Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trying to sort through damage done by Antispyware Soft, please help!


  • This topic is locked This topic is locked
11 replies to this topic

#1 EddieHades

EddieHades

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:57 PM

Posted 21 September 2010 - 09:08 AM

Hey there folks, I am in great need of some outside help, as I've been struggling to fix my fiancee's laptop for 2 days now, and all I really have to show for it are theories about what "may" be causing it. My main theory is a nasty bit of work that got on the system back in May of this year, Antispyware Soft, as although I did eventually remove it, I think the damage had already been done. After I had removed it, the only damage that I could readily see was that the Windows Security Center wouldn't turn on, and after some trying to fix it and not being able too, I just kinda assumed that whatever damage had been done to it was probably beyond my scope to be fixing, if it could be fixed at all. However a while ago on a whim I had another crack at it and actually got it working, and so I assumed that was that.

On top of that, and possibly as a direct result of it, for the last a couple pf months now we've had this Google Redirect virus on the laptop, and as hard as I tried to make the redirects stop, I couldn't figure it out and for some unknown reason I didn't think to...ya know...actually post the problem on here.

Anyway, a couple of days ago a friend of mine was trying to get the laptop to run better for me and he mentioned that I only had Servi ce Pack 1 for Vista on my system and that if I got Service Pack 2 it would likely solve quite a few of the performance problems that it had been having. So when I got home, I went to try to find Service Pack 2, and this is where my problems started because Windows Update wouldn't connect, and would keep giving me the error code 80072efd. So then I thought that I'd just download it manually from Microsoft's site, only problem being is that I get as far as this page:

http://www.microsoft.com/downloads/en/deta...;displaylang=en

Then I click the download button and then I get the "Internet Explorer cannot display the webpage" error page.

So then I thought that maybe I still had a virus on my computer, so I thought I would use MalwareBytes to do I scan, but first I wanted to get the latest update for it, so I tried to do that and got an error message saying:

"An Error occurred. Please report the following error code to the MalwareBytes' Anti Malware support team.

Error Code: 732 (12007,0)"

So then I thought I'd try an online virus scanner, so I went to the Trend Micro site to use its online virus scanner and downloaded the install for it and once its opened it gets as far as checking for component updates and at varying points during the process it has a fit and gives me this error:

"Unable to complete the download. Please ensure you have Internet connection and try again.

(E:1082046195:0)"

I'm at my wits end with it, I don't know what else to try as it seems like everything that I try to do to fix it ends with some kind of error message.

I'm running Windows Vista Home Basic.

I've gotten the logs that it said that I needed, though I had trouble with getting the gmer log, as I followed the link I was given from this site, but when I tried to start it, it started off ok, but then it would end up crashing and giving me a blue screen error and then promptly restart the laptop.

Oh and here is a link to my original post:

http://www.bleepingcomputer.com/forums/topic348528.html

In any case here is the DDS log and the attachment smile.gif

Let me know what to do about the gmer log.

DDS (Ver_10-03-17.01) - NTFSx86
Run by clinton at 21:52:55.97 on Tue 21/09/2010
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_16
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.65.1033.18.954.165 [GMT 10:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Nero\Update\NASvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe
C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Users\clinton\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://ed-hades.livejournal.com/friends/
uSearch Bar = Preserve
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_sg&c=91&bd=Presario&pf=cnnb
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>;*.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SSDMonitor] c:\program files\common files\pc tools\smonitor\SSDMonitor.exe
mRun: [WordWeb] "c:\program files\wordweb\wweb32.exe" -startup
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [Everything] "c:\program files\everything\Everything.exe" -startup
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
StartupFolder: c:\users\clinton\appdata\roaming\micros~1\windows\startm~1\programs\startup\remind~1.lnk - c:\users\clinton\desktop\reminder.txt
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: microsoft.com\v4.windowsupdate
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: microsoft.com\www
Trusted Zone: microsoft.com\www.update
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.1.0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 93.188.164.140,93.188.166.236
TCP: {88D91933-41DE-44AB-B477-4501916864AF} = 93.188.164.140,93.188.166.236
TCP: {DFD14907-81E7-4F29-8222-1C5A12A6FB71} = 93.188.164.140,93.188.166.236
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\clinton\appdata\roaming\mozilla\firefox\profiles\k82hwsfh.default\
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\plugins\nphpclipbook.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 Crlscsi;Crlscsi;c:\windows\system32\drivers\crlscsi.sys [2010-4-23 6144]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-11 67656]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-5-9 236368]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-3-25 490280]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-6-7 583640]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-10-26 365952]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-10-26 193840]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-30 112128]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-5-9 19160]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-18 12872]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-6 136176]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2010-5-27 84832]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-3-28 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

=============== Created Last 30 ================

2010-09-21 09:42:29 26005 ----a-w- c:\windows\system32\sfcdetails
2010-09-20 12:47:13 0 d-----w- c:\program files\Everything
2010-09-20 09:36:08 0 d-----w- c:\windows\pss
2010-09-20 09:23:37 0 d-----w- c:\program files\CCleaner
2010-09-20 03:02:00 0 d-----w- c:\users\clinton\Office Genuine Advantage
2010-09-19 16:45:31 0 d-----w- c:\windows\system32\EventProviders
2010-09-19 15:50:25 0 d-----w- c:\programdata\Office Genuine Advantage
2010-09-19 14:24:04 0 d-----w- c:\program files\Defraggler
2010-09-19 14:21:14 0 d-----w- c:\windows\system32\x64
2010-09-19 14:07:56 0 d-----w- c:\program files\SystemRequirementsLab
2010-09-19 11:33:06 0 d-----w- c:\program files\common files\Steam
2010-09-19 11:33:01 0 d-----w- c:\program files\Steam
2010-09-09 03:46:13 25 ----a-w- c:\windows\cdplayer.ini
2010-09-09 03:40:30 0 d-----w- c:\program files\common files\xing shared
2010-09-09 03:39:33 0 d-----w- c:\programdata\Real
2010-09-09 03:39:33 0 d-----w- c:\program files\common files\Real

==================== Find3M ====================

2010-09-19 14:21:45 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-09-19 14:21:45 86016 ----a-w- c:\windows\inf\infstor.dat
2010-09-19 14:21:45 51200 ----a-w- c:\windows\inf\infpub.dat
2010-07-19 07:18:22 8198680 ----a-w- c:\windows\system32\TVWSetup.exe
2010-07-19 07:18:20 948760 ----a-w- c:\windows\system32\igxpun.exe
2010-07-19 07:18:18 136216 ----a-w- c:\windows\system32\igfxtray.exe
2010-07-19 07:18:16 266776 ----a-w- c:\windows\system32\igfxsrvc.exe
2010-07-19 07:18:14 179224 ----a-w- c:\windows\system32\igfxext.exe
2010-07-19 07:18:14 170520 ----a-w- c:\windows\system32\igfxpers.exe
2010-07-19 07:18:12 171032 ----a-w- c:\windows\system32\hkcmd.exe
2010-07-19 07:18:10 3156504 ----a-w- c:\windows\system32\GfxUI.exe
2010-07-19 07:13:16 81920 ----a-w- c:\windows\system32\igfxCoIn_v2182.dll
2010-07-19 07:06:54 4966400 ----a-w- c:\windows\system32\igdumd32.dll
2010-07-19 07:05:08 982240 ----a-w- c:\windows\system32\igkrng500.bin
2010-07-19 07:05:08 92356 ----a-w- c:\windows\system32\igfcg500m.bin
2010-07-19 07:05:08 439308 ----a-w- c:\windows\system32\igcompkrng500.bin
2010-07-19 07:04:38 571904 ----a-w- c:\windows\system32\igdumdx32.dll
2010-07-19 07:01:16 4410880 ----a-w- c:\windows\system32\igd10umd32.dll
2010-07-19 06:49:14 11041280 ----a-w- c:\windows\system32\ig4icd32.dll
2010-07-19 06:39:50 194560 ----a-w- c:\windows\system32\igfxpph.dll
2010-07-19 06:39:48 261632 ----a-w- c:\windows\system32\igfxTMM.dll
2010-07-19 06:39:44 23552 ----a-w- c:\windows\system32\igfxexps.dll
2010-07-19 06:39:32 57344 ----a-w- c:\windows\system32\igfxsrvc.dll
2010-07-19 06:39:16 130048 ----a-w- c:\windows\system32\igfxdo.dll
2010-07-19 06:39:10 94720 ----a-w- c:\windows\system32\hccutils.dll
2010-07-19 06:39:04 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2010-07-19 06:39:04 120320 ----a-w- c:\windows\system32\gfxSrvc.dll
2010-07-19 06:39:02 228352 ----a-w- c:\windows\system32\igfxdev.dll
2010-07-19 06:38:48 828928 ----a-w- c:\windows\system32\igfxress.dll
2010-07-19 06:33:54 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2010-07-19 06:33:54 208896 ----a-w- c:\windows\system32\iglhsip32.dll
2010-07-19 06:33:54 143360 ----a-w- c:\windows\system32\iglhcp32.dll
2008-10-26 00:58:10 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:57:01 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-05-04 11:55:49 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-04-30 02:48:29 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-05-09 07:17:34 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2008-10-26 00:58:09 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 21:55:04.65 ===============

Just wanted to give a small update, it now seems as though I've got the Antivirus 2010 virus on my system as well, I don't know how long it has been there for, but I've had 2 popups so far since last night.

Should I do a seperate post concerning this, or wait until my original problem is solved before starting on the new one?

EDIT: Posts merged ~BP

Attached Files


Edited by Budapest, 24 September 2010 - 04:57 PM.


BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:04:57 AM

Posted 26 September 2010 - 01:08 PM

Hello EddieHades,

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Download Security Check by screen317 from here or here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please post the contents of that document.

************

Please download Malwarebytes' Anti-Malware from one of these places:
http://download.cnet.com/Malwarebytes-Anti...&tag=button
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/mbam/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

You can try running MalwareBytes with
SAFE MODE WITH NETWORKING mode.

QUOTE
How to boot to Safe Mode with Networking
tap F8 key during reboot, until the boot menu appears...use the arrow keys to choose "Safe Mode with Networking" from the menu......,then press the "Enter" key.


* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Full Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire MBAM report (even if it does not find anything) in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

************

A new version of HijackThis has been released, Trend Micro HijackThis v2.0.4

Please download and install the new version of Hijackthis
Make sure you downloaded the EXECUTIBLE version rather then the INSTALLER version.

Uninstall the old Trend Micro HijackThis v1.9.9 version.

Please post a fresh Hijackthis log.

Edited by SifuMike, 26 September 2010 - 01:18 PM.
typo

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 EddieHades

EddieHades
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:57 PM

Posted 26 September 2010 - 08:22 PM

Hey Mike, thanks for getting back to me, though I kinda fixed this myself yesterday, really sorry for not waiting, but yeah, had a bolt of inspiration and wanted to try it, and hey, it worked lol.

I figured if I couldn't update Malwarebytes, and I also couldn't access their site [which I forgot to mention], then why don't I try to download a more recent version of it that has more updated definitions than the version I currently have.

So I tried that and it worked, it found a Trojan.FakeAlert and Trojan.Downloader, and once they were removed, I was able to update the virus definitions again, and when I did another scan I found another Trojan.FakeAlert and a Trojan.AntivirusSuite.

After they were all removed, Windows updated worked again and I was able to get the 47 updates that my laptop hadn't been able to get, and after that I went to the Microsoft site and was able to access and download Service Pack 2 for Vista.

Again, really sorry for not waiting, I know I should have, and if you would still like me to post those logs to just make sure that all the bugs are out of my system I will.

Clinton

#4 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:04:57 AM

Posted 26 September 2010 - 08:39 PM

Hi Clinton,

Please post the logs and I will check them.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 EddieHades

EddieHades
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:57 PM

Posted 27 September 2010 - 01:02 AM

No worries Mike here ya are:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4700

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

27/9/2010 3:55:07 PM
mbam-log-2010-09-27 (15-55-07).txt

Scan type: Full scan (C:\|)
Objects scanned: 439110
Time elapsed: 2 hour(s), 23 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Results of screen317's Security Check version 0.99.5
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Adobe After Effects CS3 Presets
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Out of date HijackThis installed!
Malwarebytes' Anti-Malware
HijackThis 1.99.1
CCleaner
Java™ 6 Update 16
Java™ 6 Update 7
Out of date Java installed!
Adobe Flash Player 10.0.32.18
Adobe Reader 9
Out of date Adobe Reader installed!
Mozilla Firefox (3.5.9) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
````````````````````````````````
DNS Vulnerability Check:

Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

``````````End of Log````````````


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:59:06 PM, on 27/9/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\clinton\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ed-hades.livejournal.com/friends/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...rio&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
O4 - HKLM\..\Run: [WordWeb] "C:\Program Files\WordWeb\wweb32.exe" -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Everything] "C:\Program Files\Everything\Everything.exe" -startup
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: reminder - Shortcut.lnk = clinton\Desktop\reminder.txt
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/...s/wlscctrl2.cab
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s...tel_4.3.1.0.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10257 bytes


#6 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:04:57 AM

Posted 27 September 2010 - 10:34 AM

Hi EddieHades,

I notice that you never scanned with an Antivirus previously before starting this thread - because you don't even have an Antivirus installed !

This is somewhat suicidal in today's digital world. blink.gif
That's why I want you to install one!!

Please install Avira Antivirus: http://www.free-av.com/
This is a free Antivirus :!:

Perform a full scan with Avira and let it quarantine everything it is finding.
Then reboot.
After reboot, open your Avira and select "reports".
There doubleclick the report from the Full scan you have done. Click the "Report File" button and copy and paste this report in your next reply.

************

Uninstall HijackThis 1.99.1, as it is an ancient version.

************

Your FireFox is out of date.
Please update it.
http://support.mozilla.com/en-US/kb/updating+firefox
To manually check for a Firefox update, click the Help menu at the top of the Firefox windowon the menu bar, and select Check for Updates....

************

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
    Please download Java Version 6 Update 21
  • Click the "Free Java Download" button.
  • Click "Free Java Download" again
  • Save the file jxpiinstall.exe to your desktop
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    Examples of older versions in Add or Remove Programs:
    Java™ 6 Update 16
    Java™ 6 Update 7

  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jxpiinstall.exe to install the newest version.
Please make sure you turn on the Java Automatic Update Feature
http://java.com/en/download/help/java_update.xml#howto

Note: This feature is available only on Windows XP, 2003, 2000 (SP2 or higher) and set by default for these operating systems.
Then you will not have to remember to update it when Java introduces a new version.
Java is updated very frequently, and the old versions are malware magnets.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications.
To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

************

You are using an outdated version of Adobe Reader. Adobe has since been updated and the update closes many security holes and provides new features.

First, uninstall earlier versions of Adobe Reader.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Adobe Reader.
  • Check (highlight) any item with Adobe Reader in the name.

    Adobe Reader 9
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Adobe Reader version.
Please download the latest version from:
http://get.adobe.com/reader/

And install it. Once installed, launch it, select Help --> Check for Updates and install any updates.

************

We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
  • Open Windows Defender.
  • Click on Tools, General Settings.
  • Scroll down and uncheck Turn on real-time protection (recommended).
  • After you uncheck this, click on the Save button and close Windows Defender.
After all of the fixes are complete it is very important that you enable Real-time Protection again.


Please run HijackThis and click "Scan." Place checks next to the following entries, if present:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)


Close all browsers and other windows except for HijackThis, and click "Fix checked"


Reboot your computer, post a new Hijackthis log, the Avira Antivir report and tell me how your computer is running.

Edited by SifuMike, 27 September 2010 - 10:36 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 EddieHades

EddieHades
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:57 PM

Posted 27 September 2010 - 09:30 PM

Thanks Mike, I had tried to do a virus scan last week, but because of the issues the system had at the time, I wasn't able too. Anyways, I followed all your instructions and here are the logs smile.gif

Avira AntiVir Personal
Report file date: Tuesday, 28 September, 2010 04:11

Scanning for 2881727 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista
Windows version : (Service Pack 2) [6.0.6002]
Boot mode : Normally booted
Username : SYSTEM
Computer name : KIMBA-PC

Version information:
BUILD.DAT : 10.0.0.567 32097 Bytes 19/4/2010 15:07:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 1/4/2010 03:37:38
AVSCAN.DLL : 10.0.3.0 46440 Bytes 1/4/2010 03:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 7/3/2010 09:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 10/2/2010 14:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 6/11/2009 00:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 10:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/1/2010 08:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 26/1/2010 07:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 5/3/2010 02:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 15/4/2010 17:36:53
VBASE006.VDF : 7.10.7.218 2294784 Bytes 2/6/2010 17:37:32
VBASE007.VDF : 7.10.9.165 4840960 Bytes 23/7/2010 17:38:55
VBASE008.VDF : 7.10.11.133 3454464 Bytes 13/9/2010 17:39:57
VBASE009.VDF : 7.10.11.134 2048 Bytes 13/9/2010 17:39:58
VBASE010.VDF : 7.10.11.135 2048 Bytes 13/9/2010 17:39:58
VBASE011.VDF : 7.10.11.136 2048 Bytes 13/9/2010 17:39:58
VBASE012.VDF : 7.10.11.137 2048 Bytes 13/9/2010 17:39:59
VBASE013.VDF : 7.10.11.165 172032 Bytes 15/9/2010 17:40:02
VBASE014.VDF : 7.10.11.202 144384 Bytes 18/9/2010 17:40:05
VBASE015.VDF : 7.10.11.231 129024 Bytes 21/9/2010 17:40:07
VBASE016.VDF : 7.10.12.4 126464 Bytes 23/9/2010 17:40:11
VBASE017.VDF : 7.10.12.38 146944 Bytes 27/9/2010 17:40:14
VBASE018.VDF : 7.10.12.39 2048 Bytes 27/9/2010 17:40:14
VBASE019.VDF : 7.10.12.40 2048 Bytes 27/9/2010 17:40:15
VBASE020.VDF : 7.10.12.41 2048 Bytes 27/9/2010 17:40:15
VBASE021.VDF : 7.10.12.42 2048 Bytes 27/9/2010 17:40:15
VBASE022.VDF : 7.10.12.43 2048 Bytes 27/9/2010 17:40:16
VBASE023.VDF : 7.10.12.44 2048 Bytes 27/9/2010 17:40:16
VBASE024.VDF : 7.10.12.45 2048 Bytes 27/9/2010 17:40:17
VBASE025.VDF : 7.10.12.46 2048 Bytes 27/9/2010 17:40:17
VBASE026.VDF : 7.10.12.47 2048 Bytes 27/9/2010 17:40:17
VBASE027.VDF : 7.10.12.48 2048 Bytes 27/9/2010 17:40:18
VBASE028.VDF : 7.10.12.49 2048 Bytes 27/9/2010 17:40:18
VBASE029.VDF : 7.10.12.50 2048 Bytes 27/9/2010 17:40:19
VBASE030.VDF : 7.10.12.51 2048 Bytes 27/9/2010 17:40:19
VBASE031.VDF : 7.10.12.54 39936 Bytes 27/9/2010 17:40:20
Engineversion : 8.2.4.66
AEVDF.DLL : 8.1.2.1 106868 Bytes 27/9/2010 17:41:33
AESCRIPT.DLL : 8.1.3.45 1368443 Bytes 27/9/2010 17:41:32
AESCN.DLL : 8.1.6.1 127347 Bytes 27/9/2010 17:41:22
AESBX.DLL : 8.1.3.1 254324 Bytes 27/9/2010 17:41:35
AERDL.DLL : 8.1.9.2 635252 Bytes 27/9/2010 17:41:18
AEPACK.DLL : 8.2.3.7 471413 Bytes 27/9/2010 17:41:12
AEOFFICE.DLL : 8.1.1.8 201081 Bytes 27/9/2010 17:41:06
AEHEUR.DLL : 8.1.2.27 2933110 Bytes 27/9/2010 17:41:04
AEHELP.DLL : 8.1.13.4 242038 Bytes 27/9/2010 17:40:38
AEGEN.DLL : 8.1.3.22 401780 Bytes 27/9/2010 17:40:35
AEEMU.DLL : 8.1.2.0 393588 Bytes 27/9/2010 17:40:30
AECORE.DLL : 8.1.17.0 196982 Bytes 27/9/2010 17:40:28
AEBB.DLL : 8.1.1.0 53618 Bytes 27/9/2010 17:40:26
AVWINLL.DLL : 10.0.0.0 19304 Bytes 14/1/2010 03:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 14/1/2010 03:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 18/2/2010 07:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 1/4/2010 03:35:46
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 1/4/2010 03:39:51
AVARKT.DLL : 10.0.0.14 227176 Bytes 1/4/2010 03:22:13
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26/1/2010 00:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 28/1/2010 03:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 16/3/2010 06:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 19/2/2010 05:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28/1/2010 04:10:20
RCTEXT.DLL : 10.0.53.0 97128 Bytes 9/4/2010 05:14:29

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, F:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Tuesday, 28 September, 2010 04:11

Starting search for hidden objects.
c:\windows\explorer.exe
c:\Windows\explorer.exe
[NOTE] The process is not visible.
c:\windows\system32\sndvol.exe
c:\Windows\System32\SndVol.exe
[NOTE] The process is not visible.

The scan of running processes will be started
Scan process 'explorer.exe' - '122' Module(s) have been scanned
Scan process 'avscan.exe' - '81' Module(s) have been scanned
Scan process 'SpiderSolitaire.exe' - '71' Module(s) have been scanned
Scan process 'avcenter.exe' - '96' Module(s) have been scanned
Scan process 'svchost.exe' - '30' Module(s) have been scanned
Scan process 'vssvc.exe' - '49' Module(s) have been scanned
Scan process 'avgnt.exe' - '53' Module(s) have been scanned
Scan process 'sched.exe' - '56' Module(s) have been scanned
Scan process 'avshadow.exe' - '33' Module(s) have been scanned
Scan process 'avguard.exe' - '68' Module(s) have been scanned
Scan process 'iexplore.exe' - '132' Module(s) have been scanned
Scan process 'realsched.exe' - '33' Module(s) have been scanned
Scan process 'FlashUtil10i_ActiveX.exe' - '33' Module(s) have been scanned
Scan process 'iexplore.exe' - '110' Module(s) have been scanned
Scan process 'winamp.exe' - '149' Module(s) have been scanned
Scan process 'NOTEPAD.EXE' - '21' Module(s) have been scanned
Scan process 'EXCEL.EXE' - '80' Module(s) have been scanned
Scan process 'taskeng.exe' - '55' Module(s) have been scanned
Scan process 'svchost.exe' - '21' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '71' Module(s) have been scanned
Scan process 'WMPNSCFG.exe' - '29' Module(s) have been scanned
Scan process 'wuauclt.exe' - '42' Module(s) have been scanned
Scan process 'mbamservice.exe' - '46' Module(s) have been scanned
Scan process 'hpqgpc01.exe' - '52' Module(s) have been scanned
Scan process 'hpqbam08.exe' - '25' Module(s) have been scanned
Scan process 'PresentationFontCache.exe' - '31' Module(s) have been scanned
Scan process 'hpqSTE08.exe' - '58' Module(s) have been scanned
Scan process 'Com4QLBEx.exe' - '18' Module(s) have been scanned
Scan process 'SynTPHelper.exe' - '13' Module(s) have been scanned
Scan process 'hpqwmiex.exe' - '32' Module(s) have been scanned
Scan process 'hphc_service.exe' - '27' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '62' Module(s) have been scanned
Scan process 'igfxpers.exe' - '25' Module(s) have been scanned
Scan process 'hkcmd.exe' - '33' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '28' Module(s) have been scanned
Scan process 'wweb32.exe' - '29' Module(s) have been scanned
Scan process 'SSDMonitor.exe' - '13' Module(s) have been scanned
Scan process 'QLBCTRL.exe' - '42' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '33' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '34' Module(s) have been scanned
Scan process 'Dwm.exe' - '46' Module(s) have been scanned
Scan process 'taskeng.exe' - '84' Module(s) have been scanned
Scan process 'taskeng.exe' - '49' Module(s) have been scanned
Scan process 'xaudio.exe' - '14' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'svchost.exe' - '46' Module(s) have been scanned
Scan process 'sqlwriter.exe' - '31' Module(s) have been scanned
Scan process 'sqlbrowser.exe' - '20' Module(s) have been scanned
Scan process 'SeaPort.exe' - '56' Module(s) have been scanned
Scan process 'RichVideo.exe' - '19' Module(s) have been scanned
Scan process 'BLService.exe' - '25' Module(s) have been scanned
Scan process 'svchost.exe' - '42' Module(s) have been scanned
Scan process 'svchost.exe' - '22' Module(s) have been scanned
Scan process 'StartManSvc.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '22' Module(s) have been scanned
Scan process 'NASvc.exe' - '39' Module(s) have been scanned
Scan process 'svchost.exe' - '41' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '30' Module(s) have been scanned
Scan process 'BcmSqlStartupSvc.exe' - '20' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '59' Module(s) have been scanned
Scan process 'spoolsv.exe' - '86' Module(s) have been scanned
Scan process 'WLANExt.exe' - '45' Module(s) have been scanned
Scan process 'svchost.exe' - '97' Module(s) have been scanned
Scan process 'svchost.exe' - '82' Module(s) have been scanned
Scan process 'SLsvc.exe' - '23' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '157' Module(s) have been scanned
Scan process 'svchost.exe' - '113' Module(s) have been scanned
Scan process 'svchost.exe' - '72' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'svchost.exe' - '43' Module(s) have been scanned
Scan process 'winlogon.exe' - '31' Module(s) have been scanned
Scan process 'lsm.exe' - '22' Module(s) have been scanned
Scan process 'lsass.exe' - '62' Module(s) have been scanned
Scan process 'services.exe' - '35' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'wininit.exe' - '26' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1658' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\$RECYCLE.BIN\S-1-5-21-343007314-1250663326-3491540409-1003\$R82PFIY.2540\Patch\trojan.remover.6.7.2.2540-patch.exe
[DETECTION] Is the TR/Agent.217088.BE Trojan
C:\My Downloaded Files\alt.mp3.bitrate.converter.2.3.silent.update.cracked.exe-rev.zip
[0] Archive type: ZIP
[DETECTION] Is the TR/PSW.QQpass.vly Trojan
--> mp3bitrate.exe
[DETECTION] Is the TR/PSW.QQpass.vly Trojan
C:\Program Files\Alt MP3 Bitrate Converter\mp3bitrate.exe
[DETECTION] Is the TR/PSW.QQpass.vly Trojan
C:\Program Files\Trojan Remover\trojan.remover.6.7.2.2540-patch.exe
[DETECTION] Is the TR/Agent.217088.BE Trojan
C:\Users\kimba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LWZFVZAW\news[1].htm
[DETECTION] Contains recognition pattern of the HTML/ExpKit.Gen2 HTML script virus
Begin scan in 'D:\' <RECOVERY>
Begin scan in 'F:\' <Extra Drive>
F:\Audio Books\TTC - Superstring Theory, The DNA of Reality (Audio + OCR Guidebook)\L15 - Princeton String Quartet Concerti - Part II.mp3
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
F:\Installs\Luxor 3 cracked[caveman].zip
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the DR/Calc-DNet.T dropper
--> crack.exe
[DETECTION] Contains recognition pattern of the DR/Calc-DNet.T dropper
--> dnetc.exe
[WARNING] Insufficient memory. The file was not scanned.
F:\Installs\MYOB.Premier.Accounting.2006.v15.WinALL.Cracked-ARN\myob_premier_v15.exe
[0] Archive type: NSIS
[DETECTION] Is the TR/Dldr.Renos.AK Trojan
--> [TempDir]/EULA.exe
[DETECTION] Is the TR/Dldr.Renos.AK Trojan
F:\Installs\Mystery Case Files - Dire Grove Collectors Edition HOG BIGFISH ~ IslandGirl@1337x.org\Mystery Case Files - Dire Grove Collector's Edition.exe
[0] Archive type: RAR SFX (self extracting)
[DETECTION] Is the TR/Dropper.Gen Trojan
--> Uninstall.exe
[DETECTION] Is the TR/Agent.38667 Trojan

Beginning disinfection:
F:\Installs\Mystery Case Files - Dire Grove Collectors Edition HOG BIGFISH ~ IslandGirl@1337x.org\Mystery Case Files - Dire Grove Collector's Edition.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '50adc1f5.qua'.
F:\Installs\MYOB.Premier.Accounting.2006.v15.WinALL.Cracked-ARN\myob_premier_v15.exe
[DETECTION] Is the TR/Dldr.Renos.AK Trojan
[NOTE] The file was moved to the quarantine directory under the name '02f69133.qua'.
F:\Installs\Luxor 3 cracked[caveman].zip
[DETECTION] Contains recognition pattern of the DR/Calc-DNet.T dropper
[NOTE] The file was moved to the quarantine directory under the name '64c8def1.qua'.
F:\Audio Books\TTC - Superstring Theory, The DNA of Reality (Audio + OCR Guidebook)\L15 - Princeton String Quartet Concerti - Part II.mp3
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to the quarantine directory under the name '2083f38e.qua'.
C:\Users\kimba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LWZFVZAW\news[1].htm
[DETECTION] Contains recognition pattern of the HTML/ExpKit.Gen2 HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '5e56c1b2.qua'.
C:\Program Files\Trojan Remover\trojan.remover.6.7.2.2540-patch.exe
[DETECTION] Is the TR/Agent.217088.BE Trojan
[NOTE] The file was moved to the quarantine directory under the name '12e6edea.qua'.
C:\Program Files\Alt MP3 Bitrate Converter\mp3bitrate.exe
[DETECTION] Is the TR/PSW.QQpass.vly Trojan
[NOTE] The file was moved to the quarantine directory under the name '6f3aadb4.qua'.
C:\My Downloaded Files\alt.mp3.bitrate.converter.2.3.silent.update.cracked.exe-rev.zip
[DETECTION] Is the TR/PSW.QQpass.vly Trojan
[NOTE] The file was moved to the quarantine directory under the name '43a182fa.qua'.
C:\$RECYCLE.BIN\S-1-5-21-343007314-1250663326-3491540409-1003\$R82PFIY.2540\Patch\trojan.remover.6.7.2.2540-patch.exe
[DETECTION] Is the TR/Agent.217088.BE Trojan
[NOTE] The file was moved to the quarantine directory under the name '5accb96e.qua'.


End of the scan: Tuesday, 28 September, 2010 11:10
Used time: 5:18:16 Hour(s)

The scan has been done completely.

37784 Scanned directories
1020797 Files were scanned
10 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
9 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
1020787 Files not concerned
13507 Archives were scanned
1 Warnings
8 Notes
817323 Objects were scanned with rootkit scan
2 Hidden objects were found


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:23:50 PM, on 28/9/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe
C:\Users\clinton\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ed-hades.livejournal.com/friends/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...rio&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
O4 - HKLM\..\Run: [WordWeb] "C:\Program Files\WordWeb\wweb32.exe" -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Everything] "C:\Program Files\Everything\Everything.exe" -startup
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: reminder - Shortcut.lnk = clinton\Desktop\reminder.txt
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/...s/wlscctrl2.cab
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s...tel_4.3.1.0.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10702 bytes

Thanks for all your help, its been muchly appreciated!

#8 EddieHades

EddieHades
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:57 PM

Posted 27 September 2010 - 09:37 PM

Hey Mike, I forgot to let ya know how my computer was now running lol, to be honest, its kinda too early to be able to tell overly much, as I only finished doing everything you said to do this morning lol, but yeah, it does seem to be running a bit faster, so thats always a plus, so thanks for that, your help has been muchly appreciated! smile.gif


Edited by EddieHades, 27 September 2010 - 09:47 PM.


#9 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:04:57 AM

Posted 28 September 2010 - 09:02 AM

Hi Eddie,

Your very welcome. smile.gif

OK, time for the program clean up.

Delete DDS, SecurityCheck from your desktop.

Please read and follow
How Malware Spreads - How did I get infected,
How did I get infected?, With steps so it does not happen again!
as well as
How to prevent Malware' by miekiemoes

If you want to improve speed/system performance after malware removal, take a look here.

As a side note - I see you're not afraid of visiting crack sites - using illegal software. From the logs I can see that you installed some programs that appear on crack sites to get access to the cracks.

If you visit crackor keygens sites, use cracks/keygens, you'll ALWAYS get infected. Avira removed several of the malware infected cracks.

This not only because of the crack itself, but because one single click entering that site may already download and install a huge malware bundle.

You really have to change your surfing habits, because these malware bundles may contain a key logger, collecting all your passwords and installing other random malware, compromising your system including infecting other computers. And this all, because you visited some illegal sites.

Also, keep in mind, malware DAMAGES A LOT! And the damage can't always be repaired, so a format and reinstall is the only solution in such cases.
So is it really worth it? Get illegal software for "free", but compromise/break your computer instead....

Better to avoid this instead and change your surfing habits. Then this wouldn't have happened in the first place.


Now your good to go! thumbup.gif

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#10 EddieHades

EddieHades
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:57 PM

Posted 28 September 2010 - 10:17 AM

Thanks Mike, very much appreciate all the help you have given!

So far as my visiting crack sites goes, I'm not sure if you are meaning sites that are specifically for cracks and keygens, or if you are meaning torrent sites as well. But yeah, I exceedingly rarely go to sites specifically for cracks and keygens, as I know those are dodgy as all hell, and while I do go to a few torrent sites [Demonoid mostly, and sometimes Torrentz], I'm always very careful whenever I'm downloading anything, and always make a habit of reading through other peoples comments to check for any problems that have been had with a specific torrent before I decide to download it, especially when it comes to programs.

Anyways, thanks for all your help smile.gif

#11 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:04:57 AM

Posted 28 September 2010 - 10:35 AM



Your very welcome. thumbup2.gif


If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#12 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:04:57 AM

Posted 02 October 2010 - 10:01 PM

Since your problem appears to be resolved, this thread will now be closed.
If you should have a new issue, please start a new topic.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users