1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

I think my computer is sick!

Discussion in 'Virus & Other Malware Removal' started by Leilani323, Apr 20, 2010.

Thread Status:
Not open for further replies.
  1. Leilani323

    Leilani323 Thread Starter

    Joined:
    Apr 20, 2010
    Messages:
    27
    Hi All
    I believe that my computer is sick. She tends to lag and sometimes she doesn’t like to wake up after sleeping. I get a lot of “not responding” messages in my programs and when browsing. I thought it was my MS Office 2007 having issues so I even uninstalled and reinstalled it. Didn’t help. Thought it was Google Chrome and uninstalled that and then I had real problems in my Outlook program so I reinstalled that and it solved the problems I was having in Outlook. I tried to system restore and that didn’t work at all. I kept getting a message that it couldn’t complete it. I was even thinking about just doing a total restore back to factory settings and purchased Carbonite so I could have my files etc. offsite to restore when I was ready to restore them. I hope this all makes sense. I ran various antispyware etc programs and no real problems and then I downloaded Malwarebytes and it found some infected objects. So here is the HijackThis report, startup list report and Malwarebytes report. I also downloaded Autoruns just in case. Am I running too many antivirus programs and do I need Windows Defender? Thanks for any help you can provide.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:40:51 AM, on 4/19/2010
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18904)
    Boot mode: Normal
    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\IObit\IObit Security 360\is360tray.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
    C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    C:\Program Files\LogMeIn\x86\LMIGuardian.exe
    C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
    C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
    C:\Program Files\IObit\IObit Security 360\is360.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    R3 - URLSearchHook: (no name) - - (no file)
    O1 - Hosts: ::1 localhost
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {3EBC9781-F4A5-4550-A64B-EAAA32CFB80A} - (no file)
    O2 - BHO: OfficeTo-Go Toolbar - {417e8c63-8b34-4a7e-a446-8d07a4d97b1f} - C:\Program Files\OfficeTo-Go\tbOff1.dll
    O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - (no file)
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\IPSBHO.DLL
    O2 - BHO: (no name) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - (no file)
    O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Comcast Toolbar - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll
    O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: (no name) - {BEAC7DC8-E106-4C6A-931E-5A42E7362883} - (no file)
    O2 - BHO: Virtual Assistant Networking Toolbar - {c9021cf0-fcf9-48f9-b03c-c5c74ca95278} - C:\Program Files\Virtual_Assistant_Networking\tbVir0.dll
    O2 - BHO: (no name) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - (no file)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    O3 - Toolbar: Virtual Assistant Networking Toolbar - {c9021cf0-fcf9-48f9-b03c-c5c74ca95278} - C:\Program Files\Virtual_Assistant_Networking\tbVir0.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: OfficeTo-Go Toolbar - {417e8c63-8b34-4a7e-a446-8d07a4d97b1f} - C:\Program Files\OfficeTo-Go\tbOff1.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
    O3 - Toolbar: Comcast Toolbar - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe" -delete
    O4 - HKLM\..\Run: [IObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Leilani\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-3163209985-1194493348-1829464353-1005\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LogMeInRemoteUser')
    O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O15 - Trusted Zone: http://*.mcafee.com
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} -
    O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) -
    O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} (Java Plug-in 1.6.0_15) -
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
    O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: sok - {CB09A2A6-A9CF-4DCC-AA01-368CC1C8C8EE} - C:\Users\Leilani\AppData\Local\SenderOK\bin\sokIExplorer.dll
    O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
    O23 - Service: Comcast AntiSpyware (AntiSpywareService) - Unknown owner - C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate1c9a142e58c9940) (gupdate1c9a142e58c9940) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
    O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome\mozybackup.exe
    O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
    O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    --
    End of file - 13697 bytes



    StartupList report, 4/19/2010, 2:44:59 AM
    StartupList version: 1.52.2
    Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
    Detected: Windows Vista SP2 (WinNT 6.00.1906)
    Detected: Internet Explorer v8.00 (8.00.6001.18904)
    * Using default options
    ==================================================
    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\IObit\IObit Security 360\is360tray.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
    C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    C:\Program Files\LogMeIn\x86\LMIGuardian.exe
    C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
    C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
    C:\Program Files\IObit\IObit Security 360\is360.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Users\Leilani\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Leilani\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Leilani\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Leilani\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Leilani\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Leilani\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Leilani\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Leilani\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Leilani\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Leilani\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Leilani\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Leilani\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Leilani\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Leilani\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Leilani\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Leilani\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Leilani\AppData\Local\Google\Chrome\Application\chrome.exe
    --------------------------------------------------
    Checking Windows NT UserInit:
    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\Windows\system32\userinit.exe,
    --------------------------------------------------
    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    RtHDVCpl = RtHDVCpl.exe
    LogMeIn GUI = "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
    Adobe ARM = "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    SunJavaUpdateReg = "C:\Windows\system32\jureg.exe" -delete
    IObit Security 360 = "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart
    SunJavaUpdateSched = "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    Carbonite Backup = C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
    --------------------------------------------------
    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Sidebar = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    RoboForm = "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    Google Update = "C:\Users\Leilani\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    --------------------------------------------------
    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    [OptionalComponents]
    =
    --------------------------------------------------
    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    [AdobeUpdater]
    =
    --------------------------------------------------
    Shell & screensaver key from C:\Windows\SYSTEM.INI:
    Shell=*INI section not found*
    SCRNSAVE.EXE=*INI section not found*
    drivers=*INI section not found*
    Shell & screensaver key from Registry:
    Shell=explorer.exe
    SCRNSAVE.EXE=C:\Windows\system32\Aurora.scr
    drivers=*Registry value not found*
    Policies Shell key:
    HKCU\..\Policies: Shell=*Registry value not found*
    HKLM\..\Policies: Shell=*Registry value not found*
    --------------------------------------------------

    Enumerating Browser Helper Objects:
    (no name) - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll - {02478D38-C3F9-4efb-9B51-7695ECA05670}
    AcroIEHelperStub - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll - {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
    (no name) - (no file) - {3EBC9781-F4A5-4550-A64B-EAAA32CFB80A}
    (no name) - C:\Program Files\OfficeTo-Go\tbOff1.dll - {417e8c63-8b34-4a7e-a446-8d07a4d97b1f}
    (no name) - (no file) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}
    Symantec NCO BHO - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}
    Symantec Intrusion Prevention - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\IPSBHO.DLL - {6D53EC84-6AAE-4787-AEEE-F4628F01010C}
    (no name) - (no file) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B}
    RoboForm - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll - {724d43a9-0d85-11d4-9908-00400523e39a}
    (no name) - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll - {72853161-30C5-4D22-B7F9-0BBC1D38A37E}
    Comcast Toolbar - C:\Program Files\comcasttb\comcastdx.dll - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7}
    (no name) - (no file) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231}
    (no name) - (no file) - {7E853D72-626A-48EC-A868-BA8D5E23E045}
    (no name) - (no file) - {8CA5ED52-F3FB-4414-A105-2E3491156990}
    (no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}
    (no name) - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
    (no name) - C:\Program Files\Windows Live Toolbar\msntb.dll - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
    (no name) - (no file) - {BEAC7DC8-E106-4C6A-931E-5A42E7362883}
    (no name) - C:\Program Files\Virtual_Assistant_Networking\tbVir0.dll - {c9021cf0-fcf9-48f9-b03c-c5c74ca95278}
    (no name) - (no file) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f}
    (no name) - C:\Program Files\Java\jre6\bin\jp2ssv.dll - {DBC80044-A445-435b-BC74-9C25C1C588A9}
    (no name) - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
    --------------------------------------------------
    Enumerating Task Scheduler jobs:
    Check Updates for Windows Live Toolbar.job
    ErrorFix Startup.job
    Google Software Updater.job
    GoogleUpdateTaskMachineCore.job
    GoogleUpdateTaskMachineUA.job
    GoogleUpdateTaskUserS-1-5-21-3163209985-1194493348-1829464353-1000Core.job
    GoogleUpdateTaskUserS-1-5-21-3163209985-1194493348-1829464353-1000UA.job
    ParetoLogic Registration.job
    User_Feed_Synchronization-{AC47F011-612C-40CA-BA19-7DFAF4B5CA72}.job
    --------------------------------------------------
    Enumerating Download Program Files:
    [Windows Genuine Advantage Validation Tool]
    InProcServer32 = C:\Windows\system32\LegitCheckControl.DLL
    [WUWebControl Class]
    InProcServer32 = C:\Windows\system32\wuweb.dll
    [MUWebControl Class]
    InProcServer32 = C:\Windows\system32\muweb.dll
    [{8100D56A-5661-482C-BEE8-AFECE305D968}]
    [{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
    CODEBASE = http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    [mhLabel Class]
    InProcServer32 = C:\Windows\Downloaded Program Files\mhLbl.dll
    [Java Plug-in 1.6.0_15]
    InProcServer32 = C:\Program Files\Java\jre6\bin\jp2iexp.dll
    [{E2883E8F-472F-4FB0-9522-AC9BF37916A7}]
    CODEBASE = http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    [McFreeScan Class]
    InProcServer32 = C:\Windows\McAfee.com\FreeScan\mcfscan.dll
    [Performance Viewer Activex Control]
    InProcServer32 = C:\Windows\Downloaded Program Files\CONFLICT.1\RACtrl.dll
    CODEBASE = https://secure.logmein.com/activex/ractrl.cab?lmi=100
    --------------------------------------------------
    Enumerating Winsock LSP files:
    NameSpace #1: C:\Windows\system32\NLAapi.dll
    NameSpace #2: C:\Windows\system32\napinsp.dll
    NameSpace #3: C:\Windows\system32\pnrpnsp.dll
    NameSpace #4: C:\Windows\system32\pnrpnsp.dll
    NameSpace #7: C:\Program Files\Bonjour\mdnsNSP.dll
    --------------------------------------------------
    Enumerating Windows NT logon/logoff scripts:
    Windows NT checkdisk command:
    BootExecute = autocheck autochk *
    Windows NT 'Wininit.ini':
    PendingFileRenameOperations: C:\Users\Leilani\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\index.dat||C:\Users\Leilani\AppData\Local\MICROS~1\Windows\TEMPOR~1\Low\Content.IE5\index.dat||C:\Users\Leilani\AppData\Roaming\MICROS~1\Windows\Cookies\index.dat||C:\Users\Leilani\AppData\Roaming\MICROS~1\Windows\Cookies\Low\index.dat||C:\Users\Leilani\AppData\Local\MICROS~1\Windows\History\History.IE5\index.dat||C:\Users\Leilani\AppData\Local\MICROS~1\Windows\History\History.IE5\MSHIST~2\index.dat||C:\Users\Leilani\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat||C:\Users\Leilani\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010041720100418\index.dat||C:\Windows\Temp\JETAE19.tmp||C:\Windows\Temp\TMP000000534B93BA37CDC0A053||C:\Windows\Temp\TMP00000054F2ECBFA082AB0D95

    --------------------------------------------------
    Enumerating ShellServiceObjectDelayLoad items:
    WebCheck: C:\Windows\System32\webcheck.dll
    --------------------------------------------------
    End of report, 10,660 bytes
    Report generated in 0.140 seconds
    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only


    Malwarebytes

    Malwarebytes' Anti-Malware 1.45
    www.malwarebytes.org
    Database version: 4011
    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18904
    4/20/2010 3:39:50 AM
    mbam-log-2010-04-20 (03-39-50).txt
    Scan type: Quick scan
    Objects scanned: 123239
    Time elapsed: 8 minute(s), 55 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 3
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    Registry Values Infected:
    (No malicious items detected)
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    (No malicious items detected)
    Files Infected:
    (No malicious items detected)
     
  2. Leilani323

    Leilani323 Thread Starter

    Joined:
    Apr 20, 2010
    Messages:
    27
  3. etaf

    etaf Moderator

    Joined:
    Oct 2, 2003
    Messages:
    65,408
    First Name:
    Wayne
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/918114

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice