Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Dave's Hijack log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Dave's Hijack log

Unread postby DaveinthePeg » January 22nd, 2009, 6:47 pm

Hi, hoping someone can identify something here. I use Firefox but I keep getting Explorer windows popping up on their own with ads. Getting a bit frustrated with this! Here is the log Hijack This created:


Thanks, Dave

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:53:03 PM, on 18/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Shaw Secure\Common\FSM32.EXE
C:\Users\Wray Family\AppData\Local\etrmnmon\etrmnmon.exe
C:\Windows\System32\regsvr32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Windows\system32\conime.exe
C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Shaw Secure\FSGUI\scanwizard.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... pire_m1640
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... pire_m1640
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: EmailBHO - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - C:\Program Files\jZip\WebmailPlugin.dll
O2 - BHO: TBSB05288 - {6714ADBD-C6C1-42A8-BD84-9C9339059421} - C:\Program Files\IEToolbar\ECO Bar\tbu05139\ecobar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\partner.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: adsoftinc browser enhancer - {B7DA9462-6630-5AC2-EE70-437E4B6BF8D6} - C:\Windows\system32\ncvzmhfzhtzc.dll
O2 - BHO: adsoftinc - {b903080c-b4f0-d96c-1332-d22dddc6f61d} - C:\Windows\system32\nsm9B85.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: ECO Bar - {10000000-1000-1000-1000-100000000000} - C:\Program Files\IEToolbar\ECO Bar\tbu05139\ecobar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\SetApanel.cmd
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [etrmnmon] "C:\Users\Wray Family\AppData\Local\etrmnmon\etrmnmon.exe"
O4 - HKLM\..\Run: [wlaoscdeccqcv] C:\Windows\System32\regsvr32.exe /s "C:\Windows\system32\ncvzmhfzhtzc.dll"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ASETRES.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - (no file)
O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Shaw Secure\ORSP Client\fsorsp.exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Partner Service - Google Inc. - c:\programdata\partner\partner.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 11444 bytes
DaveinthePeg
Regular Member
 
Posts: 21
Joined: January 22nd, 2009, 6:43 pm
Advertisement
Register to Remove

Re: Dave's Hijack log

Unread postby flashh4 » January 22nd, 2009, 9:43 pm

Hello DaveinthePeg and welcome to the forums.

Please do not run any other programs with out my permission !!
Run all programs in the order posted !!!!!


My name is flashh4 and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:

1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)
4. Please note you'll need to have Administrator privileges to perform the fixes. (XP accounts are Administrator by default)
5. Please let me know if you are using a computer with multiple accounts, as this can affect the instructions given.
6. Please post all request .......... not as a Attachment.

If you can do those things, everything should go smoothly.

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Note: I am still in training at Malware Removal, however I will be working under the direct supervision of one of our Malware Experts. Any recommendations will first be approved before being given to you. Because of this, there may be a short delay in getting our responses to you, however be assured that we will be working diligently on your problem.

I will be back as soon as possible with a fix !!
In the mean time can you give me an Uninstall list please !!


  1. Open HijackThis.
  2. Click on the Open the Misc Tools section button.
  3. Look under System tools.
  4. Click on the Open Uninstall Manager... button.
  5. Click on the Save list... button.
  6. It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  7. Notepad will open. Please post this log in your next reply.


*Notes*
1. It would be very helpful if you informed me of which Antivirus and Firewall you are running or if it's disabled.
2. There is a 5 day limit which you must respond to this topic or it will be closed. Then you will have to start a new topic.


Please post a new HJT log because this one is a little old.
Along with the Uninstall list.

Thanks
Chuck
User avatar
flashh4
Regular Member
 
Posts: 2276
Joined: June 7th, 2005, 8:36 pm
Location: wyoming

Re: Dave's Hijack log

Unread postby DaveinthePeg » January 22nd, 2009, 11:54 pm

Hi Chuck,

I am using "Shaw Secure" antivirus which is put out by my server.
I do not have a firewall on as I am using a router on my home network.
My OS is Vista.

Dave

Here is the log for the uninstall:

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Acer Assist
Acer eDataSecurity Management
Acer Empowering Technology
Acer ePerformance Management
Acer eSettings Management
Acer GameZone Console DTV 2.0.1.1
Acer Registration
Acer ScreenSaver
Activation Assistant for the 2007 Microsoft Office suites
Ad-Aware
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Photoshop 7.0
Adobe Reader 8.1.0
Agatha Christie Death on the Nile
Alice Greenfingers
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Audacity 1.2.6
Azada
Backspin Billiards
Big Kahuna Reef
Bonjour
Bookworm Deluxe
Bricks of Egypt
Cake Mania
Chicken Invaders 3
Choice Guard
Chuzzle
Contextual Platform Adsoftinc
Diner Dash Flo on the Go
DPS
ECO Bar
eSobi v2
eSobi v2
Flip Words 2
FrostWire 4.17.2
Google Desktop
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Homeworkhelp.com Grammar
huey 1.0
Internet Speed Monitor
iTunes
Jasc Animation Shop 3
Jasc Paint Shop Pro 9
Java(TM) 6 Update 7
Jewel Quest Solitaire
jZip
Kick N Rush
Kiwee Toolbar
Mahjong Escape Ancient China
Mahjongg Artifacts
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Publisher 2002
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.0.5)
Mozilla Thunderbird (2.0.0.19)
MSVCRT
MSXML 4.0 SP2 (KB954430)
Mystery Case Files - Huntsville
Mystery Solitaire - Secret Island
NTI Backup NOW! 4.7
NTI CD & DVD-Maker
NVIDIA Drivers
PhotoNow!
PowerDirector (Acer DT)
PowerDVD 7.0 with 5.1ch
QuickTime
Realtek High Definition Audio Driver
RON Tool Adsoftinc
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Shaw Secure
TriplePlay Plus! in Japanese
Turbo Pizza
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office OneNote 2007 Help (KB957245)
Update for Microsoft Office PowerPoint 2007 Help (KB957247)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Microsoft Script Editor Help (KB957253)
Update for Office 2007 (KB946691)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Zuma Deluxe
DaveinthePeg
Regular Member
 
Posts: 21
Joined: January 22nd, 2009, 6:43 pm

Re: Dave's Hijack log

Unread postby DaveinthePeg » January 23rd, 2009, 12:04 am

Chuck,

Here is the newer log from HJT that you requested.

Thanks
Dave

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:03:30 PM, on 22/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Shaw Secure\Common\FSM32.EXE
C:\Users\Wray Family\AppData\Local\etrmnmon\etrmnmon.exe
C:\Windows\System32\regsvr32.exe
C:\Program Files\Kiwee Toolbar\2.8.167\kwtbaim.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Pantone\huey\hueyTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Program Files\Internet Explorer\IEUser.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Windows\system32\conime.exe
C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Shaw Secure\FSGUI\scanwizard.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... pire_m1640
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... pire_m1640
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\AGI\common\agcutils.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: EmailBHO - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - C:\Program Files\jZip\WebmailPlugin.dll
O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll
O2 - BHO: TBSB05288 - {6714ADBD-C6C1-42A8-BD84-9C9339059421} - C:\Program Files\IEToolbar\ECO Bar\tbu05139\ecobar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\partner.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: adsoftinc browser enhancer - {B7DA9462-6630-5AC2-EE70-437E4B6BF8D6} - C:\Windows\system32\ncvzmhfzhtzc.dll
O2 - BHO: adsoftinc - {b903080c-b4f0-d96c-1332-d22dddc6f61d} - C:\Windows\system32\nsm9B85.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: ECO Bar - {10000000-1000-1000-1000-100000000000} - C:\Program Files\IEToolbar\ECO Bar\tbu05139\ecobar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\SetApanel.cmd
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [etrmnmon] "C:\Users\Wray Family\AppData\Local\etrmnmon\etrmnmon.exe"
O4 - HKLM\..\Run: [wlaoscdeccqcv] C:\Windows\System32\regsvr32.exe /s "C:\Windows\system32\ncvzmhfzhtzc.dll"
O4 - HKLM\..\Run: [KiweeHook] "C:\Program Files\Kiwee Toolbar\2.8.167\kwtbaim.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ASETRES.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: hueyTray.lnk = C:\Program Files\Pantone\huey\hueyTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - (no file)
O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/ ... ontrol.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Shaw Secure\ORSP Client\fsorsp.exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Partner Service - Google Inc. - c:\programdata\partner\partner.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 12201 bytes
DaveinthePeg
Regular Member
 
Posts: 21
Joined: January 22nd, 2009, 6:43 pm

Re: Dave's Hijack log

Unread postby flashh4 » January 23rd, 2009, 5:21 pm

Hi DaveinthePeg, first i see that you have Shaw family filter here, so if this will not let you download some tools/programs let me know.

Now for the important stuff.
Remove P2P programs - MalWare Removal has a policy on P2P programs installed:

Use of P2P (Person to Person) file sharing programs

We have noticed that most people seeking help from us are coming with infections contracted from the use of P2P programs.

Because of this, we felt we needed to change our policy on the use of P2P file sharing programs.
  • If your helper detects the presence of such programs on your computer he/she will ask you to remove them. We will withdraw our help should you not agree to their removal.
  • If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we will refuse our help.

We do not ask you to do this without reason.

P2P programs form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

This article from InfoWorld illustrates perfectly the dangers of a poorly configured P2P program.
http://www.infoworld.com/article/07/09/06/Seattle-man-arrested-for-p-to-p-ID-theft_1.html

Many of the programs come bundled with other unwanted programs, but even the ones free of any bundled software are not safe to use.

When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

We see no purpose in cleaning your machine if you use P2P programs, as it is pretty much certain that if you continue to use them then you will get infected again.


You have the following P2P program(s) installed:

FrostWire 4.17.2


This is how you uninstall it/them:

  • Click Start
  • Go to Control Panel
  • Go to Add/Remove Programs
  • Find and click Remove for the following (if present):


    FrostWire 4.17.2

Note: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.


Besides the ones i have mentioned, ALL P2P programs you have installed must be removed before i can help you !!!!


Let me know if you have removed the P2P program before we continue.

Thanks
Chuck
User avatar
flashh4
Regular Member
 
Posts: 2276
Joined: June 7th, 2005, 8:36 pm
Location: wyoming

Re: Dave's Hijack log

Unread postby DaveinthePeg » January 23rd, 2009, 9:18 pm

Hi Chuck,

I have removed Frostwire. Here is the latest HJT log as well as the latest uninstall log.

Dave

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:15:23 PM, on 23/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Shaw Secure\Common\FSM32.EXE
C:\Users\Wray Family\AppData\Local\etrmnmon\etrmnmon.exe
C:\Windows\System32\regsvr32.exe
C:\Program Files\Kiwee Toolbar\2.8.167\kwtbaim.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Pantone\huey\hueyTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\taskeng.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\conime.exe
C:\Program Files\Apple Software Update\SoftwareUpdate.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Shaw Secure\FSGUI\scanwizard.exe
C:\Program Files\Shaw Secure\FSGUI\scanwizard.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... pire_m1640
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... pire_m1640
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\AGI\common\agcutils.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: EmailBHO - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - C:\Program Files\jZip\WebmailPlugin.dll
O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll
O2 - BHO: TBSB05288 - {6714ADBD-C6C1-42A8-BD84-9C9339059421} - C:\Program Files\IEToolbar\ECO Bar\tbu05139\ecobar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: adsoftinc browser enhancer - {B7DA9462-6630-5AC2-EE70-437E4B6BF8D6} - C:\Windows\system32\ncvzmhfzhtzc.dll
O2 - BHO: adsoftinc - {b903080c-b4f0-d96c-1332-d22dddc6f61d} - C:\Windows\system32\nsm9B85.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: ECO Bar - {10000000-1000-1000-1000-100000000000} - C:\Program Files\IEToolbar\ECO Bar\tbu05139\ecobar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\SetApanel.cmd
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [etrmnmon] "C:\Users\Wray Family\AppData\Local\etrmnmon\etrmnmon.exe"
O4 - HKLM\..\Run: [wlaoscdeccqcv] C:\Windows\System32\regsvr32.exe /s "C:\Windows\system32\ncvzmhfzhtzc.dll"
O4 - HKLM\..\Run: [KiweeHook] "C:\Program Files\Kiwee Toolbar\2.8.167\kwtbaim.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ASETRES.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: hueyTray.lnk = C:\Program Files\Pantone\huey\hueyTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - (no file)
O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/ ... ontrol.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Shaw Secure\ORSP Client\fsorsp.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 12151 bytes



Uninstall log:

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Acer Assist
Acer eDataSecurity Management
Acer Empowering Technology
Acer ePerformance Management
Acer eSettings Management
Acer GameZone Console DTV 2.0.1.1
Acer Registration
Acer ScreenSaver
Activation Assistant for the 2007 Microsoft Office suites
Ad-Aware
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Photoshop 7.0
Adobe Reader 8.1.0
Agatha Christie Death on the Nile
Alice Greenfingers
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Audacity 1.2.6
Azada
Backspin Billiards
Big Kahuna Reef
Bonjour
Bookworm Deluxe
Bricks of Egypt
Cake Mania
Chicken Invaders 3
Choice Guard
Chuzzle
Contextual Platform Adsoftinc
Diner Dash Flo on the Go
DPS
ECO Bar
eSobi v2
eSobi v2
Flip Words 2
Google Desktop
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Homeworkhelp.com Grammar
huey 1.0
Internet Speed Monitor
iTunes
Jasc Animation Shop 3
Jasc Paint Shop Pro 9
Java(TM) 6 Update 7
Jewel Quest Solitaire
jZip
Kick N Rush
Kiwee Toolbar
Mahjong Escape Ancient China
Mahjongg Artifacts
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Publisher 2002
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.0.5)
Mozilla Thunderbird (2.0.0.19)
MSVCRT
MSXML 4.0 SP2 (KB954430)
Mystery Case Files - Huntsville
Mystery Solitaire - Secret Island
NTI Backup NOW! 4.7
NTI CD & DVD-Maker
NVIDIA Drivers
PhotoNow!
PowerDirector (Acer DT)
PowerDVD 7.0 with 5.1ch
QuickTime
Realtek High Definition Audio Driver
RON Tool Adsoftinc
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Shaw Secure
TriplePlay Plus! in Japanese
Turbo Pizza
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office OneNote 2007 Help (KB957245)
Update for Microsoft Office PowerPoint 2007 Help (KB957247)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Microsoft Script Editor Help (KB957253)
Update for Office 2007 (KB946691)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Zuma Deluxe
DaveinthePeg
Regular Member
 
Posts: 21
Joined: January 22nd, 2009, 6:43 pm

Re: Dave's Hijack log

Unread postby flashh4 » January 24th, 2009, 11:11 am

Hi DaveinthePeg, thanks for removing the P2P program.
Now we need to disable Defender and Ad-aware so it will not interfer with the fix.

Disabling Windows Defender temporarily and re-enabling it

  1. Go to Start > All Programs > Windows Defender.
  2. Click on Tools at the top.
  3. Under Settings, click on Options.
  4. Under Automatic scanning, uncheck (untick) Automatically scan my computer (recommended) box.
  5. Under Real-time protection options, uncheck (untick) Use real-time protection (recommended) box.
  6. Click on the Save button at the bottom right hand corner.

You may enable it after i give you the all clean speech !!

Re-enabling Windows Defender

  1. Go to Start > All Programs > Windows Defender.
  2. Click on Tools at the top.
  3. Under Settings, click on Options.
  4. Under Automatic scanning, check (tick) Automatically scan my computer (recommended) box.
  5. Under Real-time protection options, check (tick) Use real-time protection (recommended) box.
  6. Click on the Save button at the bottom right hand corner.


Disable AD-WARE

  1. Right click on the Ad-Watch icon in the system tray (Image)
  2. Select Goto Settings.
  3. Click on Status on the left.
  4. On your right hand side, click once on each of the section to turn the green tick into a red cross.
  5. Click on RegShield on the left.
  6. On your right hand side, click once on each of the section to turn the green tick into a red cross.
  7. Click on Settings on the left.
  8. Click once on Load Ad-Watch at startup to turn the green tick into a red cross.
  9. Minimize Ad-Watch.
  10. Right click on the Ad-Watch icon again and select Close Ad-Watch.
  11. You will be prompted if you want to shut down Ad-Watch. Click Yes.
  12. Restart your computer for the changes to take effect.

You can re enable these after i give you the all clean speech.




NEXT



Now Go to Start-Settings-Control Panel, click on Add remove Programs. If any of the following programs are listed there, click on the program to highlight it, and click on remove. Then close the Control Panel.

    Ask toolbar
    Eco toolbar
    Kiwee toolbar



NEXT


  1. Please download Malwarebytes' Anti-Malware and save it to a convenient location.
  2. Double click on mbam-setup.exe to install it.
  3. Before clicking the Finish button, make sure that these 2 boxes are checked (ticked):
      Update Malwarebytes' Anti-Malware
      Launch Malwarebytes' Anti-Malware
  4. Malwarebytes' Anti-Malware will now check for updates. If your firewall prompts, please allow it. If you can't update it, select the Update tab. Under Update Mirror, select one of the websites and click on Check for Updates.
  5. Select the Scanner tab. Click on Perform full scan, then click on Scan.
  6. Leave the default options as it is and click on Start Scan.
  7. When done, you will be prompted. Click OK, then click on Show Results.
  8. Checked (ticked) all items and click on Remove Selected.
  9. After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.


Please post next:
1. Malwarebytes' log
2. New HJT log
3. New Uninstall List
Thanks
Chuck
User avatar
flashh4
Regular Member
 
Posts: 2276
Joined: June 7th, 2005, 8:36 pm
Location: wyoming

Re: Dave's Hijack log

Unread postby DaveinthePeg » January 24th, 2009, 5:10 pm

Hi Chuck,

I have disabled Windows Defender. For the Ad_Ware part, I am using the free trial version of Ad-Aware so it does not let me use Ad Watch (that is only in the purchased version.) Therefore I can`t do that part of your instruction. Is there anything else you want me to do with Ad_Aware itselfÉ

Thanks

Dave
DaveinthePeg
Regular Member
 
Posts: 21
Joined: January 22nd, 2009, 6:43 pm

Re: Dave's Hijack log

Unread postby flashh4 » January 24th, 2009, 9:00 pm

Hi DaveinthePeg, just go ahead with the rest of the post above.

Thanks
Chuck
User avatar
flashh4
Regular Member
 
Posts: 2276
Joined: June 7th, 2005, 8:36 pm
Location: wyoming

Re: Dave's Hijack log

Unread postby DaveinthePeg » January 24th, 2009, 11:30 pm

Chuck,

I managed to uninstall the Eco and Kiwee toolbars. When I attempt to uninstall the Ask toolbar a message comes up saying "we need to close your Internet Explorer browser windows before uninstalling the Ask Toolbar." I can't see any open and when I click OK I just hear a "boinking" sound.

Dave
DaveinthePeg
Regular Member
 
Posts: 21
Joined: January 22nd, 2009, 6:43 pm

Re: Dave's Hijack log

Unread postby flashh4 » January 25th, 2009, 12:14 am

Hi Dave, try it with no browsers open. Let me know how this goes.

Go ahead and run the Malwarebytes' Anti-Malware as posted above.

Post these next:

Post the Malwarebytes log
New HJT log
User avatar
flashh4
Regular Member
 
Posts: 2276
Joined: June 7th, 2005, 8:36 pm
Location: wyoming

Re: Dave's Hijack log

Unread postby DaveinthePeg » January 25th, 2009, 12:04 pm

Hi Chuck,

Below is the logs you requested EXCEPT now when I go to add/ delete programs it won't let me select and copy the list there. Any suggestions?
Dave

Malware log:

Microsoft Windows Vista Home Basic Service Pack 1
6.00 build 6001 Service Pack 1
Username: Wray Family
In groups: LOCAL Administrators Everyone Users None INTERACTIVE NTLM Authentication Authenticated Users Medium Mandatory Level This Organization
2009/01/25 09:33:34:962: Application Version: 1.9.3163.891
2009/01/25 09:33:34:966: Module Version: 1.0.3163.888
2009/01/25 09:33:34:966: Service Version: 1.0.3163.888
2009/01/25 09:33:34:966: ===============================================================
2009/01/25 09:33:34:967: Switching to PIERemote.
2009/01/25 09:33:34:967: Creating pipe: \\.\pipe\MalwareRemovalBot.service.communication
2009/01/25 09:33:34:988: Checking for bad run key.
2009/01/25 09:33:34:994: Windows directory: C:\Windows
2009/01/25 09:33:34:995: System directory: C:\Windows\system32
2009/01/25 09:33:34:995: Program Files directory: C:\Program Files
2009/01/25 09:33:34:995: Application Data: C:\Users\Wray Family\AppData\Roaming
2009/01/25 09:33:34:995: User Profile: C:\Users\Wray Family
2009/01/25 09:33:34:995: User Temp: C:\Users\WRAYFA~1\AppData\Local\Temp\
2009/01/25 09:33:34:995: Start Menu: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Start Menu
2009/01/25 09:33:34:995: User Desktop: C:\Users\Wray Family\Desktop
2009/01/25 09:33:34:995: Common Desktop: C:\Users\Public\Desktop
2009/01/25 09:33:34:995: Common Profile: C:\ProgramData
2009/01/25 09:33:34:996: SID set to: S-1-5-21-3681265779-323896581-920976360-1000
2009/01/25 09:33:36:104: version was called, but is not defined in this dll version.
2009/01/25 09:33:36:104: Database Version:
2009/01/25 09:33:36:106: version was called, but is not defined in this dll version.
2009/01/25 09:33:36:106: Database Version:
2009/01/25 09:33:36:982: Loading Scan Results...
2009/01/25 09:33:36:983: ResultAdded[8]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:985: ResultAdded[10]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:985: ResultAdded[39583]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:985: ResultAdded[17]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:985: ResultAdded[20]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:985: ResultAdded[609751]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:985: ResultAdded[525911]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:985: ResultAdded[582163]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:985: ResultAdded[50]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:985: ResultAdded[526114]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:985: ResultAdded[63]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:985: ResultAdded[66]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:985: ResultAdded[538634]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:985: ResultAdded[25147]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:985: ResultAdded[82]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:985: ResultAdded[102]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:985: ResultAdded[106]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:985: ResultAdded[109]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:985: ResultAdded[112]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:985: ResultAdded[113]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:986: ResultAdded[526841]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:986: ResultAdded[129]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:986: ResultAdded[621434]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:986: ResultAdded[154]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:986: ResultAdded[164]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:986: ResultAdded[203]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:986: ResultAdded[235]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:986: ResultAdded[526392]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:986: ResultAdded[327]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:986: ResultAdded[261]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:986: ResultAdded[619538]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:986: ResultAdded[292]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:986: ResultAdded[295]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:986: ResultAdded[316]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:986: ResultAdded[550076]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:986: ResultAdded[323]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:986: ResultAdded[582162]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:986: ResultAdded[582161]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:986: ResultAdded[609753]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:986: ResultAdded[25142]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:986: ResultAdded[526442]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:986: ResultAdded[404]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:986: ResultAdded[409]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:987: ResultAdded[526147]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:987: ResultAdded[464]: Tracking Cookie, Tracking Cookie
2009/01/25 09:33:36:987: ResultAdded[599226]: Adware, AdBand
2009/01/25 09:33:36:989: ResultAdded[599221]: Adware, AdBand
2009/01/25 09:33:36:989: ResultAdded[587216]: Adware, Agent
2009/01/25 09:33:36:989: ResultAdded[587212]: Adware, Agent
2009/01/25 09:33:36:989: ResultAdded[620415]: Adware, SmartShopper
2009/01/25 09:33:36:989: ResultAdded[620416]: Adware, SmartShopper
2009/01/25 09:33:36:989: ResultAdded[45426]: Adware, SmartShopper
2009/01/25 09:33:36:989: ResultAdded[45424]: Adware, SmartShopper
2009/01/25 09:33:36:989: ResultAdded[620432]: Adware, SmartShopper
2009/01/25 09:33:36:990: ResultAdded[45430]: Adware, SmartShopper
2009/01/25 09:33:36:990: ResultAdded[45432]: Adware, SmartShopper
2009/01/25 09:33:36:990: ResultAdded[365410]: Browser Helper Object, Malicious
2009/01/25 09:33:36:990: ResultAdded[373214]: Browser Helper Object, Malicious
2009/01/25 09:33:36:990: ResultAdded[528924]: Browser Helper Object, Malicious
2009/01/25 09:33:36:990: ResultAdded[528925]: Browser Helper Object, Malicious
2009/01/25 09:33:36:991: ResultAdded[44354]: Browser Helper Object, My Web Search
2009/01/25 09:33:36:991: ResultAdded[621101]: Downloader, Agent
2009/01/25 09:33:36:991: ResultAdded[621113]: Downloader, Agent
2009/01/25 09:33:36:992: ResultAdded[621117]: Downloader, Agent
2009/01/25 09:33:36:992: ResultAdded[621119]: Downloader, Agent
2009/01/25 09:33:36:992: ResultAdded[621120]: Downloader, Agent
2009/01/25 09:33:36:992: ResultAdded[389540]: Downloader, Delf
2009/01/25 09:33:36:992: ResultAdded[27405]: p2p, Grokster
2009/01/25 09:33:36:993: No command line.
2009/01/25 09:33:37:034: Parsing command line:
2009/01/25 09:33:37:034: launch
2009/01/25 09:33:37:037: OnitDialog...
2009/01/25 09:33:37:978: Checking for database update...
2009/01/25 09:33:43:308: Updating Security Center Info: MalwareRemovalBot, C:\Program Files\MalwareRemovalBot\MalwareRemovalBot.exe, 1, 1
2009/01/25 09:33:43:312: ConnectServer: service
2009/01/25 09:33:43:313: ExecQuery: pResults
2009/01/25 09:33:43:314: Next: 1
2009/01/25 09:33:43:314: Next: 1
2009/01/25 09:33:43:315: Found app's entry
2009/01/25 09:33:43:315: Put: displayName
2009/01/25 09:33:43:315: Put: productEnabled
2009/01/25 09:33:43:315: Put: productUptoDate
2009/01/25 09:33:43:316: PutInstance
2009/01/25 09:33:43:317: Done
2009/01/25 09:33:43:318: Database Version: 11.1.8 1231948693
2009/01/25 09:33:43:322: Setting Timer to Hide Splash
2009/01/25 09:33:43:824: Hiding Splash
2009/01/25 09:33:58:496: Database Version: 11.1.8 1231948693
2009/01/25 09:34:12:872: Driver check:
2009/01/25 09:34:12:872: SC manager open.
2009/01/25 09:34:12:872: MalwareRemovalBot not found. Attemping install.
2009/01/25 09:34:12:872: Checking for C:\Program Files\MalwareRemovalBot\FilterDrv\MalwareRemovalBot.inf
2009/01/25 09:34:12:873: StartDriver:
2009/01/25 09:34:12:873: This is a driver version.
2009/01/25 09:34:12:873: Channel: \AntiSpyFilter
2009/01/25 09:34:12:873: SC manager open.
2009/01/25 09:34:12:874: Driver is not connected.
2009/01/25 09:34:15:288: Database Version: 11.1.8 1231948693
2009/01/25 09:34:15:294: Database Version: 11.1.8 1231948693
2009/01/25 09:34:58:979: Saving scan results...
2009/01/25 09:34:58:990: Building result tree.
2009/01/25 09:35:53:084: Quarantining items: debug version 1.0
2009/01/25 09:35:53:084: Selecting quarantine folder: C:\Users\Wray Family\AppData\Roaming\MalwareRemovalBot\Quarantine\25-01-2009-09-35-53
2009/01/25 09:35:53:242: Thread created.
2009/01/25 09:35:53:245: PreQuarantine
2009/01/25 09:35:53:262: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@247realmedia[2].txt
2009/01/25 09:35:53:264: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@247realmedia[3].txt
2009/01/25 09:35:53:266: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@7search[2].txt
2009/01/25 09:35:53:269: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@ad.yieldmanager[1].txt
2009/01/25 09:35:53:270: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@iacas.adbureau[2].txt
2009/01/25 09:35:53:272: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@ads.addynamix[2].txt
2009/01/25 09:35:53:274: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@admagnet[1].txt
2009/01/25 09:35:53:276: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@admagnet[2].txt
2009/01/25 09:35:53:278: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@adopt.euroclick[1].txt
2009/01/25 09:35:53:280: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@ads.pointroll[1].txt
2009/01/25 09:35:53:283: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@ads.pointroll[2].txt
2009/01/25 09:35:53:285: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@adserver.adtechus[1].txt
2009/01/25 09:35:53:288: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@adserver.easyad[1].txt
2009/01/25 09:35:53:290: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@adserver.easyad[2].txt
2009/01/25 09:35:53:292: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@adshuffle[1].txt
2009/01/25 09:35:53:294: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@adshuffle[2].txt
2009/01/25 09:35:53:296: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@by.adshuffle[1].txt
2009/01/25 09:35:53:298: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@by.adshuffle[3].txt
2009/01/25 09:35:53:300: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@this.content.served.by.adshuffle[1].txt
2009/01/25 09:35:53:302: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@adtech[1].txt
2009/01/25 09:35:53:306: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@advertising.marketnetwork[1].txt
2009/01/25 09:35:53:309: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@advertising[2].txt
2009/01/25 09:35:53:311: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@apmebf[1].txt
2009/01/25 09:35:53:313: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@ask[2].txt
2009/01/25 09:35:53:315: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\low\wray_family@ask[1].txt
2009/01/25 09:35:53:317: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@atdmt[2].txt
2009/01/25 09:35:53:318: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@bizrate[2].txt
2009/01/25 09:35:53:321: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@bluestreak[1].txt
2009/01/25 09:35:53:323: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@bravenet[1].txt
2009/01/25 09:35:53:325: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@bravenet[2].txt
2009/01/25 09:35:53:329: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@bs.serving-sys[1].txt
2009/01/25 09:35:53:358: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@bs.serving-sys[2].txt
2009/01/25 09:35:53:360: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@bet.burstnet[1].txt
2009/01/25 09:35:53:362: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@bet.burstnet[2].txt
2009/01/25 09:35:53:364: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@burstnet[2].txt
2009/01/25 09:35:53:366: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@burstnet[3].txt
2009/01/25 09:35:53:368: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@www.burstnet[2].txt
2009/01/25 09:35:53:370: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@serw.clicksor[1].txt
2009/01/25 09:35:53:372: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@www.clickxchange[1].txt
2009/01/25 09:35:53:374: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@content.yieldmanager.edgesuite[1].txt
2009/01/25 09:35:53:378: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@content.yieldmanager[1].txt
2009/01/25 09:35:53:380: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@content.yieldmanager[2].txt
2009/01/25 09:35:53:418: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@content.yieldmanager[4].txt
2009/01/25 09:35:53:420: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@content.yieldmanager[5].txt
2009/01/25 09:35:53:422: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@doubleclick[2].txt
2009/01/25 09:35:53:424: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@ehg-bestbuy.hitbox[1].txt
2009/01/25 09:35:53:426: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@fastclick[1].txt
2009/01/25 09:35:53:428: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@fastclick[2].txt
2009/01/25 09:35:53:430: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@fastclick[3].txt
2009/01/25 09:35:53:432: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@hypertracker[2].txt
2009/01/25 09:35:53:435: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@imiclk[1].txt
2009/01/25 09:35:53:438: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@imrworldwide[2].txt
2009/01/25 09:35:53:481: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@imrworldwide[3].txt
2009/01/25 09:35:53:492: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@looksmart[2].txt
2009/01/25 09:35:53:494: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@looksmart[3].txt
2009/01/25 09:35:53:496: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@media6degrees[1].txt
2009/01/25 09:35:53:498: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@media6degrees[2].txt
2009/01/25 09:35:53:500: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@media6degrees[3].txt
2009/01/25 09:35:53:502: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@stat.onestat[2].txt
2009/01/25 09:35:53:504: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@overture[2].txt
2009/01/25 09:35:53:508: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@overture[3].txt
2009/01/25 09:35:53:510: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@pricegrabber[2].txt
2009/01/25 09:35:53:512: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@quantserve[2].txt
2009/01/25 09:35:53:530: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@realmedia[1].txt
2009/01/25 09:35:53:532: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@rotator.adjuggler[1].txt
2009/01/25 09:35:53:535: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@rotator.its.adjuggler[1].txt
2009/01/25 09:35:53:537: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@rotator.its.adjuggler[2].txt
2009/01/25 09:35:53:539: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@rotator.its.adjuggler[3].txt
2009/01/25 09:35:53:541: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@servedby.topqualityads[2].txt
2009/01/25 09:35:53:543: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@serving-sys[1].txt
2009/01/25 09:35:53:546: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@serving-sys[2].txt
2009/01/25 09:35:53:548: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@tacoda[1].txt
2009/01/25 09:35:53:550: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@cms.trafficmp[2].txt
2009/01/25 09:35:53:565: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@trafficmp[1].txt
2009/01/25 09:35:53:567: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@trafficmp[2].txt
2009/01/25 09:35:53:568: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@tribalfusion[1].txt
2009/01/25 09:35:53:570: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@tribalfusion[2].txt
2009/01/25 09:35:53:573: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@voicefive[2].txt
2009/01/25 09:35:53:575: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@zedo[2].txt
2009/01/25 09:35:53:577: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@zedo[3].txt
2009/01/25 09:35:53:580: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@zedo[4].txt
2009/01/25 09:35:53:582: Directory item: Path: C:\Program Files\vnrblock
2009/01/25 09:35:53:591: Regisry item: Path: hkey_current_user\software\vnrblock\Installed
2009/01/25 09:35:53:594: Regisry item: Path: hkey_current_user\software\vnrblock\aid
2009/01/25 09:35:53:613: Regisry item: Path: HKEY_CURRENT_USER\SOFTWARE\VNRBLOCK
2009/01/25 09:35:53:618: File item: Path: c:\program files\icheck\Uninstall.exe
2009/01/25 09:35:53:622: Directory item: Path: C:\Program Files\icheck
2009/01/25 09:35:53:630: Regisry item: Path: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\icheck\DisplayName
2009/01/25 09:35:53:633: Regisry item: Path: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\icheck\UninstallString
2009/01/25 09:35:53:635: Regisry item: Path: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ICHECK
2009/01/25 09:35:53:640: Regisry item: Path: hkey_classes_root\smart-shopper.hbinfoband\clsid\
2009/01/25 09:35:53:643: Regisry item: Path: HKEY_CLASSES_ROOT\SMART-SHOPPER.HBINFOBAND\CLSID
2009/01/25 09:35:53:645: Regisry item: Path: hkey_classes_root\smart-shopper.hbinfoband\curver\
2009/01/25 09:35:53:647: Regisry item: Path: HKEY_CLASSES_ROOT\SMART-SHOPPER.HBINFOBAND\CURVER
2009/01/25 09:35:53:650: Regisry item: Path: hkey_classes_root\smart-shopper.hbinfoband\
2009/01/25 09:35:53:652: Regisry item: Path: HKEY_CLASSES_ROOT\SMART-SHOPPER.HBINFOBAND
2009/01/25 09:35:53:655: Regisry item: Path: hkey_classes_root\smart-shopper.hbinfoband.1\clsid\
2009/01/25 09:35:53:658: Regisry item: Path: HKEY_CLASSES_ROOT\SMART-SHOPPER.HBINFOBAND.1\CLSID
2009/01/25 09:35:53:660: Regisry item: Path: hkey_classes_root\smart-shopper.hbinfoband.1\
2009/01/25 09:35:53:662: Regisry item: Path: HKEY_CLASSES_ROOT\SMART-SHOPPER.HBINFOBAND.1
2009/01/25 09:35:53:667: Regisry item: Path: hkey_local_machine\software\microsoft\internet explorer\extensions\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bebf}\Default Visible
2009/01/25 09:35:53:670: Regisry item: Path: hkey_local_machine\software\microsoft\internet explorer\extensions\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bebf}\ButtonText
2009/01/25 09:35:53:673: Regisry item: Path: hkey_local_machine\software\microsoft\internet explorer\extensions\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bebf}\HotIcon
2009/01/25 09:35:53:676: Regisry item: Path: hkey_local_machine\software\microsoft\internet explorer\extensions\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bebf}\Icon
2009/01/25 09:35:53:679: Regisry item: Path: hkey_local_machine\software\microsoft\internet explorer\extensions\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bebf}\CLSID
2009/01/25 09:35:53:682: Regisry item: Path: hkey_local_machine\software\microsoft\internet explorer\extensions\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bebf}\ClsidExtension
2009/01/25 09:35:53:685: Regisry item: Path: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EXTENSIONS\{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEBF}
2009/01/25 09:35:53:687: Regisry item: Path: hkey_local_machine\software\microsoft\internet explorer\extensions\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bec0}\Default Visible
2009/01/25 09:35:53:690: Regisry item: Path: hkey_local_machine\software\microsoft\internet explorer\extensions\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bec0}\ButtonText
2009/01/25 09:35:53:693: Regisry item: Path: hkey_local_machine\software\microsoft\internet explorer\extensions\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bec0}\HotIcon
2009/01/25 09:35:53:697: Regisry item: Path: hkey_local_machine\software\microsoft\internet explorer\extensions\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bec0}\Icon
2009/01/25 09:35:53:715: Regisry item: Path: hkey_local_machine\software\microsoft\internet explorer\extensions\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bec0}\CLSID
2009/01/25 09:35:53:719: Regisry item: Path: hkey_local_machine\software\microsoft\internet explorer\extensions\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bec0}\ClsidExtension
2009/01/25 09:35:53:723: Regisry item: Path: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EXTENSIONS\{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEC0}
2009/01/25 09:35:53:726: Regisry item: Path: hkey_local_machine\software\smart-shopper\affid
2009/01/25 09:35:53:729: Regisry item: Path: hkey_local_machine\software\smart-shopper\Version
2009/01/25 09:35:53:732: Regisry item: Path: hkey_local_machine\software\smart-shopper\ProductName
2009/01/25 09:35:53:734: Regisry item: Path: hkey_local_machine\software\smart-shopper\SG_Not_Set
2009/01/25 09:35:53:737: Regisry item: Path: hkey_local_machine\software\smart-shopper\ie_user_agent
2009/01/25 09:35:53:740: Regisry item: Path: hkey_local_machine\software\smart-shopper\usr_RCT
2009/01/25 09:35:53:745: Regisry item: Path: HKEY_LOCAL_MACHINE\SOFTWARE\SMART-SHOPPER
2009/01/25 09:35:53:748: Regisry item: Path: hkey_current_user\software\microsoft\windows\currentversion\ext\stats\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bebf}\iexplore\Type
2009/01/25 09:35:53:751: Regisry item: Path: hkey_current_user\software\microsoft\windows\currentversion\ext\stats\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bebf}\iexplore\Flags
2009/01/25 09:35:53:753: Regisry item: Path: hkey_current_user\software\microsoft\windows\currentversion\ext\stats\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bebf}\iexplore\Count
2009/01/25 09:35:53:757: Regisry item: Path: hkey_current_user\software\microsoft\windows\currentversion\ext\stats\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bebf}\iexplore\Time
2009/01/25 09:35:53:759: Regisry item: Path: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEBF}\IEXPLORE
2009/01/25 09:35:53:762: Regisry item: Path: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEBF}
2009/01/25 09:35:53:765: Regisry item: Path: hkey_current_user\software\microsoft\windows\currentversion\ext\stats\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bec0}\iexplore\Type
2009/01/25 09:35:53:768: Regisry item: Path: hkey_current_user\software\microsoft\windows\currentversion\ext\stats\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bec0}\iexplore\Flags
2009/01/25 09:35:53:770: Regisry item: Path: hkey_current_user\software\microsoft\windows\currentversion\ext\stats\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bec0}\iexplore\Count
2009/01/25 09:35:53:775: Regisry item: Path: hkey_current_user\software\microsoft\windows\currentversion\ext\stats\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bec0}\iexplore\Time
2009/01/25 09:35:53:778: Regisry item: Path: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEC0}\IEXPLORE
2009/01/25 09:35:53:781: Regisry item: Path: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEC0}
2009/01/25 09:35:53:783: Regisry item: Path: hkey_classes_root\clsid\{83a2f9b1-01a2-4aa5-87d1-45b6b8505e96}\inprocserver32\
2009/01/25 09:35:53:786: Regisry item: Path: hkey_classes_root\clsid\{83a2f9b1-01a2-4aa5-87d1-45b6b8505e96}\inprocserver32\ThreadingModel
2009/01/25 09:35:53:788: Regisry item: Path: HKEY_CLASSES_ROOT\CLSID\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}\INPROCSERVER32
2009/01/25 09:35:53:791: Regisry item: Path: hkey_classes_root\clsid\{83a2f9b1-01a2-4aa5-87d1-45b6b8505e96}\progid\
2009/01/25 09:35:53:794: Regisry item: Path: HKEY_CLASSES_ROOT\CLSID\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}\PROGID
2009/01/25 09:35:53:796: Regisry item: Path: HKEY_CLASSES_ROOT\CLSID\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}\PROGRAMMABLE
2009/01/25 09:35:53:799: Regisry item: Path: hkey_classes_root\clsid\{83a2f9b1-01a2-4aa5-87d1-45b6b8505e96}\typelib\
2009/01/25 09:35:53:803: Regisry item: Path: HKEY_CLASSES_ROOT\CLSID\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}\TYPELIB
2009/01/25 09:35:53:806: Regisry item: Path: hkey_classes_root\clsid\{83a2f9b1-01a2-4aa5-87d1-45b6b8505e96}\versionindependentprogid\
2009/01/25 09:35:53:810: Regisry item: Path: HKEY_CLASSES_ROOT\CLSID\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}\VERSIONINDEPENDENTPROGID
2009/01/25 09:35:53:812: Regisry item: Path: hkey_classes_root\clsid\{83a2f9b1-01a2-4aa5-87d1-45b6b8505e96}\
2009/01/25 09:35:53:815: Regisry item: Path: HKEY_CLASSES_ROOT\CLSID\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}
2009/01/25 09:35:53:817: Regisry item: Path: hkey_classes_root\clsid\{ca3eb689-8f09-4026-aa10-b9534c691ce0}\inprocserver32\
2009/01/25 09:35:53:820: Regisry item: Path: hkey_classes_root\clsid\{ca3eb689-8f09-4026-aa10-b9534c691ce0}\inprocserver32\ThreadingModel
2009/01/25 09:35:53:823: Regisry item: Path: HKEY_CLASSES_ROOT\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\INPROCSERVER32
2009/01/25 09:35:53:826: Regisry item: Path: hkey_classes_root\clsid\{ca3eb689-8f09-4026-aa10-b9534c691ce0}\progid\
2009/01/25 09:35:53:828: Regisry item: Path: HKEY_CLASSES_ROOT\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\PROGID
2009/01/25 09:35:53:832: Regisry item: Path: hkey_classes_root\clsid\{ca3eb689-8f09-4026-aa10-b9534c691ce0}\typelib\
2009/01/25 09:35:53:835: Regisry item: Path: HKEY_CLASSES_ROOT\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\TYPELIB
2009/01/25 09:35:53:837: Regisry item: Path: hkey_classes_root\clsid\{ca3eb689-8f09-4026-aa10-b9534c691ce0}\versionindependentprogid\
2009/01/25 09:35:53:840: Regisry item: Path: HKEY_CLASSES_ROOT\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\VERSIONINDEPENDENTPROGID
2009/01/25 09:35:53:843: Regisry item: Path: hkey_classes_root\clsid\{ca3eb689-8f09-4026-aa10-b9534c691ce0}\
2009/01/25 09:35:53:845: Regisry item: Path: HKEY_CLASSES_ROOT\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
2009/01/25 09:35:53:848: Regisry item: Path: hkey_current_user\software\microsoft\windows\currentversion\ext\stats\{83a2f9b1-01a2-4aa5-87d1-45b6b8505e96}\iexplore\Type
2009/01/25 09:35:53:851: Regisry item: Path: hkey_current_user\software\microsoft\windows\currentversion\ext\stats\{83a2f9b1-01a2-4aa5-87d1-45b6b8505e96}\iexplore\Flags
2009/01/25 09:35:53:853: Regisry item: Path: hkey_current_user\software\microsoft\windows\currentversion\ext\stats\{83a2f9b1-01a2-4aa5-87d1-45b6b8505e96}\iexplore\Count
2009/01/25 09:35:53:857: Regisry item: Path: hkey_current_user\software\microsoft\windows\currentversion\ext\stats\{83a2f9b1-01a2-4aa5-87d1-45b6b8505e96}\iexplore\Time
2009/01/25 09:35:53:862: Regisry item: Path: hkey_current_user\software\microsoft\windows\currentversion\ext\stats\{83a2f9b1-01a2-4aa5-87d1-45b6b8505e96}\iexplore\Blocked
2009/01/25 09:35:53:864: Regisry item: Path: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}\IEXPLORE
2009/01/25 09:35:53:867: Regisry item: Path: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}
2009/01/25 09:35:53:869: Regisry item: Path: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}
2009/01/25 09:35:53:873: Regisry item: Path: hkey_classes_root\clsid\{9afb8248-617f-460d-9366-d71cdeda3179}\treatas\
2009/01/25 09:35:53:875: Regisry item: Path: HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}\TREATAS
2009/01/25 09:35:53:878: Regisry item: Path: HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
2009/01/25 09:35:53:880: File item: Path: c:\program files\ietoolbar\eco bar\basis.xml
2009/01/25 09:35:54:001: File item: Path: c:\program files\ietoolbar\eco bar\ecobar.dll
2009/01/25 09:35:54:004: File item: Path: c:\program files\ietoolbar\eco bar\icons.bmp
2009/01/25 09:35:54:009: File item: Path: c:\program files\ietoolbar\eco bar\info.txt
2009/01/25 09:35:54:043: File item: Path: c:\program files\ietoolbar\eco bar\tbhelper.dll
2009/01/25 09:35:54:062: File item: Path: c:\program files\ietoolbar\eco bar\tbu05139\ecobar.dll
2009/01/25 09:35:54:069: File item: Path: c:\program files\ietoolbar\eco bar\tbu05139\uninstall.exe
2009/01/25 09:35:54:078: Directory item: Path: c:\program files\ietoolbar\eco bar\tbu05139
2009/01/25 09:35:54:166: File item: Path: c:\program files\ietoolbar\eco bar\uninstall.exe
2009/01/25 09:35:54:169: File item: Path: c:\program files\ietoolbar\eco bar\version.txt
2009/01/25 09:35:54:173: File item: Path: c:\program files\ietoolbar\eco bar\your_logo.png
2009/01/25 09:35:54:176: Directory item: Path: c:\program files\ietoolbar\ECO Bar
2009/01/25 09:35:54:183: Directory item: Path: C:\Program Files\ietoolbar
2009/01/25 09:35:54:196: Regisry item: Path: hkey_classes_root\interface\{4897bba6-48d9-468c-8efa-846275d7701b}\proxystubclsid\
2009/01/25 09:35:54:199: Regisry item: Path: HKEY_CLASSES_ROOT\INTERFACE\{4897BBA6-48D9-468C-8EFA-846275D7701B}\PROXYSTUBCLSID
2009/01/25 09:35:54:203: Regisry item: Path: hkey_classes_root\interface\{4897bba6-48d9-468c-8efa-846275d7701b}\proxystubclsid32\
2009/01/25 09:35:54:207: Regisry item: Path: HKEY_CLASSES_ROOT\INTERFACE\{4897BBA6-48D9-468C-8EFA-846275D7701B}\PROXYSTUBCLSID32
2009/01/25 09:35:54:213: Regisry item: Path: hkey_classes_root\interface\{4897bba6-48d9-468c-8efa-846275d7701b}\typelib\
2009/01/25 09:35:54:216: Regisry item: Path: hkey_classes_root\interface\{4897bba6-48d9-468c-8efa-846275d7701b}\typelib\Version
2009/01/25 09:35:54:220: Regisry item: Path: HKEY_CLASSES_ROOT\INTERFACE\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TYPELIB
2009/01/25 09:35:54:227: Regisry item: Path: hkey_classes_root\interface\{4897bba6-48d9-468c-8efa-846275d7701b}\
2009/01/25 09:35:54:231: Regisry item: Path: HKEY_CLASSES_ROOT\INTERFACE\{4897BBA6-48D9-468C-8EFA-846275D7701B}
2009/01/25 09:35:54:235: Regisry item: Path: hkey_classes_root\typelib\{4509d3cc-b642-4745-b030-645b79522c6d}\1.0\0\win32\
2009/01/25 09:35:54:242: Regisry item: Path: HKEY_CLASSES_ROOT\TYPELIB\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\0\WIN32
2009/01/25 09:35:54:245: Regisry item: Path: HKEY_CLASSES_ROOT\TYPELIB\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\0
2009/01/25 09:35:54:248: Regisry item: Path: hkey_classes_root\typelib\{4509d3cc-b642-4745-b030-645b79522c6d}\1.0\flags\
2009/01/25 09:35:54:251: Regisry item: Path: HKEY_CLASSES_ROOT\TYPELIB\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\FLAGS
2009/01/25 09:35:54:253: Regisry item: Path: hkey_classes_root\typelib\{4509d3cc-b642-4745-b030-645b79522c6d}\1.0\helpdir\
2009/01/25 09:35:54:277: Regisry item: Path: HKEY_CLASSES_ROOT\TYPELIB\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\HELPDIR
2009/01/25 09:35:54:280: Regisry item: Path: hkey_classes_root\typelib\{4509d3cc-b642-4745-b030-645b79522c6d}\1.0\
2009/01/25 09:35:54:283: Regisry item: Path: HKEY_CLASSES_ROOT\TYPELIB\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0
2009/01/25 09:35:54:286: Regisry item: Path: HKEY_CLASSES_ROOT\TYPELIB\{4509D3CC-B642-4745-B030-645B79522C6D}
2009/01/25 09:35:54:289: Regisry item: Path: hkey_classes_root\urlsearchhook.toolbarurlsearchhook\clsid\
2009/01/25 09:35:54:295: Regisry item: Path: HKEY_CLASSES_ROOT\URLSEARCHHOOK.TOOLBARURLSEARCHHOOK\CLSID
2009/01/25 09:35:54:298: Regisry item: Path: hkey_classes_root\urlsearchhook.toolbarurlsearchhook\
2009/01/25 09:35:54:302: Regisry item: Path: HKEY_CLASSES_ROOT\URLSEARCHHOOK.TOOLBARURLSEARCHHOOK
2009/01/25 09:35:54:308: Regisry item: Path: hkey_classes_root\urlsearchhook.toolbarurlsearchhook.1\clsid\
2009/01/25 09:35:54:311: Regisry item: Path: HKEY_CLASSES_ROOT\URLSEARCHHOOK.TOOLBARURLSEARCHHOOK.1\CLSID
2009/01/25 09:35:54:314: Regisry item: Path: hkey_classes_root\urlsearchhook.toolbarurlsearchhook.1\
2009/01/25 09:35:54:317: Regisry item: Path: HKEY_CLASSES_ROOT\URLSEARCHHOOK.TOOLBARURLSEARCHHOOK.1
2009/01/25 09:35:54:330: Regisry item: Path: hkey_local_machine\software\microsoft\windows\currentversion\run\remotecontrol
2009/01/25 09:35:54:335: Regisry item: Path: hkey_classes_root\magnet\defaulticon\
2009/01/25 09:35:54:338: Regisry item: Path: HKEY_CLASSES_ROOT\MAGNET\DEFAULTICON
2009/01/25 09:35:54:344: Regisry item: Path: hkey_classes_root\magnet\shell\open\command\
2009/01/25 09:35:54:347: Regisry item: Path: HKEY_CLASSES_ROOT\MAGNET\SHELL\OPEN\COMMAND
2009/01/25 09:35:54:350: Regisry item: Path: HKEY_CLASSES_ROOT\MAGNET\SHELL\OPEN
2009/01/25 09:35:54:353: Regisry item: Path: HKEY_CLASSES_ROOT\MAGNET\SHELL
2009/01/25 09:35:54:362: Regisry item: Path: hkey_classes_root\magnet\\
2009/01/25 09:35:54:365: Regisry item: Path: HKEY_CLASSES_ROOT\MAGNET\
2009/01/25 09:35:54:367: PostQuarantine
2009/01/25 09:35:54:367: Entering Permission Fix
2009/01/25 09:35:54:411: LSPFix v1.7: Running FixAll
2009/01/25 09:35:54:572: Database Version: 11.1.8 1231948693
2009/01/25 09:36:03:724: Database Version: 11.1.8 1231948693
2009/01/25 09:36:22:131: Database Version: 11.1.8 1231948693
2009/01/25 09:36:26:247: Database Version: 11.1.8 1231948693
2009/01/25 09:36:38:298: Database Version: 11.1.8 1231948693


HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:04:32 AM, on 25/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Shaw Secure\Common\FSM32.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Users\Wray Family\AppData\Local\etrmnmon\etrmnmon.exe
C:\Windows\System32\regsvr32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\MalwareRemovalBot\MalwareRemovalBot.exe
C:\Program Files\Pantone\huey\hueyTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\conime.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Shaw Secure\FSGUI\scanwizard.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... pire_m1640
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... pire_m1640
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: EmailBHO - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - C:\Program Files\jZip\WebmailPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: adsoftinc browser enhancer - {B7DA9462-6630-5AC2-EE70-437E4B6BF8D6} - C:\Windows\system32\ncvzmhfzhtzc.dll
O2 - BHO: adsoftinc - {b903080c-b4f0-d96c-1332-d22dddc6f61d} - C:\Windows\system32\nsm9B85.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\SetApanel.cmd
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [etrmnmon] "C:\Users\Wray Family\AppData\Local\etrmnmon\etrmnmon.exe"
O4 - HKLM\..\Run: [wlaoscdeccqcv] C:\Windows\System32\regsvr32.exe /s "C:\Windows\system32\ncvzmhfzhtzc.dll"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MalwareRemovalBot] C:\Program Files\MalwareRemovalBot\MalwareRemovalBot.exe -boot
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ASETRES.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: hueyTray.lnk = C:\Program Files\Pantone\huey\hueyTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/ ... ontrol.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Shaw Secure\ORSP Client\fsorsp.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MalwareRemovalBot Scanning Engine (MalwareRemovalBotSrv) - Unknown owner - C:\Program Files\MalwareRemovalBot\MalwareRemovalBot.srv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 10906 bytes
DaveinthePeg
Regular Member
 
Posts: 21
Joined: January 22nd, 2009, 6:43 pm

Re: Dave's Hijack log

Unread postby flashh4 » January 25th, 2009, 3:52 pm

Hi Dave, you did not follow the Malwarebytes instructions very good, so i need you to run it again and pay close attention to the instructions.

NEXT


Download and Install CCleaner
  • Download CCleaner from here . Choose the Slim version.
  • Double click on ccsetupXXX_slim.exe to start the installation of CCleaner. (XXX is the version number)
  • Click OK
  • Click Next
  • Click I agree
  • Click Next
  • Click Install
  • Once the installation has finished, click Finish

Retrieve the Installed Programs List from CCleaner
Open CCleaner if it's not already running.
In the Left Pane, click Tools
Verify that Uninstall is highlighted in color, or click on it.
In the lower Right, click Save to Text File.
Pull down the arrow at the top of the Save dialog and choose Desktop as the location.
You can leave the filename as install.txt
Click Save
Exit CCleaner by clicking on the X button in the upper right of the CCleaner window.

Post the contents of install.txt
Also the New Malwarebytes log/scan

Thanks
Chuck
User avatar
flashh4
Regular Member
 
Posts: 2276
Joined: June 7th, 2005, 8:36 pm
Location: wyoming

Re: Dave's Hijack log

Unread postby DaveinthePeg » January 25th, 2009, 5:59 pm

Chuck,

Here are the results from the CCleaner:

Acer Assist
Acer eDataSecurity Management
Acer Empowering Technology
Acer ePerformance Management
Acer eSettings Management
Acer GameZone Console DTV 2.0.1.1
Acer Registration
Acer ScreenSaver
Activation Assistant for the 2007 Microsoft Office suites
Ad-Aware
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Photoshop 7.0
Adobe Reader 8.1.0
Agatha Christie Death on the Nile
Alice Greenfingers
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
ATI Catalyst Install Manager
Audacity 1.2.6
Azada
Backspin Billiards
Big Kahuna Reef
Bonjour
Bookworm Deluxe
Bricks of Egypt
Cake Mania
CCleaner (remove only)
Chicken Invaders 3
Chuzzle
Contextual Platform Adsoftinc
Diner Dash Flo on the Go
DPS
eSobi v2
Flip Words 2
Google Desktop
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Homeworkhelp.com Grammar
huey 1.0
iTunes
Jasc Animation Shop 3
Jasc Paint Shop Pro 9
Java(TM) 6 Update 7
Jewel Quest Solitaire
jZip
Kick N Rush
Mahjong Escape Ancient China
Mahjongg Artifacts
MalwareRemovalBot
Microsoft Office Home and Student 2007
Microsoft Publisher 2002
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.0.5)
Mozilla Thunderbird (2.0.0.19)
MSXML 4.0 SP2 (KB954430)
Mystery Case Files - Huntsville
Mystery Solitaire - Secret Island
NTI Backup NOW! 4.7
NTI CD & DVD-Maker
NVIDIA Drivers
PhotoNow!
PowerDirector (Acer DT)
PowerDVD 7.0 with 5.1ch
QuickTime
Realtek High Definition Audio Driver
RON Too1 Adsoftinc
Shaw Secure
TriplePlay Plus! in Japanese
Turbo Pizza
Windows Live Essentials
Windows Live Sign-in Assistant
Windows Live Upload Tool
Zuma Deluxe


After running Malwarebyte here is the log (the last one in the log file is very small so I included it and the second last)

last:


Microsoft Windows Vista Home Basic Service Pack 1
6.00 build 6001 Service Pack 1
Username: Wray Family
In groups: LOCAL Administrators Everyone Users None INTERACTIVE NTLM Authentication Authenticated Users Medium Mandatory Level This Organization
2009/01/25 10:01:58:830: Application Version: 1.9.3163.891
2009/01/25 10:01:58:948: Module Version: 1.0.3163.888
2009/01/25 10:01:59:029: Service Version: 1.0.3163.888
2009/01/25 10:01:59:029: ===============================================================
2009/01/25 10:01:59:053: Finish Logging


second last:
Microsoft Windows Vista Home Basic Service Pack 1
6.00 build 6001 Service Pack 1
Username: Wray Family
In groups: LOCAL Administrators Everyone Users None INTERACTIVE NTLM Authentication Authenticated Users Medium Mandatory Level This Organization
2009/01/25 09:59:45:784: Application Version: 1.9.3163.891
2009/01/25 09:59:46:330: Module Version: 1.0.3163.888
2009/01/25 09:59:46:332: Service Version: 1.0.3163.888
2009/01/25 09:59:46:332: ===============================================================
2009/01/25 09:59:46:349: Switching to PIERemote.
2009/01/25 09:59:46:362: Creating pipe: \\.\pipe\MalwareRemovalBot.service.communication
2009/01/25 09:59:46:574: Checking for bad run key.
2009/01/25 09:59:46:667: Windows directory: C:\Windows
2009/01/25 09:59:46:726: System directory: C:\Windows\system32
2009/01/25 09:59:46:858: Program Files directory: C:\Program Files
2009/01/25 09:59:46:927: Application Data: C:\Users\Wray Family\AppData\Roaming
2009/01/25 09:59:47:123: User Profile: C:\Users\Wray Family
2009/01/25 09:59:47:293: User Temp: C:\Users\WRAYFA~1\AppData\Local\Temp\
2009/01/25 09:59:47:402: Start Menu: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Start Menu
2009/01/25 09:59:47:480: User Desktop: C:\Users\Wray Family\Desktop
2009/01/25 09:59:47:558: Common Desktop: C:\Users\Public\Desktop
2009/01/25 09:59:47:636: Common Profile: C:\ProgramData
2009/01/25 09:59:47:901: SID set to: S-1-5-21-3681265779-323896581-920976360-1000
2009/01/25 09:59:54:079: version was called, but is not defined in this dll version.
2009/01/25 09:59:54:203: Database Version:
2009/01/25 09:59:54:281: version was called, but is not defined in this dll version.
2009/01/25 09:59:54:359: Database Version:
2009/01/25 09:59:57:698: Driver check:
2009/01/25 09:59:57:823: SC manager open.
2009/01/25 09:59:58:010: MalwareRemovalBot not found. Attemping install.
2009/01/25 09:59:58:103: Checking for C:\Program Files\MalwareRemovalBot\FilterDrv\MalwareRemovalBot.inf
2009/01/25 09:59:58:462: StartDriver:
2009/01/25 09:59:58:603: This is a driver version.
2009/01/25 09:59:58:681: Channel: \AntiSpyFilter
2009/01/25 09:59:58:759: SC manager open.
2009/01/25 09:59:58:899: Driver is not connected.
2009/01/25 10:00:02:159: Parsing command line:
2009/01/25 10:00:02:378: boot
2009/01/25 10:00:02:503: OnitDialog...
2009/01/25 10:00:02:581: Skipping splash screen.
2009/01/25 10:00:04:156: Checking for database update...
2009/01/25 10:00:09:133: Updating Security Center Info: MalwareRemovalBot, C:\Program Files\MalwareRemovalBot\MalwareRemovalBot.exe, 1, 1
2009/01/25 10:00:09:304: ConnectServer: service
2009/01/25 10:00:09:382: ExecQuery: pResults
2009/01/25 10:00:09:850: Next: 1
2009/01/25 10:00:09:991: Next: 1
2009/01/25 10:00:10:069: Found app's entry
2009/01/25 10:00:10:147: Put: displayName
2009/01/25 10:00:10:287: Put: productEnabled
2009/01/25 10:00:10:365: Put: productUptoDate
2009/01/25 10:00:10:443: PutInstance
2009/01/25 10:00:10:848: Done
2009/01/25 10:00:10:902: Database Version: 11.1.8 1231948693
2009/01/25 10:00:11:015: Database Version: 11.1.8 1231948693
2009/01/25 15:42:02:572: Start Scan
2009/01/25 15:42:02:581: Scan options:
2009/01/25 15:42:02:581: Scan Active Processes
2009/01/25 15:42:02:581: Scan Windows Registry
2009/01/25 15:42:02:581: Scan Cookies
2009/01/25 15:42:02:581: Scan Files
2009/01/25 15:42:02:601: Clearing Volatile Lists.
2009/01/25 15:42:02:765: 32-bit Winsock LSP Map:
2009/01/25 15:42:05:285: Entering Process Scan
2009/01/25 15:42:05:768: \systemroot\system32\smss.exe scan aborted ... Reason: unable to open or create the file specified
2009/01/25 15:43:46:796: Completed Process Scan
2009/01/25 15:43:46:817: PreDbScan
2009/01/25 15:43:46:894: ResultAdded[50]: Tracking Cookie, Tracking Cookie
2009/01/25 15:43:46:964: ResultAdded[538634]: Tracking Cookie, Tracking Cookie
2009/01/25 15:43:46:997: ResultAdded[109]: Tracking Cookie, Tracking Cookie
2009/01/25 15:43:47:015: ResultAdded[112]: Tracking Cookie, Tracking Cookie
2009/01/25 15:43:47:035: ResultAdded[129]: Tracking Cookie, Tracking Cookie
2009/01/25 15:43:47:098: ResultAdded[203]: Tracking Cookie, Tracking Cookie
2009/01/25 15:43:47:157: ResultAdded[261]: Tracking Cookie, Tracking Cookie
2009/01/25 15:43:47:188: ResultAdded[619538]: Tracking Cookie, Tracking Cookie
2009/01/25 15:43:47:238: ResultAdded[550076]: Tracking Cookie, Tracking Cookie
2009/01/25 15:43:47:251: ResultAdded[582162]: Tracking Cookie, Tracking Cookie
2009/01/25 15:43:47:256: ResultAdded[582161]: Tracking Cookie, Tracking Cookie
2009/01/25 15:43:47:282: ResultAdded[609753]: Tracking Cookie, Tracking Cookie
2009/01/25 15:43:47:288: ResultAdded[25142]: Tracking Cookie, Tracking Cookie
2009/01/25 15:43:47:325: ResultAdded[526442]: Tracking Cookie, Tracking Cookie
2009/01/25 15:43:47:345: ResultAdded[409]: Tracking Cookie, Tracking Cookie
2009/01/25 15:43:55:511: DeepScan
2009/01/25 15:43:55:511: IsBadEnough calculation:
2009/01/25 15:43:55:511: IsBadEnough: 0
2009/01/25 15:43:55:511: OptDeepScan: 0
2009/01/25 15:43:55:511: OptDeepScanScheduleScan: 1
2009/01/25 15:43:55:511: OptScheduleScan: 0
2009/01/25 15:43:55:512: PostScan
2009/01/25 15:43:55:596: Saving scan results...
2009/01/25 15:43:55:599: Building result tree.
2009/01/25 15:56:04:003: Quarantining items: debug version 1.0
2009/01/25 15:56:04:003: Selecting quarantine folder: C:\Users\Wray Family\AppData\Roaming\MalwareRemovalBot\Quarantine\25-01-2009-15-56-04
2009/01/25 15:56:04:200: Thread created.
2009/01/25 15:56:04:205: PreQuarantine
2009/01/25 15:56:04:213: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@adserver.adtechus[1].txt
2009/01/25 15:56:04:233: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@adserver.easyad[1].txt
2009/01/25 15:56:04:237: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@apmebf[1].txt
2009/01/25 15:56:04:241: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@bravenet[1].txt
2009/01/25 15:56:04:245: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@bs.serving-sys[1].txt
2009/01/25 15:56:04:248: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@www.clickxchange[1].txt
2009/01/25 15:56:04:252: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@fastclick[1].txt
2009/01/25 15:56:04:256: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@looksmart[1].txt
2009/01/25 15:56:04:257: Couldn't find C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@media6degrees[2].txt to quarantine.
2009/01/25 15:56:04:260: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@quantserve[2].txt
2009/01/25 15:56:04:264: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@rotator.adjuggler[2].txt
2009/01/25 15:56:04:267: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@rotator.its.adjuggler[2].txt
2009/01/25 15:56:04:271: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@servedby.topqualityads[2].txt
2009/01/25 15:56:04:275: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@serving-sys[1].txt
2009/01/25 15:56:04:279: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@tacoda[2].txt
2009/01/25 15:56:04:283: Cookie item: Path: C:\Users\Wray Family\AppData\Roaming\Microsoft\Windows\Cookies\wray_family@tribalfusion[1].txt
2009/01/25 15:56:04:286: PostQuarantine
2009/01/25 15:56:04:286: Entering Permission Fix
2009/01/25 15:56:06:008: LSPFix v1.7: Running FixAll
2009/01/25 15:56:06:262: Database Version: 11.1.8 1231948693
2009/01/25 15:56:13:930: Database Version: 11.1.8 1231948693


Thanks Dave
DaveinthePeg
Regular Member
 
Posts: 21
Joined: January 22nd, 2009, 6:43 pm

Re: Dave's Hijack log

Unread postby flashh4 » January 25th, 2009, 8:54 pm

Hi Dave, let me explain what you are doing wrong.
You keep posting me a log from a program called MalwareRemovalBot it is a fake security program.
I ask for a log from Malwarebytes, you must be assuming what i ask for instead of reading what i post.
Make sure you read more carefully or you may do something to harm your computer. If you don't understand, just ask and i will explain.

Lets continue with the cleaning.
Read and follow carefully.


Remove Program(s) with CCleaner
Open CCleaner. In the Left Pane, click Tools. Verify that Uninstall is highlighted in color, or click on it.
Click and Highlight the Following Programs, one at a time, and click the Run Uninstaller button for each one.
Wait for completion of each one before highlighting and Uninstalling the next.


Ask Toolbar
MalwareRemovalBot


Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into Keeping the program.



NEXT PART

Follow these instructions:

list=1][*]Please download Malwarebytes' Anti-Malware and save it to a convenient location.
[*]Double click on mbam-setup.exe to install it.
[*]Before clicking the Finish button, make sure that these 2 boxes are checked (ticked):
    Update Malwarebytes' Anti-Malware
    Launch Malwarebytes' Anti-Malware
[*]Malwarebytes' Anti-Malware will now check for updates. If your firewall prompts, please allow it. If you can't update it, select the Update tab. Under Update Mirror, select one of the websites and click on Check for Updates.
[*]Select the Scanner tab. Click on Perform full scan, then click on Scan.
[*]Leave the default options as it is and click on Start Scan.
[*]When done, you will be prompted. Click OK, then click on Show Results.
[*]Checked (ticked) all items and click on Remove Selected.
[*]After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.[/list]


Post these next:
1. Malwarebytes' log
2. New HJT log
3. Post a NEW install.txt from the CCleaner so i can see if these were removed:
Ask Toolbar
MalwareRemovalBot


Thanks
Chuck
User avatar
flashh4
Regular Member
 
Posts: 2276
Joined: June 7th, 2005, 8:36 pm
Location: wyoming
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 118 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware