We’d like to remind Forumites to please avoid political debate on the Forum.

This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.

📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

hijackthislog

tismee
tismee Posts: 4 Newbie
in Techie Stuff
this is my hijack this log. computer is acting slow, freezing and generally weird. When typing, esp if i press delete, it types a hyphon. Also hyphons appear in-between all the letters i type. problem mainly online (not on Word). Have disconnected keyboard and hoovered and wiped it to no avail. bossy sister (advocate of this site-i suspect she fancies mr martin himself) tells me someone here might help. would be gratefull if you can understand me. cheersxx
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:05:31, on 30/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=0070413
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://uk.search.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8181
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - !!02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - !!06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - !!3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - !!72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - !!761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - !!2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [Blubster] C:\PROGRA~1\Blubster\Blubster.exe SILENT
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4000 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\Windows\TEMP\E_S2B53.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Users\parkers\Pictures\Picasa2\PicasaMediaDetector
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Send to OneNote - !!2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - !!2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - !!92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: !!0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: !!1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/MyFunCardsInitialSetup1.0.1.1.cab
O16 - DPF: !!30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: !!678940D3-080C-4FCE-A54D-D443E1177F01} - https://beta.coolroom.com/ActiveX/ax.dll
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab
O18 - Protocol: grooveLocalGWS - !!88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 Firewall (avgfws8) - Unknown owner - C:\Program Files\TinyProxy\TinyProxy.exe (file missing)
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 11171 bytes
«1

Comments

  • Browntoa
    Browntoa Posts: 49,612 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    Please download Malwarebytes Anti-Malware and save it to your desktop.
    • Make sure you are connected to the Internet.
    • Double-click on mbam-setup.exe to install the application.
    • When the installation begins, follow the prompts and do not make any changes to default settings.
    • When installation has finished, make sure you leave both of these checked:
      • Update Malwarebytes' Anti-Malware
      • Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
    • On the Scanner tab:
      • Make sure the "Perform Quick Scan" option is selected.
      • Then click on the Scan button.
    • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
    • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
    • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    • Click OK to close the message box and continue with the removal process.
    • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked, and click Remove Selected.
    • When removal is completed, a log report will open in Notepad.
    • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the contents of that report in your next reply and exit MBAM.
    Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

    then do a fresh hijackthis log for me
    Ex forum ambassador

    Long term forum member
  • tismee
    tismee Posts: 4 Newbie
    Well hello-my sister says to take your help, which i have done, because you are a computer God. So thank you very much-just rebooted, and for the first time ever, it accepted my log on password 1st time (usually only accepts after 2/3 attempts). Have pasted log results as you instructed.

    Malwarebytes' Anti-Malware 1.30
    Database version: 1437
    Windows 6.0.6001 Service Pack 1
    30/11/2008 11:49:49
    mbam-log-2008-11-30 (11-49-49).txt
    Scan type: Quick Scan
    Objects scanned: 56408
    Time elapsed: 3 minute(s), 58 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 31
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 24
    Files Infected: 40
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    HKEY_CLASSES_ROOT\Interface\!!2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\!!741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\!!147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\!!9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\!!343ce214-9998-4b21-a151-ffe970167297} (Rogue.Installer) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\!!07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\!!07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\!!07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\!!3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\!!9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\!!00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\!!1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\!!56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\!!56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\!!1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\!!59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\!!68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\!!9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    Registry Values Infected:
    (No malicious items detected)
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    C:\UGA6P (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\UGA6P\Quar (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\TrustedProtection (Rogue.TrustedProtection) -> Quarantined and deleted successfully.
    C:\Program Files\TrustedProtection\Base (Rogue.TrustedProtection) -> Quarantined and deleted successfully.
    C:\Program Files\TrustedProtection\Base\AWBase (Rogue.TrustedProtection) -> Quarantined and deleted successfully.
    C:\Program Files\TrustedProtection\Base\AWBase\database (Rogue.TrustedProtection) -> Quarantined and deleted successfully.
    C:\Program Files\TrustedProtection\Base\PGBase (Rogue.TrustedProtection) -> Quarantined and deleted successfully.
    C:\Program Files\TrustedProtection\Base\plugins (Rogue.TrustedProtection) -> Quarantined and deleted successfully.
    C:\Program Files\TrustedProtection\Config (Rogue.TrustedProtection) -> Quarantined and deleted successfully.
    C:\Program Files\TrustedProtection\Dat (Rogue.TrustedProtection) -> Quarantined and deleted successfully.
    C:\Program Files\TrustedProtection\La (Rogue.TrustedProtection) -> Quarantined and deleted successfully.
    C:\Program Files\TrustedProtection\res (Rogue.TrustedProtection) -> Quarantined and deleted successfully.
    C:\Program Files\TrustedProtection\Update (Rogue.TrustedProtection) -> Quarantined and deleted successfully.
    C:\Program Files\TinyProxy (Trojan.Proxy) -> Quarantined and deleted successfully.
    C:\Users\parkers\AppData\Roaming\TrustedProtection (Rogue.TrustedProtection) -> Quarantined and deleted successfully.
    C:\Users\parkers\AppData\Roaming\TrustedProtection\Logs (Rogue.TrustedProtection) -> Quarantined and deleted successfully.
    C:\Users\parkers\AppData\Roaming\Antivirus (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
    Files Infected:
    C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\TrustedProtection\history.db (Rogue.TrustedProtection) -> Quarantined and deleted successfully.
    C:\Program Files\TrustedProtection\manual.pdf (Rogue.TrustedProtection) -> Quarantined and deleted successfully.
    C:\Program Files\TrustedProtection\ResErrors.log (Rogue.TrustedProtection) -> Quarantined and deleted successfully.
    C:\Program Files\TrustedProtection\unins000.dat (Rogue.TrustedProtection) -> Quarantined and deleted successfully.
    C:\Program Files\TrustedProtection\Base\AWBase\vbpv.dat (Rogue.TrustedProtection) -> Quarantined and deleted successfully.
    C:\Program Files\TrustedProtection\Base\AWBase\database\enemies.dat (Rogue.TrustedProtection) -> Quarantined and deleted successfully.
    C:\Program Files\TrustedProtection\Base\PGBase\vbpv.dat (Rogue.TrustedProtection) -> Quarantined and deleted successfully.
    C:\Program Files\TrustedProtection\Base\plugins\vbpv.dat (Rogue.TrustedProtection) -> Quarantined and deleted successfully.
    C:\Program Files\TrustedProtection\Config\Activate.xml (Rogue.TrustedProtection) -> Quarantined and deleted successfully.
    C:\Program Files\TrustedProtection\Config\pgs.xml (Rogue.TrustedProtection) -> Quarantined and deleted successfully.
    C:\Program Files\TrustedProtection\Config\UnWiz.xml (Rogue.TrustedProtection) -> Quarantined and deleted successfully.
    C:\Program Files\TrustedProtection\Dat\Activate.dat (Rogue.TrustedProtection) -> Quarantined and deleted successfully.
    C:\Program Files\TrustedProtection\Dat\BkSites.dat (Rogue.TrustedProtection) -> Quarantined and deleted successfully.
    C:\Program Files\TrustedProtection\Dat\incmp.dat (Rogue.TrustedProtection) -> Quarantined and deleted successfully.
    C:\Program Files\TrustedProtection\Dat\index.dat (Rogue.TrustedProtection) -> Quarantined and deleted successfully.
    C:\Program Files\TrustedProtection\Dat\ps.dat (Rogue.TrustedProtection) -> Quarantined and deleted successfully.
    C:\Program Files\TrustedProtection\Dat\pv.dat (Rogue.TrustedProtection) -> Quarantined and deleted successfully.
    C:\Program Files\TrustedProtection\Dat\sr.log (Rogue.TrustedProtection) -> Quarantined and deleted successfully.
    C:\Program Files\TrustedProtection\La\lapv.dat (Rogue.TrustedProtection) -> Quarantined and deleted successfully.
    C:\Program Files\TrustedProtection\La\License.rtf (Rogue.TrustedProtection) -> Quarantined and deleted successfully.
    C:\Program Files\TrustedProtection\La\Readme.rtf (Rogue.TrustedProtection) -> Quarantined and deleted successfully.
    C:\Program Files\TrustedProtection\res\cross.gif (Rogue.TrustedProtection) -> Quarantined and deleted successfully.
    C:\Program Files\TrustedProtection\res\ga6p.gif (Rogue.TrustedProtection) -> Quarantined and deleted successfully.
    C:\Program Files\TrustedProtection\res\kb.url (Rogue.TrustedProtection) -> Quarantined and deleted successfully.
    C:\Program Files\TrustedProtection\res\Online.url (Rogue.TrustedProtection) -> Quarantined and deleted successfully.
    C:\Program Files\TrustedProtection\res\Support.url (Rogue.TrustedProtection) -> Quarantined and deleted successfully.
    C:\Program Files\TrustedProtection\Update\ASupdater.dat (Rogue.TrustedProtection) -> Quarantined and deleted successfully.
    C:\Program Files\TrustedProtection\Update\diagnosis.dat (Rogue.TrustedProtection) -> Quarantined and deleted successfully.
    C:\Program Files\TrustedProtection\Update\PGupdater.dat (Rogue.TrustedProtection) -> Quarantined and deleted successfully.
    C:\Program Files\TrustedProtection\Update\UBupdater.dat (Rogue.TrustedProtection) -> Quarantined and deleted successfully.
    C:\Program Files\TrustedProtection\Update\up.dat (Rogue.TrustedProtection) -> Quarantined and deleted successfully.
    C:\Program Files\TrustedProtection\Update\updater.dat (Rogue.TrustedProtection) -> Quarantined and deleted successfully.
    C:\Users\parkers\AppData\Roaming\TrustedProtection\activator_info.txt (Rogue.TrustedProtection) -> Quarantined and deleted successfully.
    C:\Users\parkers\AppData\Roaming\TrustedProtection\avtasks.dat (Rogue.TrustedProtection) -> Quarantined and deleted successfully.
    C:\Users\parkers\AppData\Roaming\TrustedProtection\Logs\Activate.log (Rogue.TrustedProtection) -> Quarantined and deleted successfully.
    C:\Users\parkers\AppData\Roaming\TrustedProtection\Logs\av.log (Rogue.TrustedProtection) -> Quarantined and deleted successfully.
    C:\Users\parkers\AppData\Roaming\TrustedProtection\Logs\ga6Support.log (Rogue.TrustedProtection) -> Quarantined and deleted successfully.
    C:\Users\parkers\AppData\Roaming\TrustedProtection\Logs\update.log (Rogue.TrustedProtection) -> Quarantined and deleted successfully.
    C:\Windows\fmark2.dat (Malware.Trace) -> Quarantined and deleted successfully.
  • nikiyoung
    nikiyoung Posts: 576 Forumite
    Hmm little sisters!!:money:
    :wave:
  • Browntoa
    Browntoa Posts: 49,612 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    no wonder it was slow !!

    it's got rid of some rubbish
    Ex forum ambassador

    Long term forum member
  • Browntoa
    Browntoa Posts: 49,612 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    as a "belt and braces" run this

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    and post that log as well

    skip the bit about recovery console as you are using Vista , just download , run and then post the log

    and a fresh hijackthis log
    Ex forum ambassador

    Long term forum member
  • Conor_3
    Conor_3 Posts: 6,944 Forumite
    GET RID OF AVG FREE. IT IS DIRE.

    Why?
    http://free.avg.com/download-avg-anti-virus-free-edition

    No realtime scanning of webpages which is one of the most common paths for infection AND WAS THE PATH YOUR COMPUTER GOT INFECTED BY.
    No scanning of downloads.
    No anti-rootkit.

    Because of the first one alone, I no longer recommend it. I've been to legitimate sites which have been cracked and do a background redirect to yahoo-analytics.net which tries to load 6 trojans, a virus and execute a HTTP COM exploit. I run NOD32 so that went mental with "blocked connection to:" warnings. If you ran AVG Free, you'd not know.

    Stick on Avast!
  • espresso
    espresso Posts: 16,448 Forumite
    Part of the Furniture 10,000 Posts Combo Breaker
    Conor wrote: »

    No realtime scanning of webpages which is one of the most common paths for infection AND WAS THE PATH YOUR COMPUTER GOT INFECTED BY.
    No scanning of downloads.
    No anti-rootkit.


    More rubbish Conor!
    The Resident Shield component gives your computer continuous protection. It scans every single file that is being opened, saved, or copied, and guards the system areas of the computer. Normally, you do not even notice the process, as it runs "in the background", and you only get notified when threats are found; at the same time, the Resident Shield blocks activation of the threat and removes it.
    The current version of AVG contains spyware protection but most sensible users also install another program such as Spybot S & D for additional spyware/rootkit protection.
    :doh: Blue text on this forum usually signifies hyperlinks, so click on them!..:wall:
  • Reluctant_spender
    Reluctant_spender Posts: 2,785 Forumite
    Part of the Furniture Combo Breaker
    espresso wrote: »
    users also install another program such as Spybot S & D for additional spyware/rootkit protection.

    Quite true - but I would wait until you are clean before installing further programmes.
  • espresso
    espresso Posts: 16,448 Forumite
    Part of the Furniture 10,000 Posts Combo Breaker
    Reluctant_spender wrote: »
    Quite true - but I would wait until you are clean before installing further programmes.

    Agreed, just replying to Conor's usual rant about removing AVG.
    :doh: Blue text on this forum usually signifies hyperlinks, so click on them!..:wall:
  • tismee
    tismee Posts: 4 Newbie
    h-H-i -as -you -w-i-l-l- --see it's still doing it. Maybe I should get a new keyboard? oh! well it's stopped for now. (the hyphons were running wild, but I pressed delete and it stopped) I ran the bleeping computer thing and here are the notepad results. Thanks for your help.
    ComboFix 08-11-30.01 - parkers 2008-11-30 18:05:39.1 - NTFSx86
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1192 [GMT 0:00]
    Running from: c:\users\parkers\Desktop\ComboFix.exe
    * Created a new restore point
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    c:\windows\Downloaded Program Files\setup.inf
    c:\windows\pack.epk
    .
    ((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-30 )))))))))))))))))))))))))))))))
    .
    2008-11-30 11:42 . 2008-11-30 11:42 <DIR> d
    c:\users\parkers\AppData\Roaming\Malwarebytes
    2008-11-30 11:42 . 2008-11-30 11:42 <DIR> d
    c:\users\All Users\Malwarebytes
    2008-11-30 11:42 . 2008-11-30 11:42 <DIR> d
    c:\programdata\Malwarebytes
    2008-11-30 11:42 . 2008-11-30 11:42 <DIR> d
    c:\program files\Malwarebytes' Anti-Malware
    2008-11-30 11:42 . 2008-10-22 16:27 38,496 --a
    c:\windows\System32\drivers\mbamswissarmy.sys
    2008-11-30 11:42 . 2008-10-22 16:27 15,504 --a
    c:\windows\System32\drivers\mbam.sys
    2008-11-30 11:03 . 2008-11-30 11:03 <DIR> d
    c:\program files\Trend Micro
    2008-11-27 10:51 . 2008-11-27 10:51 10,520 --a
    c:\windows\System32\avgrsstx.dll
    2008-11-27 10:50 . 2008-11-30 09:46 <DIR> d
    c:\windows\System32\drivers\Avg
    2008-11-27 10:50 . 2008-11-27 10:50 97,928 --a
    c:\windows\System32\drivers\avgldx86.sys
    2008-11-26 12:52 . 2008-10-21 05:25 1,645,568 --a
    c:\windows\System32\connect.dll
    2008-11-26 12:52 . 2008-08-28 03:40 712,704 --a
    c:\windows\System32\WindowsCodecs.dll
    2008-11-26 12:52 . 2008-08-28 03:40 425,472 --a
    c:\windows\System32\PhotoMetadataHandler.dll
    2008-11-26 12:52 . 2008-08-28 03:40 347,136 --a
    c:\windows\System32\WindowsCodecsExt.dll
    2008-11-26 12:52 . 2008-10-22 03:57 241,152 --a
    c:\windows\System32\PortableDeviceApi.dll
    2008-11-22 17:35 . 2008-11-22 17:35 <DIR> d
    c:\windows\System32\IOSUBSYS
    2008-11-20 12:26 . 2008-11-20 12:26 <DIR> d
    c:\program files\CCleaner
    2008-11-20 11:24 . 2008-10-16 21:13 1,809,944 --a
    c:\windows\System32\wuaueng.dll
    2008-11-20 11:24 . 2008-10-16 20:56 1,524,736 --a
    c:\windows\System32\wucltux.dll
    2008-11-20 11:24 . 2008-10-16 21:12 561,688 --a
    c:\windows\System32\wuapi.dll
    2008-11-20 11:24 . 2008-10-16 14:08 162,064 --a
    c:\windows\System32\wuwebv.dll
    2008-11-20 11:24 . 2008-10-16 20:55 83,456 --a
    c:\windows\System32\wudriver.dll
    2008-11-20 11:24 . 2008-10-16 21:09 51,224 --a
    c:\windows\System32\wuauclt.exe
    2008-11-20 11:24 . 2008-10-16 21:09 43,544 --a
    c:\windows\System32\wups2.dll
    2008-11-20 11:24 . 2008-10-16 21:08 34,328 --a
    c:\windows\System32\wups.dll
    2008-11-20 11:24 . 2008-10-16 13:56 31,232 --a
    c:\windows\System32\wuapp.exe
    2008-11-17 20:04 . 2008-11-17 20:04 2,306,113 --a
    c:\windows\System32\GPhotos.scr
    2008-11-13 17:45 . 2008-11-13 17:45 54,156 --ah
    c:\windows\QTFont.qfn
    2008-11-13 17:45 . 2008-11-13 17:45 1,409 --a
    c:\windows\QTFont.for
    2008-11-12 10:36 . 2008-09-05 05:14 1,191,936 --a
    c:\windows\System32\msxml3.dll
    2008-11-12 10:36 . 2008-08-27 01:05 212,480 --a
    c:\windows\System32\drivers\mrxsmb10.sys
    2008-11-12 09:52 . 2008-09-10 03:40 1,334,272 --a
    c:\windows\System32\msxml6.dll
    2008-11-03 12:25 . 2008-11-03 12:25 <DIR> d
    c:\users\All Users\Office Genuine Advantage
    2008-11-03 12:25 . 2008-11-03 12:25 <DIR> d
    c:\programdata\Office Genuine Advantage
    2008-10-31 15:30 . 2008-10-31 15:30 0 --ah
    c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
    2008-10-29 10:03 . 2008-08-12 03:39 443,392 --a
    c:\windows\System32\win32spl.dll
    2008-10-29 10:03 . 2008-09-18 04:56 147,456 --a
    c:\windows\System32\Faultrep.dll
    2008-10-29 10:03 . 2008-09-18 04:56 125,952 --a
    c:\windows\System32\wersvc.dll
    2008-10-25 07:59 . 2008-10-25 07:59 943,564 --a
    c:\users\parkers\College Evidence Forms.zip
    2008-10-23 08:38 . 2008-08-05 09:49 428,544 --a
    c:\windows\System32\EncDec.dll
    2008-10-23 08:38 . 2008-08-05 09:49 293,376 --a
    c:\windows\System32\psisdecd.dll
    2008-10-23 08:38 . 2008-08-05 09:48 217,088 --a
    c:\windows\System32\psisrndr.ax
    2008-10-23 08:38 . 2008-08-05 09:48 177,664 --a
    c:\windows\System32\mpg2splt.ax
    2008-10-23 08:38 . 2008-08-05 09:48 80,896 --a
    c:\windows\System32\MSNP.ax
    2008-10-22 19:28 . 2008-10-22 19:28 <DIR> d
    c:\users\parkers\AppData\Roaming\Template
    2008-10-22 06:39 . 2008-05-27 04:59 106,605 --a
    c:\windows\System32\StructuredQuerySchema.bin
    2008-10-22 06:39 . 2008-05-27 05:17 34,816 --a
    c:\windows\System32\msscb.dll
    2008-10-22 06:39 . 2008-05-27 04:59 18,904 --a
    c:\windows\System32\StructuredQuerySchemaTrivial.bin
    2008-10-22 06:39 . 2008-05-27 05:17 11,776 --a
    c:\windows\System32\msshooks.dll
    2008-10-21 08:22 . 2008-04-26 08:26 891,448 --a
    c:\windows\System32\drivers\tcpip.sys
    2008-10-20 14:03 . 2008-10-20 14:03 <DIR> d
    C:\PerfLogs
    2008-10-16 10:57 . 2008-10-02 01:32 1,383,424 --a
    c:\windows\System32\mshtml.tlb
    2008-10-16 10:57 . 2008-10-02 03:49 827,392 --a
    c:\windows\System32\wininet.dll
    2008-10-16 10:55 . 2008-09-18 05:09 3,601,464 --a
    c:\windows\System32\ntkrnlpa.exe
    2008-10-16 10:55 . 2008-09-18 05:09 3,549,240 --a
    c:\windows\System32\ntoskrnl.exe
    2008-10-16 10:38 . 2008-09-18 02:16 2,032,640 --a
    c:\windows\System32\win32k.sys
    2008-10-16 10:33 . 2008-08-27 01:06 288,768 --a
    c:\windows\System32\drivers\srv.sys
    2008-10-09 13:48 . 2008-10-09 13:48 <DIR> dr
    c:\windows\System32\config\systemprofile\Music
    2008-10-01 08:29 . 2008-01-19 07:33 8,139,264 --a
    c:\windows\System32\ssBranded.scr
    2008-10-01 08:28 . 2008-01-19 07:32 5,714,432 --a
    c:\windows\System32\logon.scr
    2008-10-01 08:27 . 2008-01-19 06:06 8,147,456 --a
    c:\windows\System32\wmploc.DLL
    2008-10-01 08:26 . 2008-01-19 07:36 704,512 --a
    c:\windows\System32\SmiEngine.dll
    2008-10-01 08:26 . 2008-01-19 07:36 357,888 --a
    c:\windows\System32\wbemcomn.dll
    2008-10-01 08:26 . 2008-01-19 07:34 305,152 --a
    c:\windows\System32\msdelta.dll
    2008-10-01 08:26 . 2008-01-19 07:34 258,560 --a
    c:\windows\System32\dpx.dll
    2008-10-01 08:26 . 2008-01-19 07:34 246,784 --a
    c:\windows\System32\drvstore.dll
    2008-10-01 08:26 . 2008-01-19 07:36 218,624 --a
    c:\windows\System32\wdscore.dll
    2008-10-01 08:26 . 2008-01-19 07:36 139,264 --a
    c:\windows\System32\SmiInstaller.dll
    2008-10-01 08:26 . 2008-01-19 07:33 130,560 --a
    c:\windows\System32\PkgMgr.exe
    2008-10-01 08:26 . 2008-01-19 07:35 35,328 --a
    c:\windows\System32\mspatcha.dll
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-11-30 10:41
    d
    w c:\program files\Corel
    2008-11-30 10:35
    d
    w c:\program files\Adventure Rock
    2008-11-30 10:21
    d
    w c:\programdata\Google Updater
    2008-11-27 10:50
    d
    w c:\programdata\avg8
    2008-11-27 10:05
    d
    w c:\programdata\Microsoft Help
    2008-11-13 17:37 5,632 ----a-w c:\windows\system32\drivers\StarOpen.sys
    2008-10-22 10:09
    d
    w c:\program files\Real
    2008-10-22 10:09
    d
    w c:\program files\Common Files\Real
    2008-10-21 08:18 174 --sha-w c:\program files\desktop.ini
    2008-10-20 14:07
    d
    w c:\program files\Windows Sidebar
    2008-10-20 14:07
    d
    w c:\program files\Windows Photo Gallery
    2008-10-20 14:07
    d
    w c:\program files\Windows Mail
    2008-10-20 14:07
    d
    w c:\program files\Windows Journal
    2008-10-20 14:07
    d
    w c:\program files\Windows Defender
    2008-10-20 14:07
    d
    w c:\program files\Windows Collaboration
    2008-10-20 14:07
    d
    w c:\program files\Windows Calendar
    2008-10-20 11:35 82,432 ----a-w c:\windows\System32\axaltocm.dll
    2008-10-20 11:35 101,888 ----a-w c:\windows\System32\ifxcardm.dll
    2008-10-03 14:09
    d
    w c:\programdata\Yahoo! Companion
    2008-09-30 16:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
    2008-08-26 12:08 352 ----a-w c:\users\parkers\AppData\Roaming\filterclsid.dat
    2008-08-02 03:26 36,864 ----a-w c:\windows\System32\cdd.dll
    2008-04-28 13:45 32 ----a-w c:\users\All Users\ezsid.dat
    2008-04-28 13:45 32 ----a-w c:\programdata\ezsid.dat
    2008-01-26 14:47 0 ----a-w c:\users\parkers\AppData\Roaming\wklnhst.dat
    2007-10-16 09:10 61,480 ----a-w c:\users\parkers\GoToAssistDownloadHelper.exe
    2008-06-16 16:28 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    2008-06-16 16:28 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    2008-06-16 16:28 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Picasa Media Detector"="c:\users\parkers\Pictures\Picasa2\PicasaMediaDetector" [X]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-21 68856]
    "EPSON Stylus DX4000 Series"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE" [2006-09-21 139264]
    "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2007-04-13 77824]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
    "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
    "ECenter"="c:\dell\E-Center\EULALauncher.exe" [2006-11-17 17920]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
    "WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
    "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
    "btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2007-11-01 1475072]
    "btbb_wcm_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe" [2007-11-29 1474048]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]
    "NvSvc"="c:\windows\system32\nvsvc.dll" [2006-12-08 90191]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-08 7766016]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-08 81920]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-28 1261336]
    "SigmatelSysTrayApp"="sttray.exe" [2007-02-08 c:\windows\sttray.exe]
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Belkin Wireless USB Utility.lnk - c:\program files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe [2005-10-28 1404928]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=avgrsstx.dll
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "!!87EEE48E-68AE-42AA-B0E0-AF836577013E}"= UDP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
    "{B6F7ABDC-ACD2-4645-B9A6-A0B075BDC234}"= UDP:c:\program files\Blubster\Blubster.exe:Blubster
    "{B6F9A096-B632-4320-8525-F9611A6FD022}"= TCP:c:\program files\Blubster\Blubster.exe:Blubster
    "{E8962C1D-2250-470B-8208-8C265CC2D89D}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "!!49309095-32DD-4DCD-B017-43A2CAC664A9}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
    "!!7EBD4A8B-19D0-4919-8963-7953E75CD71B}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
    "!!44347195-7845-4EE7-AD31-BDAC9378CBE0}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "!!0F682B47-3805-46F4-A7D0-C92464E7FF50}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{AF952F85-F995-4838-B4D1-6860EF9A812F}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
    "{C921C78F-1DB7-461A-8E03-8F4AFF393BCB}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
    "{BF755958-042D-4C3B-9040-61CA3ED05E8B}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
    "{E95329F1-87FB-4E35-9DDC-14BE80AE3F1C}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
    "{DCC8CDC2-B63B-4A1D-B839-B6F47BBCA990}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
    "!!8D2D3091-B36A-4A32-9813-7BA9CC334C7F}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
    "TCP Query User{83D3FC09-EC40-492C-86DD-838DB2A7B30F}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
    "UDP Query User{28C01D53-0897-460A-914F-30FBBC801AAD}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
    "{E97E0867-46B4-4EAC-91FA-A16072E3D82B}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-27 97928]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-27 231704]
    R2 McciCMService;McciCMService;"c:\program files\Common Files\Motive\McciCMService.exe" [2008-03-03 303104]
    R3 MRESP50;MRESP50 NDIS Protocol Driver;\??\c:\progra~1\COMMON~1\Motive\MRESP50.SYS [2008-03-03 18304]
    S2 AVG8 Firewall (avgfws8) ;AVG8 Firewall (avgfws8) ;c:\program files\TinyProxy\TinyProxy.exe []
    S3 MREMP50;MREMP50 NDIS Protocol Driver;\??\c:\progra~1\COMMON~1\Motive\MREMP50.SYS [2008-03-03 19712]
    S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);c:\windows\system32\DRIVERS\ss_bus.sys [2008-08-26 83592]
    S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;c:\windows\system32\DRIVERS\ss_mdfl.sys [2008-08-26 15112]
    S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;c:\windows\system32\DRIVERS\ss_mdm.sys [2008-08-26 109704]
    *Newly Created Service* - PROCEXP90
    .
    Contents of the 'Scheduled Tasks' folder
    2008-11-30 c:\windows\Tasks\User_Feed_Synchronization-!!3D682188-D4DC-47F0-B13A-07EDA528F3FA}.job
    - c:\windows\system32\msfeedssync.exe [2008-01-19 07:33]
    2008-11-30 c:\windows\Tasks\User_Feed_Synchronization-!!8E9BDA5C-7712-4A72-BDBC-BEC71B4E6C4B}.job
    - c:\windows\system32\msfeedssync.exe [2008-01-19 07:33]
    .
    - - - - ORPHANS REMOVED - - - -
    HKLM-Run-Blubster - c:\progra~1\Blubster\Blubster.exe

    .
    Supplementary Scan
    .
    uStart Page = hxxp://www.google.co.uk/
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyServer = http=127.0.0.1:8181
    uInternet Settings,ProxyOverride = *.local;<local>
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    LSP: c:\windows\system32\wpclsp.dll
    c:\windows\Downloaded Program Files\ax.dll - O16 -: !!678940D3-080C-4FCE-A54D-D443E1177F01}
    hxxps://beta.coolroom.com/ActiveX/ax.dll
    c:\windows\Downloaded Program Files\zylomgamesplayer.dll - O16 -: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B}
    hxxp://game12.zylom.com/activex/zylomgamesplayer.cab
    c:\windows\Downloaded Program Files\ZylomGamesPlayer.inf
    .
    **************************************************************************
    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-30 18:08:26
    Windows 6.0.6001 Service Pack 1 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    .
    DLLs Loaded Under Running Processes
    - - - - - - - > 'winlogon.exe'(764)
    c:\windows\system32\avgrsstx.dll
    - - - - - - - > 'lsass.exe'(648)
    c:\windows\system32\avgrsstx.dll
    .
    Completion time: 2008-11-30 18:09:56
    ComboFix-quarantined-files.txt 2008-11-30 18:09:53
    Pre-Run: 180,131,221,504 bytes free
    Post-Run: 180,109,021,184 bytes free
    226 --- E O F --- 2008-11-28 19:46:42
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 352.2K Banking & Borrowing
  • 253.6K Reduce Debt & Boost Income
  • 454.3K Spending & Discounts
  • 245.3K Work, Benefits & Business
  • 600.9K Mortgages, Homes & Bills
  • 177.5K Life & Family
  • 259.1K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16K Discuss & Feedback
  • 37.7K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture