Free Malware Removal Forum

[Trapper]

I am a complete idiot when it comes to anything related to computers I need some HELP PLEASE.

1 0.0% O10 c:\windows\system32\nwprovau.dll
2 0.0% O16 {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
3 0.0% O16 {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se6662.cab
4 0.0% O18 skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
5 0.0% O2 (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
6 0.0% O2 Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
7 0.0% O2 Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
8 0.0% O2 Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
9 0.0% O2 &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
10 0.0% O2 Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
11 0.0% O2 Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
12 0.0% O2 AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
13 0.0% O2 Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
14 0.0% O2 Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
15 0.0% O2 JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
16 0.0% O23 Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
17 0.0% O23 Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
18 0.0% O23 LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
19 0.0% O23 iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
20 0.0% O23 Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
21 0.0% O23 LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
22 0.0% O23 LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
23 0.0% O23 Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
24 0.0% O23 Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (http://www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
25 0.0% O23 Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
26 0.0% O23 Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
27 0.0% O23 Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
28 0.0% O23 Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
29 0.0% O23 Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
30 0.0% O3 Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
31 0.0% O3 &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
32 0.0% O3 Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
33 0.0% O3 Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
34 0.0% O4 [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
35 0.0% O4 [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
36 0.0% O4 [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
37 0.0% O4 [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
38 0.0% O4 [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
39 0.0% O4 [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
40 0.0% O4 [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
41 0.0% O4 [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
42 0.0% O4 [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
43 0.0% O4 [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
44 0.0% O4 [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
45 0.0% O4 [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
46 0.0% O4 [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
47 0.0% O4 [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
48 0.0% O4 [Window Washer] "C:\Program Files\Webroot\Washer\wwDisp.exe"
49 0.0% O4 Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
50 0.0% O4 [Microsoft Works Update Detection] "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
51 0.0% O4 [ntiMUI] "c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe"
52 0.0% O4 [eRecoveryService] "C:\Acer\Empowering Technology\eRecovery\eRAgent.exe"
53 0.0% O4 [Boot] "C:\Acer\Empowering Technology\ePower\Boot.exe"
54 0.0% O4 [Acer ePresentation HPD] "C:\Acer\Empowering Technology\ePresentation\ePresentation.exe"
55 0.0% O4 [ePower_DMC] "C:\Acer\Empowering Technology\ePower\ePower_DMC.exe"
56 0.0% O4 [RNerase1]
57 0.0% O4 [RNerase2]
58 0.0% O4 [RNerase3]
59 0.0% O4 [ehTray] "C:\WINDOWS\ehome\ehtray.exe"
60 0.0% O4 [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
61 0.0% O4 [RNerase0] C:\WINDOWS\system32\cmd.exe /c del C:\WINDOWS\system32\rnieplug.dll
62 0.0% O4 [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
63 0.0% O4 [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
64 0.0% O4 [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
65 0.0% O4 [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
66 0.0% O4 [RTHDCPL] "C:\Windows\RTHDCPL.EXE"
67 0.0% O4 [Alcmtr] "C:\Windows\ALCMTR.EXE"
68 0.0% O4 [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
69 0.0% O4 [LManager] "C:\PROGRA~1\LAUNCH~1\LManager.exe"
70 0.0% O8 &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
71 0.0% O8 &ieSpell Options - res://C:\Documents and Settings\Tim\Desktop\New Briefcase\ieSpell\iespell.dll/SPELLOPTION.HTM
72 0.0% O8 Check &Spelling - res://C:\Documents and Settings\Tim\Desktop\New Briefcase\ieSpell\iespell.dll/SPELLCHECK.HTM
73 0.0% O8 Lookup on Merriam Webster - file://C:\Documents and Settings\Tim\Desktop\New Briefcase\ieSpell\Merriam Webster.HTM
74 0.0% O8 Lookup on Wikipedia - file://C:\Documents and Settings\Tim\Desktop\New Briefcase\ieSpell\wikipedia.HTM
75 0.0% O9 Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
76 0.0% O9 Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
77 0.0% O9 (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
78 0.0% O9 @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
79 0.0% O9 ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Documents and Settings\Tim\Desktop\New Briefcase\ieSpell\iespell.dll
80 0.0% O9 (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Documents and Settings\Tim\Desktop\New Briefcase\ieSpell\iespell.dll
81 0.0% O9 ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Documents and Settings\Tim\Desktop\New Briefcase\ieSpell\iespell.dll
82 0.0% P01 C:\WINDOWS\Explorer.EXE
83 0.0% P01 C:\WINDOWS\system32\svchost.exe
84 0.0% P01 C:\WINDOWS\system32\lsass.exe
85 0.0% P01 C:\WINDOWS\system32\winlogon.exe
86 0.0% P01 C:\WINDOWS\system32\services.exe
87 0.0% P01 C:\WINDOWS\System32\smss.exe
88 0.0% P01 C:\WINDOWS\system32\spoolsv.exe
89 0.0% P01 C:\WINDOWS\system32\ctfmon.exe
90 0.0% P01 C:\WINDOWS\system32\Ati2evxx.exe
91 0.0% P01 C:\Program Files\iPod\bin\iPodService.exe
92 0.0% P01 C:\Program Files\iTunes\iTunesHelper.exe
93 0.0% P01 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
94 0.0% P01 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
95 0.0% P01 C:\WINDOWS\System32\dllhost.exe
96 0.0% P01 C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
97 0.0% P01 C:\WINDOWS\eHome\ehSched.exe
98 0.0% P01 C:\WINDOWS\eHome\ehRecvr.exe
99 0.0% P01 C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
100 0.0% P01 C:\Windows\ehome\ehtray.exe
101 0.0% P01 C:\Windows\ehome\ehmsas.exe
102 0.0% P01 C:\WINDOWS\RTHDCPL.EXE
103 0.0% P01 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
104 0.0% P01 C:\Program Files\Windows Media Player\wmpnscfg.exe
105 0.0% P01 C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
106 0.0% P01 C:\WINDOWS\System32\wbem\wmiapsrv.exe
107 0.0% P01 C:\Windows\system32\wbem\unsecapp.exe
108 0.0% P01 C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
109 0.0% P01 C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
110 0.0% P01 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
111 0.0% P01 C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
112 0.0% P01 C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
113 0.0% P01 C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
114 0.0% P01 C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
115 0.0% P01 C:\Program Files\Support.com\bin\tgcmd.exe
116 0.0% P01 C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
117 0.0% P01 C:\PROGRA~1\LAUNCH~1\LManager.exe
118 0.0% P01 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
119 0.0% P01 C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
120 0.0% P01 C:\Program Files\Webroot\Washer\wwDisp.exe
121 0.0% P01 C:\Program Files\MSN\MSNCoreFiles\msn.exe
122 0.0% P01 C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
123 0.0% P01 C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
124 0.0% P01 C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
125 0.0% P01 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
126 0.0% P01 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
127 0.0% P01 C:\Program Files\Webroot\Washer\WasherSvc.exe
128 0.0% P01 C:\Program Files\Java\jre6\bin\jqs.exe
129 0.0% P01 C:\Program Files\Java\jre6\bin\jusched.exe
130 0.0% R1 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
131 0.0% R1 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
132 0.0% R1 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

Explanation of the codes

R - Registry, StartPage/SearchPage changes


R0 - Changed registry value
R1 - Created registry value
R2 - Created registry key
R3 - Created extra registry value where only one should be

F - IniFiles, autoloading entries


F0 - Changed inifile value
F1 - Created inifile value
F2 - Changed inifile value, mapped to Registry
F3 - Created inifile value, mapped to Registry

N - Netscape/Mozilla StartPage/SearchPage changes


N1 - Change in prefs.js of Netscape 4.x
N2 - Change in prefs.js of Netscape 6
N3 - Change in prefs.js of Netscape 7
N4 - Change in prefs.js of Mozilla

O - Other, several sections which represent:


O1 - Hijack of auto.search.msn.com with Hosts file
O2 - Enumeration of existing MSIE BHO's
O3 - Enumeration of existing MSIE toolbars
O4 - Enumeration of suspicious autoloading Registry entries
O5 - Blocking of loading Internet Options in Control Panel
O6 - Disabling of 'Internet Options' Main tab with Policies
O7 - Disabling of Regedit with Policies
O8 - Extra MSIE context menu items
O9 - Extra 'Tools' menuitems and buttons
O10 - Breaking of Internet access by New.Net or WebHancer
O11 - Extra options in MSIE 'Advanced' settings tab
O12 - MSIE plugins for file extensions or MIME types
O13 - Hijack of default URL prefixes
O14 - Changing of IERESET.INF
O15 - Trusted Zone Autoadd
O16 - Download Program Files item
O17 - Domain hijack
O18 - Enumeration of existing protocols and filters
O19 - User stylesheet hijack
O20 - AppInit_DLLs autorun Registry value, Winlogon Notify Registry keys
O21 - ShellServiceObjectDelayLoad (SSODL) autorun Registry key
O22 - SharedTaskScheduler autorun Registry key
O23 - Enumeration of NT Services
O24 - Enumeration of ActiveX Desktop Components

[NonSuch]

I'm not sure what you've posted there... but it's not a HijackThis log.

In order for us to help you it is necessary that you provide us with a HijackThis log. Please follow the guideline at the link below to start a new topic and post your HijackThis log.

This topic is now closed. Please start a new topic by following the HijackThis Guideline posted here: >Guideline for posting your HijackThis log<