1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

System Hacked Into/Hijacked?

Discussion in 'Virus & Other Malware Removal' started by dramstad, Nov 18, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. dramstad

    dramstad Thread Starter

    Joined:
    Nov 18, 2011
    Messages:
    68
    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft® Windows Vista™ Home Premium, Service Pack 2, 32 bit
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4000+, x64 Family 15 Model 107 Stepping 1
    Processor Count: 2
    RAM: 1981 Mb
    Graphics Card: NVIDIA GeForce 6150SE nForce 430, 64 Mb
    Hard Drives: C: Total - 228136 MB, Free - 137626 MB; D: Total - 10239 MB, Free - 4299 MB;
    Motherboard: Dell Inc., 0RY206
    Antivirus: Norton 360, Updated and Enabled

    Someone has e-mailed me and suggested my system has been hijacked by them. I did a scan using Loaris Trojan Remover and it reported that I was infected with a worm (Sohanad). System is slow and person who e-mailed me seems to have info that is stored on my system, that only I would know about.

    Please Help! Thanks.

    Here is the Hijackthis Log:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 3:56:52 PM, on 11/18/2011
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal
    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\AOL Desktop 9.6\waol.exe
    C:\Program Files\AOL Desktop 9.6\shellmon.exe
    C:\Program Files\Common Files\aol\1262709377\ee\aolsoftware.exe
    C:\Program Files\AOL Desktop 9.6\AOLBrowser\aolbrowser.exe
    C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.8\iobitToolbarIE.dll
    R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.8\iobitToolbarIE.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: AOL Toolbar Loader - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Norton 360\Engine\5.1.0.29\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
    O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Xfinity.com Toolbar - {dcc70a83-e184-40a3-906b-779af5e941c4} - C:\Program Files\xfinitytb\xfinitydx.dll
    O2 - BHO: Updater For Xfinity.com Toolbar 3.5 - {e6d0b79e-ecac-411b-8bf6-7a574981af30} - C:\Program Files\xfinitytb\auxi\xfinityAu.dll
    O3 - Toolbar: AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Norton 360\Engine\5.1.0.29\coIEPlg.dll
    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
    O3 - Toolbar: Xfinity.com Toolbar - {dcc70a83-e184-40a3-906b-779af5e941c4} - C:\Program Files\xfinitytb\xfinitydx.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.8\iobitToolbarIE.dll
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [IObit Malware Fighter] "C:\Program Files\IObit\IObit Malware Fighter\IMF.exe" /autostart
    O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
    O4 - HKLM\..\Run: [TMWebProtectTray] "C:\Program Files\Trend Micro\Web Protection Add-On\TMWebProtectTray.exe"
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\Windows\is-CHRJ2.exe" /REG /REGSVRMODE
    O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
    O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://oas.support.microsoft.com/ActiveX/MSDcode.cab
    O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://icmsweb.starsinc.com/evolv_cs/smsx.cab
    O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
    O23 - Service: Norton PC Checkup Application Launcher - Symantec Corporation - C:\Program Files\Norton PC Checkup\Engine\2.0.1.246\SymcPCCULaunchSvc.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files\Norton PC Checkup\Engine\2.0.1.246\ccSvcHst.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
    O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
    O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Web Protection Add-On\TmProxy.exe
    O23 - Service: Trend Micro Web Protection Add-On Service (TMWebProtect) - Trend Micro Inc. - C:\Program Files\Trend Micro\Web Protection Add-On\TMWebProtect.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    --
    End of file - 10554 bytes
     
  2. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    80,962
    First Name:
    Frank
    After you received that unsolicited E-mail, did you reply to it and allow someone to remote-access your computer?

    -------------------------------------------------------

    While I'm reviewing your HiJackThis scan log, do the following:

    Start HiJackThis, but don't run a scan.

    Click on the "Open The Misc Tools Section" button.

    Click on the "Open Uninstall Manager" button.

    Click on the "Save List" button.

    Save the "uninstall_list.txt" file somewhere.

    It'll then open in Notepad.

    Return here to your thread, then copy-and-paste the entire file here.

    --------------------------------------------------------
     
  3. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    80,962
    First Name:
    Frank
    Start HiJackThis, then click "Do a system scan only".

    When the scan is finished, put a checkmark in these log entries:

    R3 - URLSearchHook: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.8\iobitToolbarIE.dll

    R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)

    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

    O2 - BHO: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.8\iobitToolbarIE.dll

    O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)

    O2 - BHO: Xfinity.com Toolbar - {dcc70a83-e184-40a3-906b-779af5e941c4} - C:\Program Files\xfinitytb\xfinitydx.dll

    O2 - BHO: Updater For Xfinity.com Toolbar 3.5 - {e6d0b79e-ecac-411b-8bf6-7a574981af30} - C:\Program Files\xfinitytb\auxi\xfinityAu.dll

    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)

    O3 - Toolbar: Xfinity.com Toolbar - {dcc70a83-e184-40a3-906b-779af5e941c4} - C:\Program Files\xfinitytb\xfinitydx.dll

    O3 - Toolbar: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.8\iobitToolbarIE.dll

    O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"

    O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/res.../wlscctrl2.cab

    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)


    After you confirm that you selected the correct log entries, click "Fix Checked - Yes".

    Close HiJackThis, then restart the computer.

    --------------------------------------------------
     
  4. dramstad

    dramstad Thread Starter

    Joined:
    Nov 18, 2011
    Messages:
    68
    The e-mail was not unsolicited -- it's someone I know but not well. I have only been communicating with this person using my YAHOO e-mail account (no IM's just e-mail to this person's g-mail account). This person has recently been e-mailing me suggesting they hacked into/hijacked my system. I have been communicating with this person since about October.
    Uninstall log pasted below. THANKS VERY MUCH!

    Update for Microsoft Office 2007 (KB2508958)
    Acrobat.com
    Acrobat.com
    Adobe AIR
    Adobe AIR
    Adobe Download Manager
    Adobe Flash Player 11 ActiveX
    Adobe Reader X (10.1.1)
    Adobe Shockwave Player 11.5
    Advanced SystemCare 5
    AOL Install
    AOL Toolbar
    AOL Uninstaller (Choose which Products to Remove)
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Bing Bar
    Bing Rewards Client Installer
    Bonjour
    Browser Address Error Redirector
    Canon G.726 WMP-Decoder
    Canon MovieEdit Task for ZoomBrowser EX
    Canon RAW Image Task for ZoomBrowser EX
    Canon Utilities CameraWindow
    Canon Utilities CameraWindow DC
    Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
    Canon Utilities MyCamera
    Canon Utilities MyCamera DC
    Canon Utilities PhotoStitch
    Canon Utilities RemoteCapture Task for ZoomBrowser EX
    Canon Utilities ZoomBrowser EX
    Canon ZoomBrowser EX Memory Card Utility
    CCleaner
    Comcast Desktop Software (v1.2.0.9)
    Compatibility Pack for the 2007 Office system
    Conexant D850 PCI V.92 Modem
    D3DX10
    Dell DataSafe Online
    Dell Getting Started Guide
    Dell Support Center
    Desktop Doctor
    Digital Line Detect
    DivX Web Player
    Download Updater (AOL LLC)
    eMusic Download Manager 4.1.3.1
    Funambol Outlook Sync Client 7.2.2
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Toolbar for Internet Explorer
    Google Update Helper
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Internet Explorer (Enable DEP)
    Internet Service Offers Launcher
    IObit Malware Fighter
    IObit Toolbar v4.8
    iTunes
    Java(TM) 6 Update 27
    Junk Mail filter update
    Loaris Trojan Remover 1.2
     
  5. dramstad

    dramstad Thread Starter

    Joined:
    Nov 18, 2011
    Messages:
    68
    Was I hacked/hijacked??? Thanks So Much!
     
  6. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    80,962
    First Name:
    Frank
    Do the following in the order that I've listed them.

    It's going to take you awhile, so I'll check back with you in the morning. (y)

    -----------------------------------------------------

    Click Start - Run, then type in

    %temp%

    and then click OK.

    Click Start - Run, then type in

    c:\windows\temp

    and then click OK.

    Once those 2 temp folders appear and you can view their contents, select and delete EVERYTHING that's inside them.

    If a few files resist being deleted, that's normal behavior. Leave them alone and delete EVERYTHING else.

    After you're done, restart the computer.

    -----------------------------------------------------

    Go to Control Panel - Programs And Features, then uninstall:

    Advanced SystemCare 5(by IObit)

    IObit Malware Fighter

    IObit Toolbar 4.8

    Loran Trojan Remover 1.2


    After they've all been uninstalled, restart the computer.

    -----------------------------------------------------

    Download and save the free version of

    Malwarebytes Anti-Malware 1.51.2.1300

    SUPERAntiSpyware 5.0.0.1136

    then close all open windows first, then install them.

    Make sure to update their definition files during the install process.

    After they've been installed, restart the computer.

    -----------------------------------------------------

    Start Malwarebytes Anti-Malware.

    Click "Scanner(tab) - Perform quick scan - Scan".

    If infections or problems are found during the scan, the number of them will be highlighted in red.

    When the scan is finished, click "Show Results".

    Make sure that EVERYTHING is selected, then click "Remove Selected".

    If you're prompted to restart to finish the removal process, click "Yes".

    Start Malwarebytes Anti-Malware again.

    Click "Logs"(tab).

    Highlight the scan log entry, then click "Open".

    When the scan log appears in Notepad, copy-and-paste it here.

    -----------------------------------------------------

    Start SUPERAntiSpyware.

    Select the "Quick Scan" option, then click "Scan your Computer".

    If infections or problems are found during the scan, a list will appear and the number of them will be highlighted in red.

    When the scan is finished and the scan summary window appears, click "Continue".

    Make sure that EVERYTHING in the list is selected, then click "Remove Threats".

    Click "OK - Finish".

    If you're prompted to restart to finish the removal process, do so.

    Start SUPERAntiSpyware again.

    Click "View Scan Logs".

    Highlight the scan log entry, then click "View Selected Log".

    When the scan log appears in Notepad, copy-and-paste it here.

    -----------------------------------------------------
     
  7. dramstad

    dramstad Thread Starter

    Joined:
    Nov 18, 2011
    Messages:
    68
    Hi,
    Thanks again for your help. I did everything you said. Below are the Malwarebytes and Superantispyware scan logs you requested. ALSO: I had my computer disconnected from the internet/modem for a few hours after I performed the functions you instructed me to do. When I turned it back on, I had an alert from Norton 360 stating that TWO viruses had been discovered during the idle scan process (THE VIRUSES WERE QUARANTINED). The two viruses that Norton 360 detected were both Trojan.gen.2 contained in c:\users\d\downloads\gmer (1) zip
    They did not turn up in the Malwarebytes or Superantispyware scans.
    THANKS!

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org
    Database version: 8191
    Windows 6.0.6002 Service Pack 2
    Internet Explorer 9.0.8112.16421
    11/18/2011 9:27:56 PM
    mbam-log-2011-11-18 (21-27-56).txt
    Scan type: Full scan (C:\|D:\|E:\|)
    Objects scanned: 327641
    Time elapsed: 2 hour(s), 52 minute(s), 45 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    (No malicious items detected)
    Registry Values Infected:
    (No malicious items detected)
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    (No malicious items detected)
    Files Infected:
    (No malicious items detected)


    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com
    Generated 11/18/2011 at 06:29 PM
    Application Version : 5.0.1136
    Core Rules Database Version : 7965
    Trace Rules Database Version: 5777
    Scan type : Quick Scan
    Total Scan Time : 00:10:24
    Operating System Information
    Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
    UAC On - Limited User (Administrator User)
    Memory items scanned : 684
    Memory threats detected : 0
    Registry items scanned : 30308
    Registry threats detected : 0
    File items scanned : 7086
    File threats detected : 17
    Adware.Tracking Cookie
    C:\Users\D\AppData\Local\Temp\Cookies\X3AIGT3G.txt [ /mm.chitika.net ]
    C:\Users\D\AppData\Local\Temp\Cookies\SEUJETXA.txt [ /at.atwola.com ]
    C:\Users\D\AppData\Local\Temp\Cookies\1D0S0NHY.txt [ /cdn.at.atwola.com ]
    C:\Users\D\AppData\Local\Temp\Cookies\V82GZIP8.txt [ /adserver.adtechus.com ]
    C:\Users\D\AppData\Local\Temp\Cookies\ILRRPF16.txt [ /legolas-media.com ]
    C:\Users\D\AppData\Local\Temp\Cookies\B7PO9GZE.txt [ /ar.atwola.com ]
    C:\Users\D\AppData\Local\Temp\Cookies\H83TSVVE.txt [ /tacoda.at.atwola.com ]
    C:\Users\D\AppData\Local\Temp\Cookies\PRVQYQFE.txt [ /liveperson.net ]
    C:\Users\D\AppData\Local\Temp\Cookies\EZWPE364.txt [ /atwola.com ]
    C:\Users\D\AppData\Local\Temp\Cookies\IKB52LWP.txt [ /liveperson.net ]
    C:\USERS\D\AppData\Roaming\Microsoft\Windows\Cookies\Low\6U9VEIKR.txt [ Cookie:[email protected]/ ]
    C:\USERS\D\AppData\Roaming\Microsoft\Windows\Cookies\Low\T5MO5NWD.txt [ Cookie:[email protected]/pagead/conversion/1070847646/ ]
    C:\USERS\D\AppData\Roaming\Microsoft\Windows\Cookies\Low\P33R2GPL.txt [ Cookie:[email protected]/ ]
    C:\USERS\D\AppData\Roaming\Microsoft\Windows\Cookies\Low\6US8L61N.txt [ Cookie:[email protected]/ ]
    C:\USERS\D\AppData\Roaming\Microsoft\Windows\Cookies\Low\RNE1CF5S.txt [ Cookie:[email protected]/ ]
    C:\USERS\D\AppData\Roaming\Microsoft\Windows\Cookies\Low\9R0JBHA0.txt [ Cookie:[email protected]/hc/19452074 ]
    C:\USERS\D\AppData\Roaming\Microsoft\Windows\Cookies\Low\W0XZTSRV.txt [ Cookie:[email protected]/ ]
     
  8. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    80,962
    First Name:
    Frank
    I need you to follow the below instructions and submit a new "uninstall_list.txt" log.

    The first you submitted is incomplete and is missing everything below

    Loaris Trojan Remover 1.2

    -------------------------------------------------------

    Start HiJackThis, but don't run a scan.

    Click on the "Open The Misc Tools Section" button.

    Click on the "Open Uninstall Manager" button.

    Click on the "Save List" button.

    Save the "uninstall_list.txt" file somewhere.

    It'll then open in Notepad.

    Return here to your thread, then copy-and-paste the entire file here.

    ---------------------------------------------------------
     
  9. dramstad

    dramstad Thread Starter

    Joined:
    Nov 18, 2011
    Messages:
    68
    Here's the uninstall list -- Thanks.

    Update for Microsoft Office 2007 (KB2508958)
    Acrobat.com
    Acrobat.com
    Adobe AIR
    Adobe AIR
    Adobe Download Manager
    Adobe Flash Player 11 ActiveX
    Adobe Reader X (10.1.1)
    Adobe Shockwave Player 11.5
    AOL Install
    AOL Toolbar
    AOL Uninstaller (Choose which Products to Remove)
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Bing Bar
    Bing Rewards Client Installer
    Bonjour
    Browser Address Error Redirector
    Canon G.726 WMP-Decoder
    Canon MovieEdit Task for ZoomBrowser EX
    Canon RAW Image Task for ZoomBrowser EX
    Canon Utilities CameraWindow
    Canon Utilities CameraWindow DC
    Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
    Canon Utilities MyCamera
    Canon Utilities MyCamera DC
    Canon Utilities PhotoStitch
    Canon Utilities RemoteCapture Task for ZoomBrowser EX
    Canon Utilities ZoomBrowser EX
    Canon ZoomBrowser EX Memory Card Utility
    CCleaner
    Comcast Desktop Software (v1.2.0.9)
    Compatibility Pack for the 2007 Office system
    Conexant D850 PCI V.92 Modem
    D3DX10
    Dell DataSafe Online
    Dell Getting Started Guide
    Dell Support Center
    Desktop Doctor
    Digital Line Detect
    DivX Web Player
    Download Updater (AOL LLC)
    eMusic Download Manager 4.1.3.1
    Funambol Outlook Sync Client 7.2.2
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Toolbar for Internet Explorer
    Google Update Helper
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Internet Explorer (Enable DEP)
    Internet Service Offers Launcher
    iTunes
    Java(TM) 6 Update 27
    Junk Mail filter update
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Client Profile
    Microsoft Default Manager
    Microsoft Fix it Center
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office Home and Student 2007
    Microsoft Office Live Add-in 1.5
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Office Word Viewer 2003
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft UI Engine
    Microsoft VC9 runtime libraries
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    Modem Diagnostic Tool
    Mozilla Firefox 8.0 (x86 en-US)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 and SOAP Toolkit 3.0
    Music, Photos & Videos Launcher
    NetWaiting
    Norton 360
    Norton PC Checkup
    NVIDIA Drivers
    NVIDIANetworkDiagnostic
    OGA Notifier 2.0.0048.0
    Product Documentation Launcher
    QuickTime
    Realtek High Definition Audio Driver
    RTC Client API v1.2
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Segoe UI
    Sonic Activation Module
    SUPERAntiSpyware
    Symantec Technical Support Web Controls
    Trend Micro Web Protection Add-On
    TweakNow PowerPack 2011
    TweakNow SecureDelete
    Uninstall AOL Emergency Connect Utility 1.0
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    User's Guides
    VC80CRTRedist - 8.0.50727.762
    Viewpoint Media Player
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Mail
    Windows Live Messenger
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Movie Maker
    Windows Live OneCare safety scanner
    Windows Live OneCare safety scanner
    Windows Live Photo Common
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer
    Windows Live Writer
    Windows Live Writer Resources
    Windows Mobile Device Center
    Windows Mobile Device Center Driver Update
    WinPcap 4.1.1
    Xfinity.com Toolbar 3.5
     
  10. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    80,962
    First Name:
    Frank
    You haven't advised me if you completed the instructions in post #3.

    ---------------------------------------------------------

    Let me review your now-complete "uninstall_list.txt" log, then I'll get back to you.

    --------------------------------------------------------
     
  11. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    80,962
    First Name:
    Frank
    Go to Control Panel - Programs And Features, then uninstall:

    Bing Bar

    CCleaner
    (unless you REALLY know how to use it safely)

    Google Toolbar For Internet Explorer(unless you actually need and use it)

    Microsoft Default Manager

    TweakNow PowerPack 2011

    TweakNow SecureDelete

    Viewpoint Media Player

    Xfinity.com Toolbar


    Note: Stay away from cleaner/optimizer/booster/tuneup/tweak type programs, especially the ones that "fix" and "clean" the registry. They do little-to-nothing to improve speed, but what they can do is damage Windows and some of your programs.

    -----------------------------------------------------------------------------------

    Adobe Shockwave Player 11.5 needs to be updated to Adobe Shockwave Player 11.6.3.633

    Java(TM) 6 Update 27 needs to be updated to Java Runtime Environment 6 Update 29

    Mozilla Firefox 8.0 needs to be updated to Mozilla Firefox 8.0.1

    -----------------------------------------------------------------------------------
     
  12. dramstad

    dramstad Thread Starter

    Joined:
    Nov 18, 2011
    Messages:
    68
    Hi, Yes completed all of the previous steps. I'm now going to uninstall the programs you advised me to. Thanks
     
  13. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    80,962
    First Name:
    Frank
    Advise me when you're completely done with post #11.

    -------------------------------------------------------
     
  14. dramstad

    dramstad Thread Starter

    Joined:
    Nov 18, 2011
    Messages:
    68
    I could not locate microsoft definition manager but uninstalled the rest of them
     
  15. dramstad

    dramstad Thread Starter

    Joined:
    Nov 18, 2011
    Messages:
    68
    MS DEFAULT Manager was not on uninstall list but did show up when I searched in start menu ... should I uninstall from here?
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1027443

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice