Mourning the loss of our friend, WhitPhil.
There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
 
Malware Removal & HijackThis Logs
Tag Cloud
access audio black screen blue screen boot bsod connection crash dell desktop driver drivers dvd email error excel firefox hard drive hardware hijackthis internet keyboard laptop malware monitor motherboard network networking outlook problem processor recovery router safe mode screen slow sound spyware tdlwsp.dll trojan upgrade video virus vista vundo windows windows 7 windows vista windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > Malware Removal & HijackThis Logs >
Solved: Need Help Please

Tip: Click here to scan for System Errors and Optimize PC performance
[ Sponsored Link ]

Page 1 of 2 1 2
 
Thread Tools
krh977's Avatar
Member with 41 posts.
  
Join Date: Oct 2009
Experience: basic knowledge
25-Oct-2009, 01:03 PM #1
Need Help Please
I have recieved a virus on two computers. When I try to remove it or maybe system restore the computer is telling me that the feature was turned off by the adminstrator. There is a pop up message that is saying i was ininfected by a worm by the name of lsas.blaster.keylogger. I was wondering if there was anything anybody could do to help me resolve this problem.
Register for free to hide this ad!
krh977's Avatar
Member with 41 posts.
  
Join Date: Oct 2009
Experience: basic knowledge
26-Oct-2009, 08:45 PM #2
Need Help Please
I recently posted my problem and didn't recieve any feedback. Today I read the post for people posting for the first time and now have a hijackthis log. My problem still remains that I have a virus and am trying to find a way to remove it. Here is my hijackthis.log. By the way I am running the computer now in safe mode.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:38:48 PM, on 10/26/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Safe mode with network support
Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yma2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yma2
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {2E59498D-7E44-4452-9044-0973B080B9E8} - C:\Windows\System32\winexplorer.dll (file missing)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.85.0\HostIE.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Gamevance Text - {BEAC7DC8-E106-4C6A-931E-5A42E7362883} - C:\Program Files\Gamevance\gvtl.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.85.0\HostIE.dll (file missing)
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files\Jumpstart\jswtrayutil.exe"
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files\TOSHIBA\TOSHIBA Service Station\TSS.exe" /hide
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [Gamevance] C:\Program Files\Gamevance\gamevance32.exe a
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [NAV] "C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV\A5E82D02\17.0.0.136\InstStub.exe" /RELAUNCH /RUNONCE /NOPROMPT /PRODID NAV
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Zango\bin\10.3.85.0\Weather.exe" -auto
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [92573733] C:\ProgramData\92573733\92573733.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...tup1.0.1.1.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1ca50ec5933a830) (gupdate1ca50ec5933a830) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 11192 bytes
cybertech's Avatar
Computer Specs
Moderator with 68,253 posts.
  
Join Date: Apr 2002
Location: Washington State
02-Nov-2009, 02:26 PM #3
Hi, Welcome to TSG!!


Run HijackThis and click on "Config" and then on the "Misc Tools" button.
If you're viewing HijackThis from the Main Menu then click on "Open the Misc Tools Section".
Click on the "Open Uninstall Manager" button.
Click the "Save List" button.
Copy and paste that list here.
__________________
Microsoft MVP/Windows - Consumer Security
krh977's Avatar
Member with 41 posts.
  
Join Date: Oct 2009
Experience: basic knowledge
02-Nov-2009, 09:31 PM #4
ok thank you very much..quick question..does it matter if im in safe mode running that program or not?
krh977's Avatar
Member with 41 posts.
  
Join Date: Oct 2009
Experience: basic knowledge
02-Nov-2009, 09:32 PM #5
2007 Microsoft Office system
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 9 ActiveX
Adobe Reader 9.1.3
Amazon Links
AT&T Yahoo! Internet Mail
Atheros Driver Installation Program
Atheros Wi-Fi Protected Setup Library
ATT-PRT22
CD/DVD Drive Acoustic Silencer
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
DivX Web Player
Download Updater (AOL LLC)
DVD MovieFactory for TOSHIBA
Gamevance
GearDrvs
Google Chrome
Google Desktop
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
HijackThis 2.0.2
Home Daycare Forms
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
InstallMgr
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Java(TM) 6 Update 15
Java(TM) 6 Update 6
kSolo Recorder
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Default Manager
Microsoft Office Access 2003 Runtime
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Edition 2003
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Visual C++ 2005 Redistributable
MSN Toolbar
MSN Toolbar
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
My Web Search (Zwinky)
NetZero Internet Access Installer
Picasa 3
QuickBooks Financial Center
RealArcade
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
RTC Client API v1.2
Security Update for Windows Media Encoder (KB954156)
Spelling Dictionaries Support For Adobe Reader 9
Synaptics Pointing Device Driver
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Desktop Links
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Hardware Setup
TOSHIBA Recovery Disc Creator
Toshiba Registration
TOSHIBA Service Station
TOSHIBA Software Modem
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Office 2007 (KB934528)
Update for Office System 2007 Setup (KB929722)
VC80CRTRedist - 8.0.50727.762
Viewpoint Media Player
Web Games Player Plugin
WildTangent Games
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar
cybertech's Avatar
Computer Specs
Moderator with 68,253 posts.
  
Join Date: Apr 2002
Location: Washington State
03-Nov-2009, 12:27 PM #6
Go to add/remove programs and remove these:
Gamevance
Java(TM) 6 Update 6
My Web Search (Zwinky)
WildTangent Games



Restart the machine and post a new hijackthis log.
krh977's Avatar
Member with 41 posts.
  
Join Date: Oct 2009
Experience: basic knowledge
03-Nov-2009, 01:41 PM #7
I was able to remove everything but Java(TM) 6 Update 6. It says something about the Windows Installer cannot be accessed. Do you want to me still post a new hijackthis log.
krh977's Avatar
Member with 41 posts.
  
Join Date: Oct 2009
Experience: basic knowledge
03-Nov-2009, 01:46 PM #8
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:45:38 PM, on 11/3/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Safe mode with network support
Running processes:
C:\Windows\Explorer.EXE
C:\Windows\helppane.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yma2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yma2
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {2E59498D-7E44-4452-9044-0973B080B9E8} - C:\Windows\System32\winexplorer.dll (file missing)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.85.0\HostIE.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.85.0\HostIE.dll (file missing)
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files\Jumpstart\jswtrayutil.exe"
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files\TOSHIBA\TOSHIBA Service Station\TSS.exe" /hide
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [NAV] "C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV\A5E82D02\17.0.0.136\InstStub.exe" /RELAUNCH /RUNONCE /NOPROMPT /PRODID NAV
O4 - HKLM\..\RunOnce: [gvu] cmd.exe /c rd /s /q "C:\Program Files\Gamevance"
O4 - HKLM\..\RunOnce: [gvu2] cmd.exe /c reg delete HKCU\Software\gvtl /f
O4 - HKLM\..\RunOnce: [gvu3] cmd.exe /c reg delete HKCU\Software\AppDataLow\gvtl /f
O4 - HKLM\..\RunOnce: [MyWebSearch bar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -2
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Zango\bin\10.3.85.0\Weather.exe" -auto
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [92573733] C:\ProgramData\92573733\92573733.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...tup1.0.1.1.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1ca50ec5933a830) (gupdate1ca50ec5933a830) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 10279 bytes
krh977's Avatar
Member with 41 posts.
  
Join Date: Oct 2009
Experience: basic knowledge
03-Nov-2009, 01:47 PM #9
Sorry I didnt restart my computer before posting that log. I will restart and repost now.
krh977's Avatar
Member with 41 posts.
  
Join Date: Oct 2009
Experience: basic knowledge
03-Nov-2009, 01:53 PM #10
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:52:30 PM, on 11/3/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Safe mode with network support
Running processes:
C:\Windows\Explorer.EXE
C:\Windows\helppane.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yma2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yma2
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {2E59498D-7E44-4452-9044-0973B080B9E8} - C:\Windows\System32\winexplorer.dll (file missing)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.85.0\HostIE.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.85.0\HostIE.dll (file missing)
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files\Jumpstart\jswtrayutil.exe"
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files\TOSHIBA\TOSHIBA Service Station\TSS.exe" /hide
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [NAV] "C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV\A5E82D02\17.0.0.136\InstStub.exe" /RELAUNCH /RUNONCE /NOPROMPT /PRODID NAV
O4 - HKLM\..\RunOnce: [gvu] cmd.exe /c rd /s /q "C:\Program Files\Gamevance"
O4 - HKLM\..\RunOnce: [gvu2] cmd.exe /c reg delete HKCU\Software\gvtl /f
O4 - HKLM\..\RunOnce: [gvu3] cmd.exe /c reg delete HKCU\Software\AppDataLow\gvtl /f
O4 - HKLM\..\RunOnce: [MyWebSearch bar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -2
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Zango\bin\10.3.85.0\Weather.exe" -auto
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [92573733] C:\ProgramData\92573733\92573733.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...tup1.0.1.1.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1ca50ec5933a830) (gupdate1ca50ec5933a830) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 10279 bytes
cybertech's Avatar
Computer Specs
Moderator with 68,253 posts.
  
Join Date: Apr 2002
Location: Washington State
03-Nov-2009, 02:05 PM #11
Why are you in safe mode?

Download OTS.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTS on your desktop.
  1. Close any open browsers.
  2. If your Real protection or Antivirus intervenes with OTS, allow it to run.
  3. Open the OTS folder and double-click on OTS.exe to start the program.
  4. In Additional Scans section put a check in Disabled MS Config Items and EventViewer logs
  5. Now click the Run Scan button on the toolbar.
  6. The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
  7. When the scan is complete Notepad will open with the report file loaded in it.
  8. Save that notepad file
Use the Reply button, scroll down to the attachments section and attach the notepad file here.

NOTE: The only people who can see attachments in the HJT forum are: the thread starter, Admins & Mods, and HJT Helpers & Trainees.
__________________
Microsoft MVP/Windows - Consumer Security
krh977's Avatar
Member with 41 posts.
  
Join Date: Oct 2009
Experience: basic knowledge
03-Nov-2009, 02:31 PM #12
OTS Attachment
Here is my OTS attachment.
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log.
cybertech's Avatar
Computer Specs
Moderator with 68,253 posts.
  
Join Date: Apr 2002
Location: Washington State
03-Nov-2009, 04:03 PM #13
Start OTS. Copy/Paste the information in the Code box below into the pane where it says Paste fix here and then click the Run Fix button.


Code:
[Kill Explorer]
[Unregister Dlls]
[Registry - Safe List]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {2E59498D-7E44-4452-9044-0973B080B9E8} [HKLM] -> C:\Windows\System32\winexplorer.dll []
YN -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} [HKLM] -> C:\Program Files\Zango\bin\10.3.85.0\HostIE.dll [Zango]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> "{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}" [HKLM] -> C:\Program Files\Zango\bin\10.3.85.0\HostIE.dll [Zango]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< RunOnce [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
YN -> "gvu" -> [cmd.exe /c rd /s /q "C:\Program Files\Gamevance"]
YY -> "gvu2" -> C:\Windows\System32\cmd.exe [cmd.exe /c reg delete HKCU\Software\gvtl /f]
YY -> "gvu3" -> C:\Windows\System32\cmd.exe [cmd.exe /c reg delete HKCU\Software\AppDataLow\gvtl /f]
YY -> "MyWebSearch bar Uninstall" -> C:\Program Files\Uninstall Fun Web Products.dll [rundll32 C:\PROGRA~1\UNINST~1.DLL,O -2]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "92573733" -> C:\ProgramData\92573733\92573733.exe [C:\ProgramData\92573733\92573733.exe]
YN -> "WeatherDPA" -> C:\Program Files\Zango\bin\10.3.85.0\Weather.exe ["C:\Program Files\Zango\bin\10.3.85.0\Weather.exe" -auto]
[Files/Folders - Created Within 30 Days]
NY ->  Uninstall Fun Web Products.dll -> C:\Program Files\Uninstall Fun Web Products.dll
NY -> 92573733 -> C:\ProgramData\92573733
NY ->  C:\ProgramData\92573733 -> C:\ProgramData\92573733
[Files/Folders - Modified Within 30 Days]
NY ->  134 C:\Users\Ms.Lee\AppData\Local\Temp\*.tmp files -> C:\Users\Ms.Lee\AppData\Local\Temp\*.tmp
NY ->  1 C:\Windows\*.tmp files -> C:\Windows\*.tmp
[Empty Temp Folders]
[Start Explorer]
[Reboot]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix.
Post that information back here.

I will review the information.


Download ATF Cleaner by Atribune.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

Click Exit on the Main menu to close the program.




Download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.
__________________
Microsoft MVP/Windows - Consumer Security
krh977's Avatar
Member with 41 posts.
  
Join Date: Oct 2009
Experience: basic knowledge
03-Nov-2009, 05:06 PM #14
All Processes Killed
No active process named Explorer.EXE was found!
[Registry - Safe List]
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{2E59498D-7E44-4452-9044-0973B080B9E8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2E59498D-7E44-4452-9044-0973B080B9E8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\\gvu deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\\gvu2 deleted successfully.
File move failed. C:\Windows\System32\cmd.exe scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\\gvu3 deleted successfully.
File move failed. C:\Windows\System32\cmd.exe scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\\MyWeb Search bar Uninstall deleted successfully.
C:\Program Files\Uninstall Fun Web Products.dll moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\92573733 deleted successfully.
C:\ProgramData\92573733\92573733.exe moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\WeatherDPA deleted successfully.
[Files/Folders - Created Within 30 Days]
File C:\Program Files\Uninstall Fun Web Products.dll not found!
C:\ProgramData\92573733 folder moved successfully.
File C:\ProgramData\92573733 not found!
[Files/Folders - Modified Within 30 Days]
C:\Users\Ms.Lee\AppData\Local\Temp\crq0sfhy.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\CSC140C.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\CSC474C.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\CSC6A17.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\CSC6CA6.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\CSC914.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\CSCAFFD.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\CSCB0E7.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\CSCB385.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\CSCB412.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\CSCBF19.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\DMI6AD0.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\fq_tpfop.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\IDC2.tmp\DWPDownloader.exe deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\IDC2.tmp folder deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\mod36C8.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\modB02D.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\nsb583F.tmp\DivXComponent.exe deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\nsb583F.tmp\modern-header.bmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\nsb583F.tmp\ShutdownAllow.dll deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\nsb583F.tmp\UAC.dll deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\nsb583F.tmp folder deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\nsc430A.tmp\DivXComponent.exe deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\nsc430A.tmp\modern-header.bmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\nsc430A.tmp\ShutdownAllow.dll deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\nsc430A.tmp\UAC.dll deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\nsc430A.tmp folder deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\nsf6CF7.tmp\UAC.dll deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\nsf6CF7.tmp folder deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\nsh7D98.tmp\InstallOptions.dll deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\nsh7D98.tmp\ioSpecial.ini deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\nsh7D98.tmp\modern-header.bmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\nsh7D98.tmp\modern-wizard.bmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\nsh7D98.tmp folder deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\nsh8077.tmp\DivXComponent.exe deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\nsh8077.tmp\modern-header.bmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\nsh8077.tmp\ShutdownAllow.dll deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\nsh8077.tmp\UAC.dll deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\nsh8077.tmp folder deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\nsk5468.tmp\UAC.dll deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\nsk5468.tmp folder deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\nsp21F3.tmp\UAC.dll deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\nsp21F3.tmp folder deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\nsp739B.tmp\UAC.dll deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\nsp739B.tmp folder deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\nsu620E.tmp\UAC.dll deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\nsu620E.tmp folder deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\r6fonafj.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\RES475C.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\RES6A18.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\RES6CE6.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\RESAFFE.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\RESB0E8.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DF1077.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DF14C3.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DF17FE.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DF1C09.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DF1D13.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DF1FC7.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DF208.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DF2B22.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DF2E40.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DF318F.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DF355A.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DF355F.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DF35A.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DF35A5.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DF35AA.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DF35CE.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DF35D3.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DF39E5.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DF3BE9.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DF3C68.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DF3FA9.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DF4CED.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DF4DE.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DF5450.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DF54A5.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DF54E.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DF5D16.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DF5D6B.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DF5DE2.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DF5EB8.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DF5EDF.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DF618B.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DF651F.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DF658C.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DF6780.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DF6A3B.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DF6A7.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DF6EEA.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DF72FA.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DF73A9.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DF77F5.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DF7904.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DF7B4A.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DF7E55.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DF8294.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DF82BF.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DF85BF.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DF8E77.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DF8ECD.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DF8ED3.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DF919D.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DF9543.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DF9566.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DF9A80.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DF9F4C.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DFA062.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DFA84.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DFA980.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DFAA89.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DFAC3E.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DFACF0.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DFB5B7.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DFB9A2.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DFB9A7.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DFB9EE.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DFB9F3.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DFBA1A.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DFBA1F.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DFBA35.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DFBD02.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DFBD30.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DFBFA.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DFC002.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DFC53B.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DFC773.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DFCA3B.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DFCDED.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DFCE52.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DFD44F.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DFDD9D.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DFE003.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DFE1E.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DFE207.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DFE2F3.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DFE307.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DFE339.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DFE34F.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DFE3C6.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DFE3E2.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DFE3F8.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DFE85.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DFED40.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DFEE8E.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DFEF1E.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DFEF3.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DFEF32.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DFEFC3.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DFEFD7.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DFF04E.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DFF062.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DFF4DC.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DFFA2.tmp deleted successfully.
C:\Users\Ms.Lee\AppData\Local\Temp\~DFFF23.tmp deleted successfully.
C:\Windows\msdownld.tmp folder deleted successfully.
[Empty Temp Folders]


User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Ms.Lee
->Temp folder emptied: 6102060 bytes
->Temporary Internet Files folder emptied: 493016561 bytes
->Java cache emptied: 126913841 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 23241 bytes
RecycleBin emptied: 826951 bytes

Total Files Cleaned = 597.87 mb

< End of fix log >
OTS by OldTimer - Version 3.1.3.0 fix logfile created on 11032009_185727
Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\cmd.exe scheduled to be moved on reboot.
Registry entries deleted on Reboot...
cybertech's Avatar
Computer Specs
Moderator with 68,253 posts.
  
Join Date: Apr 2002
Location: Washington State
03-Nov-2009, 05:14 PM #15
Ok. Please run ATF and Malwarebytes now.
Reply Bookmark and Share
Page 1 of 2 1 2

Smart Search

Find your solution!


« Previous Thread | Malware Removal & HijackThis Logs | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.

Thread Tools


Twitter Twitter! | Podcast | Mobile | Advertise
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -5. The time now is 04:27 PM.
Copyright © 1996 - 2009 TechGuy, Inc. All rights reserved.
Powered by vBulletin, Copyright © 2000 - 2009, Jelsoft Enterprises Ltd.
 Powered by Cermak Technologies, Inc.