Not sure of what to call my problem

bigbopper123 · 25-Aug-2012, 02:29 PM #1

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft® Windows Vista™ Home Premium, Service Pack 2, 64 bit
Processor: AMD Turion(tm) X2 Dual-Core Mobile RM-72, AMD64 Family 17 Model 3 Stepping 1
Processor Count: 2
RAM: 2813 Mb
Graphics Card: ATI Radeon HD 3200 Graphics, 256 Mb
Hard Drives: C: Total - 114115 MB, Free - 2696 MB; D: Total - 114116 MB, Free - 111341 MB; F: Total - 476937 MB, Free - 465495 MB;
Motherboard: Gateway,
Antivirus: CyberDefender Internet Security, Updated: Yes, On-Demand Scanner: Enabled

My computer is running very slow. Pictures take sometimes 3 minutes or more to show up. When I want to go to a website I get an error message saying "Internet Explorer cannot display the webpage." Not all the time and several different sites. My Norton 360 cannot find anything wrong when I scan. I downloaded a program called "System Mechanic" which is useless. I restored back as far as I could but that didn't help. Please help!!!

TheShooter93 · 25-Aug-2012, 02:59 PM #2

Uninstall System Mechanic. Programs like these claim to clean your computer, but the registry editors in them can leave your computer a doorstop.

You've already done the necessary step of performing a System Restore.

-----------------------------------------------

Norton is a very resource hungry antivirus program.

I suggest removing it with the Norton Removal Tool, and installing Microsoft Security Essentials instead.

If you're still paying for your current subscription, you can wait until it expires, but ultimately I would suggest switching antivirus programs.

-----------------------------------------------

If you have CyberDefender Internet Security still installed, you should uninstall that regardless of if you uninstall Norton.

Having two antivirus programs installed simultaneously can slow down your computer drastically, as well as cause security holes in your protection.

-----------------------------------------------

Click Start.

In the search bar, type MSCONFIG and hit Enter. Click the "Startup" tab.

Write down only the names in the "Startup Item" column that have a checkmark next to them.

If the "Startup Item" column isn't wide enough to see the entire name of any of them, widen the column.

Submit those names here in a vertical list.

Make sure to spell them EXACTLY as you see them there.

bigbopper123 · 25-Aug-2012, 06:33 PM #3

These are the names of the start-up programs:

lxddmon.exe

lxddmon

GoogleToolbarNotifier

HP Digital Imaging

Microsoft Windows Operating System (There is an "R" in a circle between the words where I have spaces)

Win Zip

blues_harp28 · 25-Aug-2012, 07:13 PM #4

Follow TheShooter93's suggestions related to CyberDefender and System Mechanic.

Then post a Hjt log - to see what is running on your system.

Hijack this 2.04

Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT use the AnalyseThis button, its findings are dangerous if misinterpreted.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Should the Hjt log not be accessible - you may need to disable UAC.
Go to Control Panel - User Accounts, then turn off and disable the User Account Control[UAC]
Apply the change > restart your computer.

------

Also post the uninstall log from Hjt log
Start HiJackThis.
At the bottom right - Other Stuff
Click on Config > Misc Tools.
Click > Open Uninstall Manager.
Click > Save List.
Save the uninstall list file on your desktop.
It will then open in Notepad.
Click Edit > Select All > Copy-and-Paste the uninstall list in the reply box.

TheShooter93 · 25-Aug-2012, 08:03 PM #5

I'll let blues_harp28 take over, as they have more freedom to use certain programs to help you that I cannot.

Good luck with your computer.

bigbopper123 · 25-Aug-2012, 09:56 PM #6

When I clicked on Do a system scan and save a log file it opened in it's own window, with no edit button and a blank notepad was next to it. I can't copy at all.

blues_harp28 · 26-Aug-2012, 04:39 AM #7

Did you uninstall CyberDefender?
Did you let System Mechanic clean the registry - running both the above programs may have added to your problems?

Download.
MalwareBytes and SuperAntiSpyware to your desktop.
Download the Free versions of both programs.

MalwareBytes

SuperAntiSpyware

Once they are downloaded to your desktop.
Close all open browser windows.

MalwareBytes
Click on the Install icon - allow it to update during the install process.
Start Malwarebytes Anti-Malware.
Click on Scanner > then quick scan > then Scan.
Any infections or problems will be highlighted in red.
After the scan is finished - Click - Show Results.
Check that all entries are selected.
Click - Remove Selected.
You may be prompted to restart to finish the removal process.
If Yes - restart your Pc.

Start Malwarebytes again.
Click on the Logs Tab.
Highlight the scan log entry.
Click - Open.
The scan log will appear in Notepad.
Copy and paste it in your next post.

SuperAntiSpyware
Click on the install icon - allow it to update during the install process.
Select the Quick Scan option.
Click Scan your Computer.
Any infections or problems will be highlighted in red.
After the scan is finished.
Click Continue.
Check that everything is listed.
Click Remove Threats.
Click OK - then click Finish
You may be prompted to restart to finish the removal process.
If Yes - restart your Pc.

Start SuperAntiSpyware again.
Click View Scan Logs.
Highlight the scan log entry.
Click - View Selected Log.
The scan log will appear in Notepad.
Copy and paste in your next post.

bigbopper123 · 27-Aug-2012, 07:51 PM #8

blues_harp28:

I don't have CyberDefender and I have uninstalled System Mechanic. I have run MalwareBytes and am pasting the scan log below. I will do the same for SuperAntiSpyware and include the results in my next post.
www.malwarebytes.org
Database version: v2012.08.27.08
Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Rick :: RICK-PC [administrator]
8/27/2012 6:22:54 PM
mbam-log-2012-08-27 (18-22-54).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205019
Time elapsed: 5 minute(s), 57 second(s)
Memory Processes Detected: 1
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39brmon.exe (PUP.MyWebSearch) -> 4312 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 3
HKLM\SYSTEM\CurrentControlSet\Services\MapsGalaxy_39Service (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 2
HKCR\scrfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE "%1") Good: ("%1" /S) -> Quarantined and repaired successfully.
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE "%1") Good: (regedit.exe "%1") -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 3
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39brmon.exe (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39brstub.dll (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39barsvc.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
(end)

bigbopper123 · 27-Aug-2012, 10:53 PM #9

This is the scan log from SuperAntiSpyware. I didn't remember clicking on "remove threats" so I did another scan which found 4 more threats. Both scan logs follow:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 08/27/2012 at 07:09 PM
Application Version : 5.5.1012
Core Rules Database Version : 9132
Trace Rules Database Version: 6944
Scan type : Quick Scan
Total Scan Time : 00:18:01
Operating System Information
Windows Vista Home Premium 64-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User
Memory items scanned : 495
Memory threats detected : 0
Registry items scanned : 54440
Registry threats detected : 4
File items scanned : 12624
File threats detected : 70
PUP.MyWebSearch/FunWebProducts
(x86) HKU\S-1-5-21-2136509545-3566234257-550551741-1000\SOFTWARE\FunWebProducts
Adware.Zugo
(x86) HKLM\Software\Microsoft\Internet Explorer\Toolbar#{9D425283-D487-4337-BAB6-AB8354A81457}
(x86) HKCR\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}
(x86) HKU\S-1-5-21-2136509545-3566234257-550551741-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{9D425283-D487-4337-BAB6-AB8354A81457}
Adware.Tracking Cookie
C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Cookies\01A1IT9Q.txt [ /pointroll.com ]
C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Cookies\LBWKNEAL.txt [ /doubleclick.net ]
C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Cookies\RWMVBEXN.txt [ /imrworldwide.com ]
C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Cookies\09BKJ93L.txt [ /adxpose.com ]
C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Cookies\B2ZSNOCE.txt [ /ads.pointroll.com ]
C:\USERS\RICK\AppData\Roaming\Microsoft\Windows\Cookies\Low\YTHYEF0S.txt [ Cookie:rick@advertising.com/ ]
C:\USERS\RICK\AppData\Roaming\Microsoft\Windows\Cookies\Low\rick@accounts.g oogle[1].txt [ Cookie:rick@accounts.google.com/ ]
C:\USERS\RICK\AppData\Roaming\Microsoft\Windows\Cookies\Low\LG7M0UOQ.txt [ Cookie:rick@ad.yieldmanager.com/ ]
C:\USERS\RICK\AppData\Roaming\Microsoft\Windows\Cookies\Low\XPV6HNU3.txt [ Cookie:rick@pointroll.com/ ]
C:\USERS\RICK\AppData\Roaming\Microsoft\Windows\Cookies\Low\rick@imrworldwi de[2].txt [ Cookie:rick@imrworldwide.com/cgi-bin ]
C:\USERS\RICK\AppData\Roaming\Microsoft\Windows\Cookies\Low\rick@accounts.y outube[1].txt [ Cookie:rick@accounts.youtube.com/accounts ]
C:\USERS\RICK\AppData\Roaming\Microsoft\Windows\Cookies\Low\rick@lucidmedia[1].txt [ Cookie:rick@lucidmedia.com/ ]
C:\USERS\RICK\AppData\Roaming\Microsoft\Windows\Cookies\Low\BZQQYD44.txt [ Cookie:rick@mm.chitika.net/ ]
C:\USERS\RICK\AppData\Roaming\Microsoft\Windows\Cookies\Low\rick@kanoodle[1].txt [ Cookie:rick@kanoodle.com/ ]
C:\USERS\RICK\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y5J10L5M.txt [ Cookie:rick@specificclick.net/ ]
C:\USERS\RICK\AppData\Roaming\Microsoft\Windows\Cookies\Low\GNDTFSMP.txt [ Cookie:rick@insightexpressai.com/ ]
C:\USERS\RICK\AppData\Roaming\Microsoft\Windows\Cookies\Low\E3M6QVRT.txt [ Cookie:rick@adxpose.com/ ]
C:\USERS\RICK\AppData\Roaming\Microsoft\Windows\Cookies\Low\PJ19YDZD.txt [ Cookie:rick@a1.interclick.com/ ]
C:\USERS\RICK\AppData\Roaming\Microsoft\Windows\Cookies\Low\MIL6K6IT.txt [ Cookie:rick@c.atdmt.com/ ]
C:\USERS\RICK\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y0QPVRZI.txt [ Cookie:rick@at.atwola.com/ ]
C:\USERS\RICK\AppData\Roaming\Microsoft\Windows\Cookies\Low\A09FFF2Q.txt [ Cookie:rick@apmebf.com/ ]
C:\USERS\RICK\AppData\Roaming\Microsoft\Windows\Cookies\Low\H9NT5CVK.txt [ Cookie:rick@adsonar.com/adserving ]
C:\USERS\RICK\AppData\Roaming\Microsoft\Windows\Cookies\Low\PR0XZJVS.txt [ Cookie:rick@fastclick.net/ ]
C:\USERS\RICK\AppData\Roaming\Microsoft\Windows\Cookies\Low\MBXGM1B9.txt [ Cookie:rick@www.googleadservices.com/pagead/conversion/1000628365/ ]
C:\USERS\RICK\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q25NOQCV.txt [ Cookie:rick@serving-sys.com/ ]
C:\USERS\RICK\AppData\Roaming\Microsoft\Windows\Cookies\Low\7LO2TMAP.txt [ Cookie:rick@interclick.com/ ]
C:\USERS\RICK\AppData\Roaming\Microsoft\Windows\Cookies\Low\rick@www.google adservices[2].txt [ Cookie:rick@www.googleadservices.com/pagead/conversion/1006081641/ ]
C:\USERS\RICK\AppData\Roaming\Microsoft\Windows\Cookies\Low\OWRK5L09.txt [ Cookie:rick@www.googleadservices.com/pagead/conversion/1020199497/ ]
C:\USERS\RICK\Cookies\01A1IT9Q.txt [ Cookie:rick@pointroll.com/ ]
C:\USERS\RICK\Cookies\RWMVBEXN.txt [ Cookie:rick@imrworldwide.com/cgi-bin ]
C:\USERS\RICK\Cookies\09BKJ93L.txt [ Cookie:rick@adxpose.com/ ]
.msnportal.112.2o7.net [ C:\USERS\RICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ehg-gaddispartners.hitbox.com [ C:\USERS\RICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.hitbox.com [ C:\USERS\RICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.hitbox.com [ C:\USERS\RICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.dmtracker.com [ C:\USERS\RICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\RICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\RICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\RICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\RICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\RICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\RICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adserver.adtechus.com [ C:\USERS\RICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\RICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\RICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\RICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\RICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.getclicky.com [ C:\USERS\RICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.static.getclicky.com [ C:\USERS\RICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
in.getclicky.com [ C:\USERS\RICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracking.alwaysdownloads.com [ C:\USERS\RICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracking.alwaysdownloads.com [ C:\USERS\RICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\RICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\RICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\RICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\RICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\RICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\RICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\RICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\RICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\RICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\RICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\RICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\RICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.accounts.google.com [ C:\USERS\RICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.accounts.google.com [ C:\USERS\RICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.accounts.google.com [ C:\USERS\RICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.accounts.google.com [ C:\USERS\RICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\RICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\RICK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 08/27/2012 at 09:29 PM
Application Version : 5.5.1012
Core Rules Database Version : 9132
Trace Rules Database Version: 6944
Scan type : Quick Scan
Total Scan Time : 00:12:58
Operating System Information
Windows Vista Home Premium 64-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User
Memory items scanned : 500
Memory threats detected : 0
Registry items scanned : 54435
Registry threats detected : 0
File items scanned : 12633
File threats detected : 4
Adware.Tracking Cookie
C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Cookies\16I348DV.txt [ /pointroll.com ]
C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Cookies\HVF4DKBR.txt [ /doubleclick.net ]
C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Cookies\JRFW9J0C.txt [ /ads.pointroll.com ]
C:\USERS\RICK\Cookies\16I348DV.txt [ Cookie:rick@pointroll.com/ ]

blues_harp28 · 28-Aug-2012, 05:50 AM **#10**

MalwareBytes has found registry file changes to notepad.

Quote:

Originally Posted by bigbopper123

Registry Data Items Detected: 2
HKCR\scrfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE "%1") Good: ("%1" /S) -> Quarantined and repaired successfully.
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE "%1") Good: (regedit.exe "%1") -> Quarantined and repaired successfully.

Did you reboot your Pc when asked to remove some of the entries?
Can you now open the Hjt log in notepad and paste the log?

SUPERAntiSpyware was run as Limited User and not Administrator and with User Account Control[UAC] turned On.
Turn off UAC and see if the Hjt log will load and the scan log open in notepad.
UAC can always be turned back on at a later date.

If you cannot post the Hjt log - we may need one of our Malware Expert to take a look and run other scans on your Pc

bigbopper123 · 28-Aug-2012, 02:29 PM **#11**

I did reboot when asked to. I still can't open the hjt notepad log. I have no clue as to how I change from UAC to Administrator in SuperAntiSpyware. I do appreciate your help. I have just enough computer knowledge to get frustrated when things like this happen and I can't fix them!

blues_harp28 · 03:19 PM

Disable User Account Control (UAC)
Restart your Pc - then see if you can run the Hjt log.
Disable UAC

bigbopper123 · 28-Aug-2012, 04:04 PM **#13**

I disabled the UAC and was able to et the log for the HJT.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:01:02 PM, on 8/28/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe
C:\Program Files (x86)\Lexmark 2500 Series\lxddamon.exe
C:\Program Files\WinZip\WZQKPICK32.EXE
C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.3.0.14\ccSvcHst.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {26842a09-ffa8-4e2c-ae12-0c80f01c3295} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrcAs.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.3.0.14\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.3.0.14\IPS\IPSBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: WinZip Courier BHO - {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - C:\PROGRA~2\WINZIP~1\wzwmcie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.3.0.14\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [HP Deskjet 3050A J611 series (NET)] "C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN25O5122005PJ:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files (x86)\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files (x86)\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK32.EXE
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {9C65AB3E-C9A8-4789-AE24-B365A1C4A6F9} - http://gateway-us.custhelp.com/euf/a...ivex/snret.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D5C73BF6-5E4B-4748-B92E-FECCE92F3F4F}: NameServer = 99.99.99.53
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~2\WI9130~1\Datamngr\datamngr.dll C:\PROGRA~2\WI9130~1\Datamngr\IEBHO.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: dlcd_device - Unknown owner - C:\Windows\system32\dlcdcoms.exe (file missing)
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Update Service (gupdate1c9b66862faf630) (gupdate1c9b66862faf630) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.3.0.14\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: pcCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\pcCMService.exe
O23 - Service: pcServiceHost - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: vseamps - Authentium, Inc - C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
O23 - Service: vsedsps - Authentium, Inc - C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
O23 - Service: vseqrts - Authentium, Inc - C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)
--
End of file - 8681 bytes

blues_harp28 · 28-Aug-2012, 05:16 PM **#14**

Post the uninstall log from Hjt log
Start HiJackThis.
At the bottom right - Other Stuff
Click on Config > Misc Tools.
Click > Open Uninstall Manager.
Click > Save List.
Save the uninstall list file on your desktop.
It will then open in Notepad.
Click Edit > Select All > Copy-and-Paste the uninstall list in the reply box.

bigbopper123 · 28-Aug-2012, 08:13 PM **#15**

This is the uninstall list:

Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4)
AMD USB Audio Driver Filter
AT&T Troubleshoot & Resolve Tool
Audacity 1.2.6
Bing Rewards Client Installer
BitTorrent
Camera Assistant Software for Gateway
Catalyst Control Center - Branding
Compatibility Pack for the 2007 Office system
CompuHost
CrossLoop 2.43
D3DX10
FinalTorrent 2011
Gateway Recovery Management
GEAR driver installer for x86 and x64
GearDrvs
Google Chrome
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Deskjet 3050A J611 series Help
HP Photo Creations
HP Update
Java(TM) 6 Update 26
Java(TM) 6 Update 5
Junk Mail filter update
JustKaraoke 2.0
jZip
KaraFun Player
Karaoke-Realm
Malwarebytes Anti-Malware version 1.62.0.1300
MapsGalaxy
Mesh Runtime
Messenger Companion
Microsoft Money Essentials
Microsoft Money Shared Libraries
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard Edition 2003
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft UI Engine
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
mIRC
MP3+G Toolz
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music and Song Lyrics
muvee Reveal Seagate Edition
Netflix in Windows Media Center
Norton 360 Premier Edition
Paltalk Messenger 10.2
PC Speed Maximizer v3.0
Pinnacle Instant DVD Recorder
Pinnacle Studio 12
Portforward Static IP Address 1.0.47
Power CD+G Burner
PowerXpressHybrid
QuickTime
Seagate Manager Installer
Seagate Manager Installer
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Segoe UI
Spelling Dictionaries Support For Adobe Reader 9
Super Remote Request Tool 1.0
TeamViewer 6
The Weather Channel App
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974631)
Update for Microsoft Office Word 2007 (KB974631)
Update for Microsoft Office Word 2007 Help (KB963665)
Viewpoint Media Player
VisDir Free Disk Space Finder v 1.5
VLC media player 1.0.3
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mail
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer Resources
Windows Searchqu Toolbar
WinZip Courier
Wireless LAN Adapter
Yahoo! Software Update

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Search
Search for:

Not sure of what to call my problem

Find the solution to your computer problem!

Find the solution to your
computer problem!