\programdata\Mean Hamster Software
2009-12-27 04:34 . 2009-12-27 04:34 -------- d-----w- c:\users\Lee\AppData\Roaming\FlyWheelGames
2009-12-25 09:54 . 2009-12-25 09:54 -------- d-----w- c:\users\Lee\AppData\Roaming\Ludia
2009-12-25 09:54 . 2009-12-25 09:54 -------- d-----w- c:\programdata\Ludia
2009-12-25 08:44 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-12-25 08:44 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2009-12-25 08:44 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2009-12-25 08:44 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2009-12-25 08:44 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2009-12-25 08:39 . 2009-12-25 08:39 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
2009-12-22 03:37 . 2009-12-22 03:37 -------- d-----w- c:\programdata\Artist Colony
2009-12-21 12:47 . 2009-12-21 12:47 -------- d-----w- c:\users\Lee\AppData\Roaming\BrokenHearts
2009-12-21 00:18 . 2009-12-10 07:44 -------- d-----w- c:\users\Lee\AppData\Roaming\EscapeTheMuseum2
2009-12-18 09:54 . 2009-12-18 09:54 -------- d-----w- c:\users\Lee\AppData\Roaming\MastersOfMystery2
2009-12-18 09:25 . 2009-12-18 09:25 -------- d-----w- c:\users\Lee\AppData\Roaming\Games
2009-12-18 08:01 . 2009-12-18 08:01 -------- d-----w- c:\users\Lee\AppData\Roaming\Little Games Company
2009-12-18 08:01 . 2009-12-18 08:01 -------- d-----w- c:\programdata\Little Games Company
2009-12-18 02:35 . 2009-12-18 02:35 -------- d-----w- c:\users\Lee\AppData\Roaming\Gamers Digital
2009-12-18 02:35 . 2009-12-18 02:35 -------- d-----w- c:\programdata\Gamers Digital
2009-12-15 08:48 . 2009-12-15 08:48 -------- d-----w- c:\users\Lee\AppData\Roaming\ChaYoWo Games
2009-12-15 06:49 . 2009-12-15 06:49 -------- d-----w- c:\users\Lee\AppData\Roaming\Orneon
2009-12-14 09:32 . 2009-12-12 08:13 -------- d-----w- c:\users\Lee\AppData\Roaming\Big Fish Games
2009-12-12 05:41 . 2009-12-12 05:41 -------- d-----w- c:\users\Lee\AppData\Roaming\Curious Sense
2009-12-12 05:41 . 2009-12-12 05:41 -------- d-----w- c:\programdata\Curious Sense
2009-12-11 01:23 . 2009-12-11 01:20 -------- d-----w- c:\users\Lee\AppData\Roaming\Suspects and Clues Players
2009-12-11 01:20 . 2009-12-11 01:20 -------- d-----w- c:\users\Lee\AppData\Roaming\Suspects and Clues Prefs
2009-12-11 01:20 . 2009-12-11 01:20 -------- d-----w- c:\users\Lee\AppData\Roaming\Spinapse
2009-12-11 01:20 . 2009-12-11 01:20 -------- d-----w- c:\users\Lee\AppData\Roaming\IOMediaSupport6SZZ001s
2009-12-11 00:10 . 2009-12-02 12:11 -------- d-----w- c:\users\Lee\AppData\Roaming\blg
2009-12-11 00:10 . 2009-12-02 12:11 -------- d-----w- c:\programdata\blg
2009-12-08 11:32 . 2009-06-25 12:23 -------- d-----w- c:\programdata\JollyBear
2009-12-07 09:26 . 2009-12-07 09:26 -------- d-----w- c:\users\Lee\AppData\Roaming\Playrix Entertainment
2009-12-07 07:20 . 2009-12-07 07:19 -------- d-----w- c:\users\Lee\AppData\Roaming\TitanicMystery
2009-12-07 07:20 . 2009-12-07 07:20 -------- d-----w- c:\programdata\1912 Titanic Mystery
2009-12-06 02:46 . 2009-12-06 02:46 -------- d-----w- c:\users\Lee\AppData\Roaming\EPSON
2009-12-06 02:00 . 2009-11-25 10:02 -------- d-----w- c:\programdata\PopCap Games
2009-12-03 07:36 . 2009-12-03 07:36 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2009-12-03 05:18 . 2009-12-03 05:18 249856 ----a-w- c:\programdata\PlayFirst\Games\components\pfMultiplayer.dll
2009-12-03 05:17 . 2009-12-03 05:17 466944 ----a-w- c:\programdata\PlayFirst\Games\pfHarness\pfHarness.dll
2009-12-03 03:51 . 2009-12-03 03:51 -------- d-----w- c:\users\Lee\AppData\Roaming\SpinTop
2009-12-02 11:10 . 2009-12-02 11:10 -------- d-----w- c:\users\Lee\AppData\Roaming\Dekovir
2009-12-02 09:46 . 2009-12-02 09:46 -------- d-----w- c:\users\Lee\AppData\Roaming\Cat's Eye Games
2009-11-29 06:45 . 2009-11-29 06:45 -------- d-----w- c:\users\Lee\AppData\Roaming\GamesCafe
2009-11-29 00:47 . 2009-11-29 00:47 -------- d-----w- c:\users\Lee\AppData\Roaming\cerasus.media
2009-11-28 22:02 . 2009-11-28 22:02 -------- d-----w- c:\users\Lee\AppData\Roaming\PopCapv1002
2009-11-28 22:02 . 2009-06-23 12:36 -------- d-----w- c:\programdata\SpinTop Games
2009-03-10 08:52 . 2009-03-10 08:41 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-11-18 966656]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-30 61440]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-03-31 217088]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-11-26 210216]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 206128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-10-15 446556]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-08 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):b3,fa,b7,79,3f,85,ca,01

R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [25/01/2010 6:12 PM 28552]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NIS\1000000.07D\SymEFA.sys [10/03/2009 7:25 PM 309296]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NIS\1000000.07D\BHDrvx86.sys [10/03/2009 7:25 PM 254512]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NIS\1000000.07D\ccHPx86.sys [10/03/2009 7:25 PM 362544]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20080826.006\IDSVix86.sys [10/03/2009 7:25 PM 289840]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_e7ea6efc\AEstSrv.exe [24/05/2009 1:34 PM 77824]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [10/03/2009 7:25 PM 115560]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [10/03/2009 10:27 PM 365952]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [19/01/2010 4:11 PM 1153368]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [10/03/2009 7:39 PM 222512]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [24/01/2008 10:53 PM 52736]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/03/2009 7:25 PM 99376]
R3 usbfilter;AMD USB Filter Driver;c:\windows\System32\drivers\usbfilter.sys [22/06/2009 7:16 PM 22072]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21/01/2008 1:03 PM 21504]
S3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [21/07/2008 8:23 PM 100184]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\NIS\1000000.07D\symndisv.sys [10/03/2009 7:25 PM 40496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-BFGC - c:\program files\bfgclient\Uninstall.exe
AddRemove-com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 - c:\program files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-27 23:11
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-01-27 23:15:23
ComboFix-quarantined-files.txt 2010-01-27 12:45

Pre-Run: 98,504,318,976 bytes free
Post-Run: 98,458,275,840 bytes free

- - End Of File - - 3B28362A72D098AE1A657558BC291695

HERE IS SECURITY CHECK report:
Results of screen317's Security Check version 0.99.1
Windows Vista Service Pack 2 (UAC is enabled)
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Norton Internet Security
WMIC entry does not exist for antivirus; attempting automatic update.
``````````````````````````````
Anti-malware/Other Utilities Check:

Spybot - Search & Destroy
Java™ 6 Update 18
Java™ 6 Update 7
Java Auto Updater
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 9
``````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
Windows Defender MSASCui.exe
``````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````


HERE IS MBAM log:

Malwarebytes' Anti-Malware 1.44
Database version: 3644
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

27/01/2010 10:01:52 PM
mbam-log-2010-01-27 (22-01-52).txt

Scan type: Quick Scan
Objects scanned: 112803
Time elapsed: 5 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 15
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{014da6c1-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{014da6cb-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{014da6c1-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Astrocom (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NeoChronos (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Lee\iexplore.exe (Trojan.Agent) -> Quarantined and deleted successfully.


HERE IS FRESH HJT LOG:

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 11:57:22 PM, on 27/01/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\notepad.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-29-0.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/JoJo's%20Fashion%20Show%202%20-%20Las%20Cruces/Images/armhelper.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e7ea6efc\aestsrv.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e7ea6efc\STacSV.exe

--
End of file - 9927 bytes

#8 lance_yien

lance_yien

    Forum Deity

  • Emeritus
  • PipPipPipPipPip
  • 2,442 posts

Posted 27 January 2010 - 11:57 AM

Hello,
Firstly thank you very much for helping me and your instructions were great to understand! In regards to my system, typing of the keys appears to have been fixed, so whatever was attached to them was deleted because now I can type perfectly without it missing keys. Secondly the only problem I appear to have now is the fact that pages take about 20 times slower to open than before. So I thought it may not be spyware but other things, so i defragged system didnt work, cleared all temporary caches etc. and customised security settings and updates Java. Nothing seemed to improve it. it took me about five minutes to get this thread to load.


Good to know that your problem appears to have been fixed. Your logs appear clean.

Please print out these instructions or copy them to a Notepad file for an easer reading and download ATF Cleaner to your Desktop from here.

Please click ATF-Cleaner.exe (on your Desktop) to run the program.
Click Select All at the bottom of the list. Then click the Empty Selected button.

- If you use Firefox browser, please click Firefox at the top and choose Select All from the list. Then click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

- If you use Opera browser, please click Opera at the top and choose Select All from the list. Then click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Disabling these programs from the startup list can help for a better speed of your computer: LabelPrint, DVD Suite, Reader 9.0, Power2Go, PowerDirector, MSN Toolbar, Office12.

To do this, please run HijackThis and select "Do a system scan only".

Place a checkmark next to each entry referring to the program (in bold) you want to disable:

O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"


Now please close all open windows except HJT and press "Fix checked". Then, reboot your computer.

Please let me know how your computer is functioning now.
--

P.S. Please when replying use the Add Reply button Posted Image. I do not need to see my previous instructions. Thank you!
EI | SWI | ZEBULON | Posted Image | Posted Image

My help is free, but if you wish to help keep these forums running please consider a donation. Please, see here for details.

#9 Elilah2002

Elilah2002

    Member

  • Full Member
  • Pip
  • 24 posts

Posted 28 January 2010 - 02:51 AM

Hello

I am sorry for quoting you but that is one of the problems, pages and icons dont load properly and I just clicked to add reply but it all came up sorry! Also I think the computer is working a little better but I Cant get hijack this to delete the files. it says I need to be administrator to remove files. Im sorry i am not used to vista operating system. but could you please let me know how to be able to use hijack this to remove those start up files because that very well could be why computer is slow.could that be a reason?

#10 lance_yien

lance_yien

    Forum Deity

  • Emeritus
  • PipPipPipPipPip
  • 2,442 posts

Posted 28 January 2010 - 04:50 AM

Hello Elilah2002,

Please right-click the HijackThis icon and choose "Run as Administrator".

:)
EI | SWI | ZEBULON | Posted Image | Posted Image

My help is free, but if you wish to help keep these forums running please consider a donation. Please, see here for details.

#11 Elilah2002

Elilah2002

    Member

  • Full Member
  • Pip
  • 24 posts

Posted 28 January 2010 - 05:20 AM

Hello I think somthing has attacked my browser. the computer is really slow and pages wont load. I have a hjt log: thank you.It wont let me save my HJT Log to this tread. I am not sure what to do, if anyone coudhl itwuldbe mst appreciated!

Danielle

Hi,

Help us help you.

Please read this article and follow the protocol.
http://spywareinfofo...showtopic=23382
Then submit a fresh HijackThis log. One of our helpers will take care of you. It's the only way we can give you sound advice.

Copy and paste your HijackThis log in your next reply.

=*=



#12 Elilah2002

Elilah2002

    Member

  • Full Member
  • Pip
  • 24 posts

Posted 28 January 2010 - 05:22 AM

Originally I could do that with the version of hijack this I previously downloaded. But when i got your instructions an reinstalled it, it doesnt allow that option. So do you think I have the right edition, or should i reinstall it and see if that fixes it?

Cheers
danielle

#13 lance_yien

lance_yien

    Forum Deity

  • Emeritus
  • PipPipPipPipPip
  • 2,442 posts

Posted 28 January 2010 - 07:38 AM

Please disable these programs and re-try:

  • Windows Defender by opening the program => Tools => General Settings and scroll down to Real Time Protection Options. Uncheck "Turn on Real Time Protection (recommended)" and click on the "Save" button. Then close Windows Defender.
  • Windows Firewall from the "Control panel" => "Security center"

Edited by lance_yien, 28 January 2010 - 07:38 AM.

EI | SWI | ZEBULON | Posted Image | Posted Image

My help is free, but if you wish to help keep these forums running please consider a donation. Please, see here for details.

#14 Elilah2002

Elilah2002

    Member

  • Full Member
  • Pip
  • 24 posts

Posted 28 January 2010 - 07:47 PM

Hello I think somthing has attacked my browser. the computer is really slow and pages wont load. I have a hjt log: thank you.It wont let me save my HJT Log to this tread. I am not sure what to do, if anyone coudhl itwuldbe mst appreciated!

Danielle

Hi,

Help us help you.

Please read this article and follow the protocol.
http://spywareinfofo...showtopic=23382
Then submit a fresh HijackThis log. One of our helpers will take care of you. It's the only way we can give you sound advice.

Copy and paste your HijackThis log in your next reply.

=*=



#15 Elilah2002

Elilah2002

    Member

  • Full Member
  • Pip
  • 24 posts

Posted 28 January 2010 - 07:55 PM

Hello

I disabled the firewall and defender and redid the hijack this log but it still wouldnt let me remove the files. I have full admin right sunder this account, but when I try to use hiajck this I get an error message saying that

"For some reason your system denied write access to hosts file. if any hijacked domains are in this file, hijaqck this may not be able to fix them. if that happens you need to edit the file yourself. to do this: click start, run and type : notepadc;\windowns/system32\drivers\etc\hosts

and press enter. find the lines hijack this reports and delete them save the file as hosts and reboot.

for vista simply exit hijack this right click the icon and choose run as administrator.

I have the vista system, but I dont have run as administrator as one of the options.

#16 lance_yien

lance_yien

    Forum Deity

  • Emeritus
  • PipPipPipPipPip
  • 2,442 posts

Posted 29 January 2010 - 02:31 AM

Hello Elilah2002,

Please download OTL by OldTimer to your Desktop from here or here.

  • Make sure all other windows are closed and double click on the icon to run it. Let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the "Custom Scans/Fixes" box paste this in


    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    c:\$recycle.bin\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    explorer.exe
    svchost.exe
    userinit.exe
    qmgr.dll
    proquota.exe
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    Beep.SYS
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    ahcix86.sys
    srsvc.dll
    /md5stop

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit ->Select All, Edit -> Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Note: If you can't post the logs into this thread, then please try to add them as an attachment.

If you can't do that either, then please send them to me as a Personal Message.

Edited by lance_yien, 29 January 2010 - 03:13 AM.

EI | SWI | ZEBULON | Posted Image | Posted Image

My help is free, but if you wish to help keep these forums running please consider a donation. Please, see here for details.

#17 lance_yien

lance_yien

    Forum Deity

  • Emeritus
  • PipPipPipPipPip
  • 2,442 posts

Posted 22 February 2010 - 05:42 AM

Due to the lack of feedback, this topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else, please begin a New Topic.
EI | SWI | ZEBULON | Posted Image | Posted Image

My help is free, but if you wish to help keep these forums running please consider a donation. Please, see here for details.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button