Page 1 of 3 123 LastLast
Results 1 to 10 of 24
  1. #1
    Member
    Join Date
    Jun 2012
    Posts
    15
    Points
    0

    Default Computer bogging

    Hello Jerabel here

    Having probs with freezes, redirects, and slowing down of my computer

    Here are the logs hope u can help

    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 06/14/2012 at 08:58 PM

    Application Version : 5.1.1002

    Core Rules Database Version : 8733
    Trace Rules Database Version: 6545

    Scan type : Quick Scan
    Total Scan Time : 00:11:08

    Operating System Information
    Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
    Administrator

    Memory items scanned : 621
    Memory threats detected : 0
    Registry items scanned : 29345
    Registry threats detected : 0
    File items scanned : 8429
    File threats detected : 153

    Adware.Tracking Cookie
    C:\Documents and Settings\Jerabel\Cookies\jerabel@247realmedia[1].txt [ /247realmedia ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@2o7[2].txt [ /2o7 ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@ad.wsod[2].txt [ /ad.wsod ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@ad.yieldmanager[2].txt [ /ad.yieldmanager ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@ad.yieldmanager[3].txt [ /ad.yieldmanager ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@ad1.clickhype[1].txt [ /ad1.clickhype ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@adbrite[1].txt [ /adbrite ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@adbrite[3].txt [ /adbrite ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@ads.admaxasia[2].txt [ /ads.admaxasia ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@ads.ak.facebook[1].txt [ /ads.ak.facebook ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@ads.as4x.tmcs.ticketmaster[1].txt [ /ads.as4x.tmcs.ticketmaster ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@ads.associatedcontent[2].txt [ /ads.associatedcontent ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@ads.audxch[2].txt [ /ads.audxch ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@ads.backads[1].txt [ /ads.backads ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@ads.bittorrent[1].txt [ /ads.bittorrent ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@ads.bootcampmedia[2].txt [ /ads.bootcampmedia ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@ads.contactmusic[2].txt [ /ads.contactmusic ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@ads.fulldls[2].txt [ /ads.fulldls ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@ads.t5m[2].txt [ /ads.t5m ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@ads.torrentreactor[2].txt [ /ads.torrentreactor ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@ads.undertone[2].txt [ /ads.undertone ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@ads.us.e-planning[1].txt [ /ads.us.e-planning ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@adserve.gossipcenter[1].txt [ /adserve.gossipcenter ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@adserver.adtechus[2].txt [ /adserver.adtechus ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@adserver.seedpeer[2].txt [ /adserver.seedpeer ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@adtech[1].txt [ /adtech ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@advertising.virtualstar[1].txt [ /advertising.virtualstar ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@advertising[1].txt [ /advertising ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@adxpose[1].txt [ /adxpose ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@associatedcontent.112.2o7[1].txt [ /associatedcontent.112.2o7 ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@at.atwola[1].txt [ /at.atwola ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@atdmt[1].txt [ /atdmt ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@atdmt[2].txt [ /atdmt ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@atdmt[3].txt [ /atdmt ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@atdmt[5].txt [ /atdmt ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@bellglobemediapublishing.122.2o7[1].txt [ /bellglobemediapublishing.122.2o7 ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@breakmedia.checkm8[1].txt [ /breakmedia.checkm8 ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@burstbeacon[1].txt [ /burstbeacon ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@canoe.112.2o7[1].txt [ /canoe.112.2o7 ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@cba.122.2o7[1].txt [ /cba.122.2o7 ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@cbs.112.2o7[1].txt [ /cbs.112.2o7 ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@chitika[2].txt [ /chitika ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@click.mediadome[1].txt [ /click.mediadome ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@clicksor[2].txt [ /clicksor ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@clicktorrent[1].txt [ /clicktorrent ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@content.yieldmanager[1].txt [ /content.yieldmanager ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@content.yieldmanager[2].txt [ /content.yieldmanager ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@content.yieldmanager[3].txt [ /content.yieldmanager ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@content.yieldmanager[4].txt [ /content.yieldmanager ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@dmtracker[1].txt [ /dmtracker ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@f2network.112.2o7[1].txt [ /f2network.112.2o7 ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@fastclick[2].txt [ /fastclick ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@forums.msexchange[2].txt [ /forums.msexchange ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@gossipteen[2].txt [ /gossipteen ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@iacas.adbureau[1].txt [ /iacas.adbureau ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@insightexpressai[2].txt [ /insightexpressai ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@kontera[1].txt [ /kontera ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@largebanner360[1].txt [ /largebanner360 ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@media.photobucket[2].txt [ /media.photobucket ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@media.sensis.com[2].txt [ /media.sensis.com ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@mediaonenetwork[1].txt [ /mediaonenetwork ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@mediaplex[2].txt [ /mediaplex ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@microsoftsto.112.2o7[1].txt [ /microsoftsto.112.2o7 ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@microsoftwllivemkt.112.2o7[1].txt [ /microsoftwllivemkt.112.2o7 ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@mmedia.t134[1].txt [ /mmedia.t134 ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@msexchange[2].txt [ /msexchange ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@msnbc.112.2o7[2].txt [ /msnbc.112.2o7 ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@msnportal.112.2o7[1].txt [ /msnportal.112.2o7 ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@myroitracking[1].txt [ /myroitracking ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@netgear.122.2o7[1].txt [ /netgear.122.2o7 ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@network.alluremedia.com[1].txt [ /network.alluremedia.com ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@network.realmedia[1].txt [ /network.realmedia ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@newmoonthesoundtrack[1].txt [ /newmoonthesoundtrack ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@oasn04.247realmedia[1].txt [ /oasn04.247realmedia ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@optimize.indieclick[2].txt [ /optimize.indieclick ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@partypoker[1].txt [ /partypoker ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@pro-market[2].txt [ /pro-market ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@rainbowmedia.122.2o7[1].txt [ /rainbowmedia.122.2o7 ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@realmedia[1].txt [ /realmedia ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@richmedia.yahoo[1].txt [ /richmedia.yahoo ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@rm.yieldmanager[2].txt [ /rm.yieldmanager ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@rotator.adjuggler[2].txt [ /rotator.adjuggler ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@serving-sys[2].txt [ /serving-sys ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@smartadserver[2].txt [ /smartadserver ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@sonymediasoftware.112.2o7[1].txt [ /sonymediasoftware.112.2o7 ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@sorensonmedia[1].txt [ /sorensonmedia ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@tacoda[2].txt [ /tacoda ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@teens.lovetoknow[1].txt [ /teens.lovetoknow ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@timeinc.122.2o7[1].txt [ /timeinc.122.2o7 ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@tns-counter[1].txt [ /tns-counter ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@tracking.the7thchamber[2].txt [ /tracking.the7thchamber ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@trafficmp[1].txt [ /trafficmp ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@trinitymirror.112.2o7[1].txt [ /trinitymirror.112.2o7 ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@viacom.adbureau[2].txt [ /viacom.adbureau ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@videoegg.adbureau[2].txt [ /videoegg.adbureau ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@weefind[1].txt [ /weefind ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@weefind[2].txt [ /weefind ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@weefind[4].txt [ /weefind ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@winzip.122.2o7[1].txt [ /winzip.122.2o7 ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@wmg.112.2o7[1].txt [ /wmg.112.2o7 ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@www.burstbeacon[1].txt [ /www.burstbeacon ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@www.newmoonthesoundtrack[1].txt [ /www.newmoonthesoundtrack ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@www.sorensonmedia[2].txt [ /www.sorensonmedia ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@www.usenext[2].txt [ /www.usenext ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@www3.smartadserver[2].txt [ /www3.smartadserver ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@www5.addfreestats[1].txt [ /www5.addfreestats ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@xiti[1].txt [ /xiti ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@xm.xtendmedia[2].txt [ /xm.xtendmedia ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@yieldmanager[1].txt [ /yieldmanager ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@zedo[1].txt [ /zedo ]
    C:\Documents and Settings\Jerabel\Cookies\7I2P78YK.txt [ /adinterax.com ]
    C:\Documents and Settings\Jerabel\Cookies\RU7SDQPU.txt [ /media6degrees.com ]
    C:\Documents and Settings\Jerabel\Cookies\L44UTBNJ.txt [ /ads.ad4game.com ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@us.sitestat[2].txt [ /us.sitestat.com ]
    C:\Documents and Settings\Jerabel\Cookies\B20KUC1J.txt [ /serving-sys.com ]
    C:\Documents and Settings\Jerabel\Cookies\BIVU1LOX.txt [ /specificclick.net ]
    C:\Documents and Settings\Jerabel\Cookies\ES40ZQ8J.txt [ /adbrite.com ]
    C:\Documents and Settings\Jerabel\Cookies\UJPUGG12.txt [ /lucidmedia.com ]
    C:\Documents and Settings\Jerabel\Cookies\PTHBR1NM.txt [ /collective-media.net ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@cgi-bin[2].txt [ /imrworldwide.com ]
    C:\Documents and Settings\Jerabel\Cookies\GHHW2ZSV.txt [ /interclick.com ]
    C:\Documents and Settings\Jerabel\Cookies\U115I0HI.txt [ /revsci.net ]
    C:\Documents and Settings\Jerabel\Cookies\145013S8.txt [ /tribalfusion.com ]
    C:\Documents and Settings\Jerabel\Cookies\HOQ7SH8V.txt [ /questionmarket.com ]
    C:\Documents and Settings\Jerabel\Cookies\DSXIVQ5H.txt [ /accounts.google.com ]
    C:\Documents and Settings\Jerabel\Cookies\0OV3NB1A.txt [ /srv.clickfuse.com ]
    C:\Documents and Settings\Jerabel\Cookies\R8G9SNFI.txt [ /pointroll.com ]
    C:\Documents and Settings\Jerabel\Cookies\IN2KFZ0S.txt [ /windowsmedia.com ]
    C:\Documents and Settings\Jerabel\Cookies\jerabel@us.sitestat[1].txt [ /us.sitestat.com ]
    C:\Documents and Settings\Jerabel\Cookies\SNYNKWLY.txt [ /adservx.omg.com.au ]
    C:\Documents and Settings\Jerabel\Cookies\3M0273KH.txt [ /adfarm1.adition.com ]
    C:\Documents and Settings\Jerabel\Cookies\F76JHO4Q.txt [ /atdmt.com ]
    C:\Documents and Settings\Jerabel\Cookies\IKMML6A4.txt [ /invitemedia.com ]
    C:\Documents and Settings\Jerabel\Cookies\FYE6ED0W.txt [ /www.windowsmedia.com ]
    C:\Documents and Settings\Jerabel\Cookies\WL1P5Y9T.txt [ /adx.kat.ph ]
    C:\Documents and Settings\Jerabel\Cookies\OCM1LKD5.txt [ /iinet.122.2o7.net ]
    C:\Documents and Settings\Jerabel\Cookies\G5607WK5.txt [ /ads.pointroll.com ]
    C:\Documents and Settings\Jerabel\Cookies\XHAUT144.txt [ /www.googleadservices.com ]
    C:\Documents and Settings\Jerabel\Cookies\KLZ0LLBA.txt [ /paypal.112.2o7.net ]
    C:\Documents and Settings\Jerabel\Cookies\7EATJ6JC.txt [ /clickfuse.com ]
    C:\Documents and Settings\Jerabel\Cookies\AKOS2ND2.txt [ /ad.yieldmanager.com ]
    C:\Documents and Settings\Jerabel\Cookies\SIWBMI8V.txt [ /snapfish.112.2o7.net ]
    C:\Documents and Settings\Jerabel\Cookies\ASEFICIE.txt [ /www.insightdesign.com.au ]
    C:\Documents and Settings\Jerabel\Cookies\8KNMWN31.txt [ /liveperson.net ]
    C:\Documents and Settings\Jerabel\Cookies\FK3UH0W1.txt [ /liveperson.net ]
    C:\Documents and Settings\Jerabel\Cookies\PLW6YJ2B.txt [ /ru4.com ]
    C:\Documents and Settings\Jerabel\Cookies\UL3QFZQ6.txt [ /adlegend.com ]
    C:\Documents and Settings\Jerabel\Cookies\D2LKSTPI.txt [ /sales.liveperson.net ]
    C:\Documents and Settings\Jerabel\Cookies\B7VFTR8R.txt [ /c.atdmt.com ]
    C:\Documents and Settings\Jerabel\Cookies\Q8EU1O2G.txt [ /server.cpmstar.com ]
    C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\KJUDIILO.txt [ Cookie:administrator@atdmt.com/ ]
    C:\DOCUMENTS AND SETTINGS\JERABEL\Cookies\3OM889F0.txt [ Cookie:jerabel@support.easeus.com/ordertrack/ ]
    C:\DOCUMENTS AND SETTINGS\JERABEL\Cookies\jerabel@adsonar[2].txt [ Cookie:jerabel@adsonar.com/adserving ]


    Malwarebytes Anti-Malware (Trial) 1.61.0.1400
    Malwarebytes : Free anti-malware, anti-virus and spyware removal download

    Database version: v2012.06.11.04

    Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
    Internet Explorer 8.0.6001.18702
    Jerabel :: JERABEL-PC [administrator]

    Protection: Disabled

    12/06/2012 12:29:28 AM
    mbam-log-2012-06-12 (00-29-28).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 215380
    Time elapsed: 6 minute(s), 22 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 1
    HKCU\SOFTWARE\3721 (PUP.BitSpirit) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 8
    C:\Documents and Settings\Jerabel\My Documents\Downloads\DownloadSetup(2).exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Jerabel\My Documents\Downloads\DownloadSetup.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Jerabel\My Documents\Downloads\SoftonicDownloader_for_sorenson-squeeze.exe (PUP.BundleOffer.Downloader.S) -> Quarantined and deleted successfully.
    C:\Program Files\uTorrent1.8.3.exe (PUP.SmsPay.pns) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\admdll.dll (PUP.RemoteAdmin) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\raddrv.dll (PUP.RemoteAdmin) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Jerabel\Local Settings\Application Data\rlmkqzy.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Jerabel\Local Settings\Temp\.exe (Trojan.Agent) -> Quarantined and deleted successfully.

    (end)


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:48:06 AM, on 15/06/2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\crypserv.exe
    C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
    C:\PROGRA~1\WI0498~1\Datamngr\DATAMN~1.EXE
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
    C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.0.2;192.168.0.180;192.168.0.5;<local>;*.local
    O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Savevid Toolbar - {23cd218f-af09-443f-bbb1-adb89fd5986d} - C:\PROGRA~1\WI0498~1\Datamngr\ToolBar\savevidX.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: uTorrentControl2 - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Bitlord - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\prxtbTor0.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~1\WI0498~1\Datamngr\BROWSE~1.DLL
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Vuze Remote - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
    O3 - Toolbar: Bitlord Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\prxtbTor0.dll
    O3 - Toolbar: Savevid Toolbar - {23cd218f-af09-443f-bbb1-adb89fd5986d} - C:\PROGRA~1\WI0498~1\Datamngr\ToolBar\savevidX.dll
    O3 - Toolbar: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll
    O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
    O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\WI0498~1\Datamngr\DATAMN~1.EXE
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKCU\..\Run: [KavPFW] "C:\Program Files\Kingsoft\Kingsoft Internet Security 9\KPFW32.EXE" -startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Adobe Acrobat Synchronizer] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AdobeCollabSync.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
    O4 - Global Startup: WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1253800399031
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\WI0498~1\Datamngr\datamngr.dll C:\PROGRA~1\WI0498~1\Datamngr\IEBHO.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    O23 - Service: Google Update Service (gupdate1ca40f79efbb038) (gupdate1ca40f79efbb038) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

    --
    End of file - 12836 bytes

  2. #2
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,178
    Points
    1308

    Default

    Hello jerabel

    Welcome to Help2Go!

    I'll help you get started on the right track, our expert will carry on with immediate fixes for you. Please be patient our forum is currently very busy.

    We need to see some information about what is happening in your machine. Please perform the following scan:
    • Download DDS by sUBs from one of the following links. Save it to your desktop.
    • Double click on the DDS icon, allow it to run.
    • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
    • Notepad will open with the results.
    • Follow the instructions that pop up for posting the results.
    • Close the program window, and delete the program from your desktop.
    Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

    Information on A/V control HERE


    NEXT


    Please download aswMBR ( 511KB ) to your desktop.
    • Double click the aswMBR.exe icon to run it
    • Click the Scan button to start the scan
    • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.


    Joe

  3. #3
    Member
    Join Date
    Jun 2012
    Posts
    15
    Points
    0

    Default

    Thanks Joe,

    More reports as follows

    Jerabel

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Jerabel at 9:12:19 on 2012-06-16
    Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.3326.2326 [GMT 8:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\crypserv.exe
    C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
    C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
    C:\PROGRA~1\WI0498~1\Datamngr\DATAMN~1.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
    C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
    C:\Documents and Settings\Jerabel\My Documents\Downloads\aswMBR.exe
    C:\WINDOWS\system32\wscntfy.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uSearchMigratedDefaultURL = hxxp://www.google.com/custom?q={searchTerms}&sa.x=0&sa.y=0&safe=active&client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&hl=en&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1
    uInternet Settings,ProxyServer = 192.168.0.1:8080
    uInternet Settings,ProxyOverride = 192.168.0.2;192.168.0.180;192.168.0.5;<local>;*.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Savevid Toolbar: {23cd218f-af09-443f-bbb1-adb89fd5986d} - c:\progra~1\wi0498~1\datamngr\toolbar\savevidX.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Bitlord Toolbar: {7c5c0f58-e061-457d-9033-77307f5ed00c} - c:\program files\torrentman\prxtbTor0.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: DataMngr: {9d717f81-9148-4f12-8568-69135f087db0} - c:\progra~1\wi0498~1\datamngr\BROWSE~1.DLL
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers runtime\YontooIEClient.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
    TB: Bitlord Toolbar: {7c5c0f58-e061-457d-9033-77307f5ed00c} - c:\program files\torrentman\prxtbTor0.dll
    TB: Savevid Toolbar: {23cd218f-af09-443f-bbb1-adb89fd5986d} - c:\progra~1\wi0498~1\datamngr\toolbar\savevidX.dll
    TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
    TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [KavPFW] "c:\program files\kingsoft\kingsoft internet security 9\KPFW32.EXE" -startup
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [AdobeBridge]
    uRun: [Adobe Acrobat Synchronizer] "c:\program files\adobe\acrobat 9.0\acrobat\AdobeCollabSync.exe"
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
    mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
    mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
    mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
    mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
    mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
    mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [DATAMNGR] c:\progra~1\wi0498~1\datamngr\DATAMN~1.EXE
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1253800399031
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{54330E27-0271-4B20-BAF9-528742188C71} : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{731B8177-ED87-492F-B8B1-4F7AD10F60ED} : DhcpNameServer = 203.0.178.191 203.215.29.191
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    AppInit_DLLs: c:\progra~1\wi0498~1\datamngr\datamngr.dll c:\progra~1\wi0498~1\datamngr\IEBHO.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    Hosts: 127.0.0.1 Spyware Info | Spyware Info
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\jerabel\application data\mozilla\firefox\profiles\ns68zi5v.default\
    FF - prefs.js: browser.startup.homepage - Google
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-6-13 612184]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-6-13 337880]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-23 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-6-13 20696]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-6-13 44768]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-6-11 654408]
    R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-1-21 110592]
    R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-11 22344]
    R3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX2000/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [2009-11-2 30560]
    S1 MpKsl9e978edf;MpKsl9e978edf;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{34bc2932-18ed-4025-9655-adbd0aafd9a6}\mpksl9e978edf.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{34bc2932-18ed-4025-9655-adbd0aafd9a6}\MpKsl9e978edf.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate1ca40f79efbb038;Google Update Service (gupdate1ca40f79efbb038);c:\program files\google\update\GoogleUpdate.exe [2009-9-29 133104]
    S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
    S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-7-30 13192]
    S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-7-30 8456]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-9-29 133104]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-7 113120]
    S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\drivers\tapoas.sys [2010-6-9 26112]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-9-20 11520]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-2-28 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 GEST Service;GEST Service for program management.;c:\program files\gigabyte\energysaver\GSvr.exe [2009-9-24 68136]
    .
    =============== File Associations ===============
    .
    chm.file="hh.exe" %1
    .
    =============== Created Last 30 ================
    .
    2012-06-14 11:46:33 -------- d-----w- c:\program files\Trend Micro
    2012-06-14 11:42:18 237072 ------w- c:\windows\system32\MpSigStub.exe
    2012-06-14 11:30:01 -------- d-----w- c:\documents and settings\jerabel\application data\SUPERAntiSpyware.com
    2012-06-14 11:29:31 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-06-14 11:29:31 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
    2012-06-13 23:38:35 -------- d-----w- C:\Backup of External HDD
    2012-06-13 06:51:58 -------- d-----w- c:\program files\PowerDataRecovery
    2012-06-13 06:42:08 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2012-06-13 06:42:08 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
    2012-06-13 05:24:47 292700 ----a-w- c:\windows\system32\nvdrsdb1.bin
    2012-06-13 05:24:47 292700 ----a-w- c:\windows\system32\nvdrsdb0.bin
    2012-06-13 05:24:47 1 ----a-w- c:\windows\system32\nvdrssel.bin
    2012-06-13 05:24:28 -------- d-----w- c:\program files\NVIDIA Corporation
    2012-06-13 05:21:26 -------- d-----w- c:\windows\system32\winrm
    2012-06-13 05:21:22 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
    2012-06-13 04:58:31 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
    2012-06-13 04:38:57 -------- d-----w- c:\program files\CCleaner
    2012-06-13 02:12:37 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-06-13 02:12:06 41184 ----a-w- c:\windows\avastSS.scr
    2012-06-13 02:11:48 -------- d-----w- c:\program files\AVAST Software
    2012-06-13 02:11:48 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
    2012-06-13 02:00:22 -------- d--h--w- c:\windows\system32\GroupPolicy
    2012-06-11 13:41:26 -------- d-----w- c:\documents and settings\jerabel\application data\Malwarebytes
    2012-06-11 13:41:00 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2012-06-11 13:40:59 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-11 13:40:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-06-06 16:12:52 -------- d-----w- c:\documents and settings\jerabel\local settings\application data\Deployment
    2012-06-06 15:45:35 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2012-06-06 15:45:35 -------- d-----w- c:\windows\system32\wbem\Repository
    2012-05-25 03:15:14 -------- d-----w- c:\documents and settings\jerabel\application data\ooVoo Details
    2012-05-25 03:14:04 -------- d-----w- c:\program files\ooVoo
    .
    ==================== Find3M ====================
    .
    2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
    2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys
    2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll
    2012-05-11 14:42:33 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-05-11 11:38:02 385024 ------w- c:\windows\system32\html.iec
    2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2009-10-28 15:15:59 6624256 ----a-w- c:\program files\etax2009_1.msi
    2009-10-08 15:53:53 3004344 ----a-w- c:\program files\BitTorrent-6.2.exe
    2009-10-03 01:12:34 160594328 ----a-w- c:\program files\vegaspro90b_32bit.exe
    2009-09-29 10:56:11 2020136 ----a-w- c:\program files\SkypeSetup.exe
    2009-09-25 02:49:04 331805736 ----a-w- c:\program files\WindowsXP-KB936929-SP3-x86-ENU.exe
    2009-09-24 11:53:55 18863384 ----a-w- c:\program files\LimeWireWin.exe
    .
    ============= FINISH: 9:14:18.50 ===============

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-06-16 08:13:06
    -----------------------------
    08:13:06.296 OS Version: Windows 5.1.2600 Service Pack 3
    08:13:06.296 Number of processors: 2 586 0x170A
    08:13:06.296 ComputerName: JERABEL-PC UserName: Jerabel
    08:13:09.625 Initialize success
    08:13:09.703 AVAST engine defs: 12061500
    08:13:25.218 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-10
    08:13:25.218 Disk 0 Vendor: ST31000340AS SD25 Size: 953868MB BusType: 3
    08:13:25.234 Disk 0 MBR read successfully
    08:13:25.234 Disk 0 MBR scan
    08:13:25.234 Disk 0 Windows XP default MBR code
    08:13:25.234 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953859 MB offset 63
    08:13:25.250 Disk 0 scanning sectors +1953504000
    08:13:25.343 Disk 0 scanning C:\WINDOWS\system32\drivers
    08:13:33.218 Service scanning
    08:13:45.421 Modules scanning
    08:13:50.218 Disk 0 trace - called modules:
    08:13:50.250 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
    08:13:50.265 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8afe1ab8]
    08:13:50.265 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\00000078[0x8b03a198]
    08:13:50.265 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-10[0x8b01d3c0]
    08:13:51.359 AVAST engine scan C:\WINDOWS
    08:14:01.515 AVAST engine scan C:\WINDOWS\system32
    08:16:28.687 AVAST engine scan C:\WINDOWS\system32\drivers
    08:16:56.328 AVAST engine scan C:\Documents and Settings\Jerabel
    09:15:21.015 AVAST engine scan C:\Documents and Settings\All Users
    09:19:07.390 Scan finished successfully
    09:20:11.312 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jerabel\Desktop\MBR.dat"
    09:20:11.312 The log file has been saved successfully to "C:\Documents and Settings\Jerabel\Desktop\aswMBR.txt"

  4. #4
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,178
    Points
    1308

    Default

    Hi jerabel


    You have 2 Anti Virus programs running, Microsoft Security Essentials and Avast Anti Virus.
    The real-time protection of 2 antivirus programs may conflict with each other and cause the following:

    * False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
    * Conflicts: Your system may lock up due to both products attempting to access the same file at the same time.
    * Performance: More that one antivirus will cause your PC to become slow and it may even crash or blue screen.
    * Less protection: Two antivirus trying to scan the same file may interfere with the process and allow a malicious file onto the computer without notice to you.

    For now lets uninstall Avast using the special Avast uninstall tool found HERE

    This will help to make the computer a bit more responsive as there's going to be more to do.

  5. #5
    Member
    Join Date
    Jun 2012
    Posts
    15
    Points
    0

    Default

    Hi Joe,

    yes i figured that one already ,but ditched MSE instead

    please let me know if to change back to avast

    Jerabel

  6. #6
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,178
    Points
    1308

    Default

    Hi jerabel,

    O4 - HKCU\..\Run: [KavPFW] "C:\Program Files\Kingsoft\Kingsoft Internet Security 9\KPFW32.EXE" -startup

    This is another Anti Virus program running, no wonder your computer is slow, lets remove this program using a program called Application remover the link is found below,

    application remover - download tag - page 1 - Softpedia

    Or you can use revouninstaller here----> http://www.revouninstaller.com/

    Next
    Using the Hijackthis program,

    Close all browser windows, open Hijackthis do a system scan only, place a check mark in the following entries in bold.

    O2 - BHO: Savevid Toolbar - {23cd218f-af09-443f-bbb1-adb89fd5986d} - C:\PROGRA~1\WI0498~1\Datamngr\ToolBar\savevidX.dll

    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

    O2 - BHO: uTorrentControl2 - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll

    O2 - BHO: Bitlord - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\prxtbTor0.dll

    O2 - BHO: Vuze Remote - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll

    O3 - Toolbar: Bitlord Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\prxtbTor0.dll

    O3 - Toolbar: Savevid Toolbar - {23cd218f-af09-443f-bbb1-adb89fd5986d} - C:\PROGRA~1\WI0498~1\Datamngr\ToolBar\savevidX.dll

    O3 - Toolbar: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll

    O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll

    O4 - HKCU\..\Run: [KavPFW] "C:\Program Files\Kingsoft\Kingsoft Internet Security 9\KPFW32.EXE" -startup


    Click Fix checked
    Close Hijackthis.
    Reboot the computer.

    Next
    Post a new Hijackthis log for review.
    Last edited by zep516; 06-16-2012 at 10:46 PM.

  7. #7
    Member
    Join Date
    Jun 2012
    Posts
    15
    Points
    0

    Default

    Hey Joe,

    trying to get to the fixes but am having trouble getting rid of Kingsoft Internet Security 9, both App Removal tool you recomended wont detect it

    Jerabel

  8. #8
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,178
    Points
    1308

    Default

    Ok, I was afraid of that. Is the program listed in the add/ remove section just curious? The program was probably removed and that's just a left over. We can ditch it using Hijackthis...

    So for now just include this entry in the hijackthis fixes O4 - HKCU\..\Run: [KavPFW] "C:\Program Files\Kingsoft\Kingsoft Internet Security 9\KPFW32.EXE" -startup

    Place a checkmark in it as described above in post #6 on the Hijackthis fixes. Do the fixes post a new log. I edited the fixes above to include the entry..
    Last edited by zep516; 06-16-2012 at 10:53 PM.

  9. #9
    Member
    Join Date
    Jun 2012
    Posts
    15
    Points
    0

    Default

    Joe,

    Kingsoft is still listed in C: Program files

    also picked up another BHO from the Softpedia site, "Contribute" me thinks,

    log as follows

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:19:28 PM, on 17/06/2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\crypserv.exe
    C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
    C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
    C:\PROGRA~1\WI0498~1\Datamngr\DATAMN~1.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
    C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.0.2;192.168.0.180;192.168.0.5;<local>;*.local
    O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~1\WI0498~1\Datamngr\BROWSE~1.DLL
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
    O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\WI0498~1\Datamngr\DATAMN~1.EXE
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Adobe Acrobat Synchronizer] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AdobeCollabSync.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
    O4 - Global Startup: WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1253800399031
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\WI0498~1\Datamngr\datamngr.dll C:\PROGRA~1\WI0498~1\Datamngr\IEBHO.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    O23 - Service: Google Update Service (gupdate1ca40f79efbb038) (gupdate1ca40f79efbb038) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

    --
    End of file - 11538 bytes

  10. #10
    Member
    Join Date
    Jun 2012
    Posts
    15
    Points
    0

    Default

    Hi Joe,

    Got this thing too "FLV Runner Community Toolbar"

    Jerabel

Page 1 of 3 123 LastLast