We’d like to remind Forumites to please avoid political debate on the Forum.

This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.

📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

Re:Very Slow Boot Up Speed?

2

Comments

  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    Samanthas wrote: »
    >>>>>>
    I downloaded this software it scanned and crashed my PC luckly it restarted
    How do I Uninstall it because it certainly is not in Add/Remove Programs
    System Restore hardly ever works

    Samantha


    It doesnt 'install'

    It just runs when click the exe file
    :idea:
  • [Deleted User]
    [Deleted User] Posts: 4,466 Forumite
    Part of the Furniture 1,000 Posts Combo Breaker
    You've comprimised your entire system, time to follow the forementioned advice and reformat Windows and start again..
  • Browntoa
    Browntoa Posts: 49,612 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    try combifix

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    deals with most known keyloggers etc

    if it runs , post the log it produces
    Ex forum ambassador

    Long term forum member
  • Samanthas_2
    Samanthas_2 Posts: 132 Forumite
    Browntoa wrote: »
    try combifix

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    deals with most known keyloggers etc

    if it runs , post the log it produces
    >>>>>
    Thanks for the link on ComboFix I need to get 6 Blank CD RoMs and place follow some instructions that says for advanced User with some on trained in it I will need to get one of those external back ups in order not to risk all the data on my Hard drive
    I did a Hijack This Program Scan

    Remember you are looking for something like

    (http://www.elite-keylogger.com/elite-keylogger-download.html)
    installed in invisible mode


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:23:20, on 21/12/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\Program Files\FlashGet\FlashGet.exe
    C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Windows Live\Family Safety\fsui.exe
    C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
    C:\Program Files\System Protect\SysProtect_Tray.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
    C:\WINDOWS\system32\tbctray.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Samantha Bewley\Local Settings\Application

    Data\Google\Update\GoogleUpdate.exe
    C:\Program Files\Copernic Desktop Search - Home\DesktopSearchService.exe
    C:\Program Files\Paltalk Messenger\paltalk.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
    C:\Program Files\Belkin\F5D7051\WLService.exe
    C:\Program Files\Belkin\F5D7051\WLanCfgG.exe
    C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\Windows Live\Family Safety\fsssvc.exe
    C:\Program Files\GizmoPlugin\GizmoPlugin.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Hotspot Shield\bin\openvpnas.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Symantec

    Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\TechTracker\VersionTracker Pro\VersionTrackerPro.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\GeekAlarm\GeekAlarm.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\Program Files\System Protect\SysProtect_srv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\PROGRA~1\COPERN~2\DESKTO~1.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

    https://www.google.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

    http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

    http://search.conduit.com?SearchSource=10&ctid=CT1561552
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

    http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

    http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

    http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

    http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R3 - URLSearchHook: Hotspot Shield Toolbar -

    {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program

    Files\Hotspot_Shield\tbHot1.dll
    R3 - URLSearchHook: (no name) - - (no file)
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
    O2 - BHO: Yahoo! Toolbar Helper - !!02478D38-C3F9-4EFB-9B51-7695ECA05670}

    - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Freecorder Toolbar - !!1392b8d2-5c05-419f-a8f6-b9f15a596612} -

    C:\Program Files\Freecorder\tbFre0.dll
    O2 - BHO: Adobe PDF Link Helper - !!18DF081C-E8AD-4283-A596-FA578C2EBDC3}

    - C:\Program Files\Common

    Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - !!1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} -

    C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O2 - BHO: flashget urlcatch - !!2F364306-AA45-47B5-9F9D-39A8B94E7EF7} -

    C:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer -

    !!3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program

    Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Windows Live Family Safety Browser Helper -

    !!4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows

    Live\Family Safety\fssbho.dll
    O2 - BHO: IEVkbdBHO Class - !!59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} -

    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security

    2009\ievkbd.dll
    O2 - BHO: Click-to-Call BHO - !!5C255C8A-E604-49b4-9D64-90988571CECB} -

    C:\Program Files\Windows Live\Messenger\wlchtc.dll
    O2 - BHO: Search Helper - !!6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -

    C:\Program Files\Microsoft\Search Enhancement Pack\Search

    Helper\SearchHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper -

    !!761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

    Files\Java\jre6\bin\ssv.dll
    O2 - BHO: IeCaptureBho Object - !!7c1ce531-09e9-4fc5-9803-1c2956615786} -

    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
    O2 - BHO: Windows Live Sign-in Helper -

    !!9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common

    Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Notifier BHO -

    {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

    Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
    O2 - BHO: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d}

    - C:\Program Files\Hotspot_Shield\tbHot1.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper -

    {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

    Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper -

    {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows

    Live\Toolbar\wltcore.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C}

    - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: FlashGet GetFlash Class -

    {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program

    Files\FlashGet\getflash.dll
    O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -

    C:\Program Files\Hotspot Shield\hssie\HssIE.dll
    O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} -

    C:\Program Files\Copernic Agent\CopernicAgentExt.dll
    O3 - Toolbar: Freecorder Toolbar - !!1392b8d2-5c05-419f-a8f6-b9f15a596612}

    - C:\Program Files\Freecorder\tbFre0.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -

    C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Hotspot Shield Toolbar -

    {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program

    Files\Hotspot_Shield\tbHot1.dll
    O3 - Toolbar: Copernic Desktop Search - Home -

    !!968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic

    Desktop Search - Home\DesktopSearchBand300000081.dll
    O3 - Toolbar: &Crawler Toolbar - !!4B3803EA-5230-4DC3-A7FC-33638F3D3542} -

    C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O3 - Toolbar: &Windows Live Toolbar -

    !!21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows

    Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

    C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [BrMfcWnd] C:\Program

    Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
    O4 - HKLM\..\Run: [ControlCenter3] C:\Program

    Files\Brother\ControlCenter3\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [!!0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program

    Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program

    Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe"

    /min
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

    Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google

    Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

    Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [BulletProofConnection] C:\PROGRA~1\BULLET~1\BULLET.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

    Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family

    Safety\fsui.exe" -autorun
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware

    Terminator\SpywareTerminatorShield.exe"
    O4 - HKLM\..\Run: [SystemProtect] C:\Program Files\System

    Protect\SysProtect_Tray.exe
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky

    Internet Security 2009\avp.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows

    Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe"

    /AUTO
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\John

    Browne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Copernic Desktop Search - Home] "C:\Program

    Files\Copernic Desktop Search - Home\DesktopSearchService.exe" /tray
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE

    (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE

    (User 'Default user')
    O4 - Startup: GeekAlarm.lnk = C:\Program Files\GeekAlarm\GeekAlarm.exe
    O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk

    Messenger\paltalk.exe
    O4 - Global Startup: VersionTrackerPro.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions

    present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel

    present
    O8 - Extra context menu item: &Download All with FlashGet - C:\Program

    Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Download with FlashGet - C:\Program

    Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program

    Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
    O8 - Extra context menu item: Crawler Search - tbr:iemenu
    O9 - Extra button: Popup Blocker - !!0D555BC6-E331-48b3-A60E-AAC0DF79438A}

    - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Popup Blocker -

    !!0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: (no name) - !!193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} -

    C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra 'Tools' menuitem: Launch Copernic Agent -

    !!193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} -

    C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Web traffic protection statistics -

    !!1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky

    Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
    O9 - Extra button: Blog This - !!219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -

    C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer -

    !!219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows

    Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: PalTalk - !!4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} -

    C:\Program Files\Paltalk Messenger\Paltalk.exe
    O9 - Extra button: Copernic Agent -

    !!688DC797-DC11-46A7-9F1B-445F4F58CE6E} -

    C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -

    C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet -

    {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program

    Files\FlashGet\FlashGet.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

    C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

    {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

    Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -

    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O16 - DPF: !!1D87F5B2-05F1-11D2-AD7C-0000F8799342} (Microsoft IE Object

    Wrapper Sample Control) -

    http://activex.microsoft.com/activex/controls/agent2/lhttseng.exe
    O16 - DPF: !!30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -

    C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: !!4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool)

    - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: !!62475759-9E84-458E-A1AB-5D2C442ADFDE} -

    http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/sab

    a/us/win/QuickTimeInstaller.exe
    O16 - DPF: !!91433D86-9F27-402C-B5E3-DEBDD122C339} -

    http://www.netvenda.com/sites/gampr-ie/iep/games22.cab
    O16 - DPF: {C2F38867-251C-4216-9B1C-BBE89B8700E2} (iVocalize Internet

    Conference 3 Setup) -

    http://www.talkingcommunities.com/client3/ivsetup3.cab
    O16 - DPF: {DEADBEEF-DEAD-BEEF-DEAD-BEEFDEADBEEF} -

    http://www.haptek.com/products/player/autoinstall/data/latest.cab
    O16 - DPF: {E53458D2-5A83-4BD1-8DE2-EEEBE73BAB77} -

    http://dinet.info/n/us02/n.cab
    O17 -

    HKLM\System\CCS\Services\Tcpip\..\!!73D7B886-43C6-4654-AD39-0CE291E8F6C8}:

    NameServer = 208.67.222.222,208.67.220.220
    O18 - Protocol: Festoon - (no CLSID) - (no file)
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

    C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: tbr - !!4D25FB7A-8902-4291-960E-9ADA051CFBBF} -

    C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O18 - Protocol: vskype - (no CLSID) - (no file)
    O20 - AppInit_DLLs:

    C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mz

    vkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\

    KASPER~1\kloehk.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program

    Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft -

    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -

    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Kaspersky Internet Security (avp) - Kaspersky Lab -

    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
    O23 - Service: Belkin High-Speed Mode Wireless G USB Driver (Belkin

    High-Speed Mode Wireless G USB Network Adapter Service) - Unknown owner -

    C:\Program Files\Belkin\F5D7051\WLService.exe
    O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program

    Files\Common Files\EPSON\EBAPI\eEBSVC.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO

    EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: Gizmo VoIP Service (Gizmo Plugin) - SIPphone, Inc. -

    C:\Program Files\GizmoPlugin\GizmoPlugin.exe
    O23 - Service: Google Desktop Manager 5.7.806.10245

    (GoogleDesktopManager-061008-081103) - Google - C:\Program

    Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program

    Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown

    owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun

    Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LiveUpdate - Symantec Corporation -

    C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) -

    Symantec Corporation - (no file)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation -

    C:\Program Files\Common Files\Symantec

    Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation -

    C:\WINDOWS\System32\NMSSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation

    - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) -

    Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: System Protect Deletion Prevention Service (SP_Service) -

    Xacti Corporation - C:\Program Files\System Protect\SysProtect_srv.exe

    --
    End of file - 16548 bytes

    Thanks
    Samantha
  • Browntoa
    Browntoa Posts: 49,612 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    you are right, hidden process
    Ex forum ambassador

    Long term forum member
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    have you tried THREATFIRE?
    http://www.threatfire.com/
    :idea:
  • robt_2
    robt_2 Posts: 3,401 Forumite
    Part of the Furniture Combo Breaker
    Having seen your other threads, how about next time you follow advice that is given instead of ignoring it and screwing up your entire system?
  • Samanthas_2
    Samanthas_2 Posts: 132 Forumite
    aliEnRIK wrote: »
    have you tried THREATFIRE?
    http://www.threatfire.com/


    I did another HijackThis Scan AFTER doing a very thorough scan with Lavasoft Ad-Aware 2008
    this picked up EliteKeylogger
    and Win32 Trojan so much for Malwarebytes sometimes Lavasoft will not do the very thorough scan this is an intermittent problem I tried to Remove the EliteKeylogger and Win32 Trojan
    it failed also tried Quarantine did NOT work

    Threatfire I did a thorough scan it pick up a log of stuff I have Quarantined the lot
    I have NOT tried delection as I am afraid do destabilise my system.

    Yesterday Morning The CD ROM from the Ebay seller arrived no packaging just a blank cd rom there could be anything that hes got 100% feedback BUT hes a Private Seller.

    Here is the Hijack This Recent Scan of My PC

    Thanks Samantha



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 00:32:34, on 24/12/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
    C:\Program Files\Belkin\F5D7051\WLService.exe
    C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
    C:\Program Files\Belkin\F5D7051\WLanCfgG.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\Windows Live\Family Safety\fsssvc.exe
    C:\Program Files\GizmoPlugin\GizmoPlugin.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Hotspot Shield\bin\openvpnas.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Symantec

    Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\Program Files\System Protect\SysProtect_srv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\ThreatFire\TFService.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\Program Files\FlashGet\FlashGet.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Windows Live\Family Safety\fsui.exe
    C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
    C:\Program Files\System Protect\SysProtect_Tray.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
    C:\Program Files\ThreatFire\TFTray.exe
    C:\WINDOWS\system32\tbctray.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Samantha Bewley\Local Settings\Application

    Data\Google\Update\GoogleUpdate.exe
    C:\Program Files\Copernic Desktop Search - Home\DesktopSearchService.exe
    C:\Program Files\Paltalk Messenger\paltalk.exe
    C:\Program Files\TechTracker\VersionTracker Pro\VersionTrackerPro.exe
    C:\Program Files\GeekAlarm\GeekAlarm.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
    C:\Program Files\ThreatFire\TFGui.exe
    C:\Program Files\Windows NT\Accessories\wordpad.exe
    C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
    C:\Program Files\Spyware Terminator\SpywareTerminator.exe
    C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

    https://www.google.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

    http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

    http://search.conduit.com?SearchSource=10&ctid=CT1561552
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

    http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

    http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

    http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

    http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R3 - URLSearchHook: Hotspot Shield Toolbar -

    {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program

    Files\Hotspot_Shield\tbHot1.dll
    R3 - URLSearchHook: (no name) - - (no file)
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
    O2 - BHO: Yahoo! Toolbar Helper - !!02478D38-C3F9-4EFB-9B51-7695ECA05670}

    - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Freecorder Toolbar - !!1392b8d2-5c05-419f-a8f6-b9f15a596612} -

    C:\Program Files\Freecorder\tbFre0.dll
    O2 - BHO: Adobe PDF Link Helper - !!18DF081C-E8AD-4283-A596-FA578C2EBDC3}

    - C:\Program Files\Common

    Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - !!1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} -

    C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O2 - BHO: flashget urlcatch - !!2F364306-AA45-47B5-9F9D-39A8B94E7EF7} -

    C:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer -

    !!3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program

    Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Windows Live Family Safety Browser Helper -

    !!4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows

    Live\Family Safety\fssbho.dll
    O2 - BHO: IEVkbdBHO Class - !!59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} -

    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security

    2009\ievkbd.dll
    O2 - BHO: Click-to-Call BHO - !!5C255C8A-E604-49b4-9D64-90988571CECB} -

    C:\Program Files\Windows Live\Messenger\wlchtc.dll
    O2 - BHO: Search Helper - !!6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -

    C:\Program Files\Microsoft\Search Enhancement Pack\Search

    Helper\SearchHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper -

    !!761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

    Files\Java\jre6\bin\ssv.dll
    O2 - BHO: IeCaptureBho Object - !!7c1ce531-09e9-4fc5-9803-1c2956615786} -

    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
    O2 - BHO: Windows Live Sign-in Helper -

    !!9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common

    Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Notifier BHO -

    {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

    Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
    O2 - BHO: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d}

    - C:\Program Files\Hotspot_Shield\tbHot1.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper -

    {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

    Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper -

    {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows

    Live\Toolbar\wltcore.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C}

    - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: FlashGet GetFlash Class -

    {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program

    Files\FlashGet\getflash.dll
    O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -

    C:\Program Files\Hotspot Shield\hssie\HssIE.dll
    O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} -

    C:\Program Files\Copernic Agent\CopernicAgentExt.dll
    O3 - Toolbar: Freecorder Toolbar - !!1392b8d2-5c05-419f-a8f6-b9f15a596612}

    - C:\Program Files\Freecorder\tbFre0.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -

    C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Hotspot Shield Toolbar -

    {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program

    Files\Hotspot_Shield\tbHot1.dll
    O3 - Toolbar: Copernic Desktop Search - Home -

    !!968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic

    Desktop Search - Home\DesktopSearchBand300000081.dll
    O3 - Toolbar: &Crawler Toolbar - !!4B3803EA-5230-4DC3-A7FC-33638F3D3542} -

    C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O3 - Toolbar: &Windows Live Toolbar -

    !!21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows

    Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

    C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [BrMfcWnd] C:\Program

    Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
    O4 - HKLM\..\Run: [ControlCenter3] C:\Program

    Files\Brother\ControlCenter3\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [!!0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program

    Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program

    Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe"

    /min
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

    Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google

    Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

    Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [BulletProofConnection] C:\PROGRA~1\BULLET~1\BULLET.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

    Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family

    Safety\fsui.exe" -autorun
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware

    Terminator\SpywareTerminatorShield.exe"
    O4 - HKLM\..\Run: [SystemProtect] C:\Program Files\System

    Protect\SysProtect_Tray.exe
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky

    Internet Security 2009\avp.exe"
    O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
    O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows

    Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe"

    /AUTO
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\John

    Browne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Copernic Desktop Search - Home] "C:\Program

    Files\Copernic Desktop Search - Home\DesktopSearchService.exe" /tray
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE

    (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE

    (User 'Default user')
    O4 - Startup: GeekAlarm.lnk = C:\Program Files\GeekAlarm\GeekAlarm.exe
    O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk

    Messenger\paltalk.exe
    O4 - Global Startup: VersionTrackerPro.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions

    present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel

    present
    O8 - Extra context menu item: &Download All with FlashGet - C:\Program

    Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Download with FlashGet - C:\Program

    Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program

    Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
    O8 - Extra context menu item: Crawler Search - tbr:iemenu
    O9 - Extra button: Popup Blocker - !!0D555BC6-E331-48b3-A60E-AAC0DF79438A}

    - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Popup Blocker -

    !!0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: (no name) - !!193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} -

    C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra 'Tools' menuitem: Launch Copernic Agent -

    !!193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} -

    C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Web traffic protection statistics -

    !!1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky

    Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
    O9 - Extra button: Blog This - !!219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -

    C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer -

    !!219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows

    Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: PalTalk - !!4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} -

    C:\Program Files\Paltalk Messenger\Paltalk.exe
    O9 - Extra button: Copernic Agent -

    !!688DC797-DC11-46A7-9F1B-445F4F58CE6E} -

    C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -

    C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet -

    {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program

    Files\FlashGet\FlashGet.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

    C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

    {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

    Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -

    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O16 - DPF: !!1D87F5B2-05F1-11D2-AD7C-0000F8799342} (Microsoft IE Object

    Wrapper Sample Control) -

    http://activex.microsoft.com/activex/controls/agent2/lhttseng.exe
    O16 - DPF: !!30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -

    C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: !!4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool)

    - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: !!62475759-9E84-458E-A1AB-5D2C442ADFDE} -

    http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/sab

    a/us/win/QuickTimeInstaller.exe
    O16 - DPF: !!91433D86-9F27-402C-B5E3-DEBDD122C339} -

    http://www.netvenda.com/sites/gampr-ie/iep/games22.cab
    O16 - DPF: {C2F38867-251C-4216-9B1C-BBE89B8700E2} (iVocalize Internet

    Conference 3 Setup) -

    http://www.talkingcommunities.com/client3/ivsetup3.cab
    O16 - DPF: {DEADBEEF-DEAD-BEEF-DEAD-BEEFDEADBEEF} -

    http://www.haptek.com/products/player/autoinstall/data/latest.cab
    O16 - DPF: {E53458D2-5A83-4BD1-8DE2-EEEBE73BAB77} -

    http://dinet.info/n/us02/n.cab
    O17 -

    HKLM\System\CCS\Services\Tcpip\..\!!73D7B886-43C6-4654-AD39-0CE291E8F6C8}:

    NameServer = 208.67.222.222,208.67.220.220
    O18 - Protocol: Festoon - (no CLSID) - (no file)
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

    C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: tbr - !!4D25FB7A-8902-4291-960E-9ADA051CFBBF} -

    C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O18 - Protocol: vskype - (no CLSID) - (no file)
    O20 - AppInit_DLLs:

    C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mz

    vkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\

    KASPER~1\kloehk.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program

    Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft -

    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -

    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Kaspersky Internet Security (avp) - Kaspersky Lab -

    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
    O23 - Service: Belkin High-Speed Mode Wireless G USB Driver (Belkin

    High-Speed Mode Wireless G USB Network Adapter Service) - Unknown owner -

    C:\Program Files\Belkin\F5D7051\WLService.exe
    O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program

    Files\Common Files\EPSON\EBAPI\eEBSVC.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO

    EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: Gizmo VoIP Service (Gizmo Plugin) - SIPphone, Inc. -

    C:\Program Files\GizmoPlugin\GizmoPlugin.exe
    O23 - Service: Google Desktop Manager 5.7.806.10245

    (GoogleDesktopManager-061008-081103) - Google - C:\Program

    Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program

    Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown

    owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun

    Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LiveUpdate - Symantec Corporation -

    C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) -

    Symantec Corporation - (no file)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation -

    C:\Program Files\Common Files\Symantec

    Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation -

    C:\WINDOWS\System32\NMSSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation

    - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) -

    Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: System Protect Deletion Prevention Service (SP_Service) -

    Xacti Corporation - C:\Program Files\System Protect\SysProtect_srv.exe
    O23 - Service: ThreatFire - PC Tools - C:\Program

    Files\ThreatFire\TFService.exe

    --
    End of file - 17190 bytes
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    HIJACKS not supposed to be broke up (spaces inbetween)
    Its not looking good this.
    And its making it very hard to read (As its not just spaces, its mixed up!)

    In fact, after 10 mins of trying im going to have to give up with that
    I just cant read them ~ so cant post what to kill. And even if I did, you could then get mixed up yourself and kill the wrong process (which could kill the computer!)

    Can you not get kaspersky to scan?
    If you can then thats what id run next.

    Then SUPER ANTI SPYWARE
    http://www.download.com/SUPERAntiSpyware-Free-Edition/3000-8022_4-10523889.html
    :idea:
  • Samanthas_2
    Samanthas_2 Posts: 132 Forumite
    aliEnRIK wrote: »
    HIJACKS not supposed to be broke up (spaces inbetween)
    Its not looking good this.
    And its making it very hard to read (As its not just spaces, its mixed up!)

    In fact, after 10 mins of trying im going to have to give up with that
    I just cant read them ~ so cant post what to kill. And even if I did, you could then get mixed up yourself and kill the wrong process (which could kill the computer!)

    Can you not get kaspersky to scan?
    If you can then thats what id run next.

    Then SUPER ANTI SPYWARE
    http://www.download.com/SUPERAntiSpyware-Free-Edition/3000-8022_4-10523889.html
    >>>>>>


    I have been doing some research on Elite-Keylogger
    http://www.widestep.com/forum/index.php?action=printpage;topic=190.0

    http://www.download.com/Elite-Keylogger/3640-2162_4-10383364.html?v=1

    Detected and removed by Webroot Spysweeper 5.0.5.1286


    Cons: Norton And Avast Anti Virus Pick it up as a Trojan

    Detected by Panda, Norton, Spy Doctor, Spy Sweeper


    Ms config
    http://www.microsoft.com/windows/compatibility/

    Uniblue SpyEraser
    https://www.uniblue.com

    http://www.exterminate-it.com/malpedia/remove-elite-keylogger

    http://www.exterminate-it.com/faq

    http://www.exterminate-it.com/purchase

    http://groups.google.ie/group/microsoft.public.windows.vista.security/browse_thread/thread/72a16508e4919b91?hl=en&ie=UTF-8&q=elite+keylogger&pli=1

    noadware.net

    http://groups.google.ie/group/alt.privacy.spyware/browse_thread/thread/22d420e7d35126f9?hl=en&ie=UTF-8&q=elite+keylogger#2539a611cfe19834

    How do I install Kill Process and MsConfig in Safe Mode the F8 button intermitently at start up.

    Is Webroot Antispyware worth it if it claims to remove elite keylogger


    Samantha
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 352.3K Banking & Borrowing
  • 253.7K Reduce Debt & Boost Income
  • 454.4K Spending & Discounts
  • 245.4K Work, Benefits & Business
  • 601.1K Mortgages, Homes & Bills
  • 177.6K Life & Family
  • 259.2K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16K Discuss & Feedback
  • 37.7K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture