[Resolved] computer running slow； need help please

Home Forums Contact

Welcome! Register for a free account (or login) > How does it work?

Quickly register. It will only take 60 seconds.
Start a new topic. Ask your question. Wait for an email reply.
Is your system infected? Begin reading the malware removal guide.

register button

What the Tech > Spyware / Malware / Virus Removal > Infections Removal

3 Pages

1 2 3 >

Closed Topic

Start new topic

[Resolved] computer running slow； need help please, my first time here

Rusheng View Member Profile	Oct 22 2009, 04:05 PM Post #1
Authentic Member Group: Authentic Member Posts: 23 Joined: 22-October 09 Member No.: 88,485 Operating System: WindowsVista	Hi, I have been hearing lots of good things about whatthetech forum and that is why I am here today to ask for some help。Thanks！ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:01:18 PM, on 10/22/2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18828) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe C:\Program Files\Active Keys\akeys.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\CursorXP\CursorXP.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Startup Faster 2004\sfAgent.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\DAP\DAP.EXE C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: MapQuest Toolbar Search Class - {2558d83c-097c-4cf1-9163-ce5ecc36ace2} - C:\Program Files\MapQuest Toolbar\mapquesttb.dll R3 - URLSearchHook: Free Tools Toolbar - {de6ae2bc-6ef1-4b9c-a9fe-4c4e0d45b63d} - C:\Program Files\StartPagePro\tbSta0.dll O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll O2 - BHO: Yodao Toolbar Helper - {6516E5BB-1186-4E2B-B8B8-2DC0E35AB1FA} - C:\Program Files\Yodao\Toolbar\ydtbv2.20.0011.4000\YodaoToolbar.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll O2 - BHO: CBIEBuddy - {A412E581-59B2-485E-834F-C5F0C0268C79} - C:\Program Files\Kingsoft\PowerWord Lite\CBEBand.dll O2 - BHO: MapQuest Toolbar Loader - {bd3fd433-147a-482e-a192-614f26e2310c} - C:\Program Files\MapQuest Toolbar\mapquesttb.dll O2 - BHO: Recfree toolbar helper - {D286E828-E6B9-484d-A058-D7323666DE33} - C:\Program Files\RecFree.com\RecFreeToolbar\1.3.10.0\escort.dll O2 - BHO: Free Tools Toolbar - {de6ae2bc-6ef1-4b9c-a9fe-4c4e0d45b63d} - C:\Program Files\StartPagePro\tbSta0.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL O3 - Toolbar: Free Tools Toolbar - {de6ae2bc-6ef1-4b9c-a9fe-4c4e0d45b63d} - C:\Program Files\StartPagePro\tbSta0.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: ????? - {7B434A2A-9E4C-48F2-8373-5801F316A4D5} - C:\Program Files\Yodao\Toolbar\ydtbv2.20.0011.4000\YodaoToolbar.dll O3 - Toolbar: MapQuest Toolbar - {9302e698-7e00-43ab-b867-c6e759bc2ada} - C:\Program Files\MapQuest Toolbar\mapquesttb.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: RecFree Toolbar - {0508F8F1-08E3-43EE-AAA8-09AD09803084} - C:\Program Files\RecFree.com\RecFreeToolbar\1.3.10.0\escorTlbr.dll O4 - HKLM\..\Run: [StartupFaster] "C:\Program Files\Startup Faster 2004\strpfstcfg.exe" -run -SFAURUN -SFCURUN -SFAUSTARTUP -SFCUSTARTUP O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user') O4 - Startup: StartupFaster O4 - Global Startup: StartupFaster O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe O9 - Extra button: ?????? - {998A88A0-A355-809B-831C-B83A80000991} - http://www.henkuai.com/?from=iebannel (file missing) O9 - Extra 'Tools' menuitem: ?????? - {998A88A0-A355-809B-831C-B83A80000991} - http://www.henkuai.com/?from=iebannel (file missing) O9 - Extra button: ??UUSee ???? - {998A88A0-A355-809B-831C-B83A80000992} - C:\Program Files\uusee\UUSeePlayer.exe O9 - Extra 'Tools' menuitem: ??UUSee ???? - {998A88A0-A355-809B-831C-B83A80000992} - C:\Program Files\uusee\UUSeePlayer.exe O9 - Extra button: ???????? - {A412E581-59B2-485E-834F-C5F0C0268C79} - C:\Program Files\Kingsoft\PowerWord Lite\CBEBand.dll O9 - Extra 'Tools' menuitem: ???????? - {A412E581-59B2-485E-834F-C5F0C0268C79} - C:\Program Files\Kingsoft\PowerWord Lite\CBEBand.dll O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll O13 - Gopher Prefix: O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O16 - DPF: {87587503-20F0-4FF5-8DA3-0107C4C03FDC} (vmLaunch Class) - http://downloads.comcast.net/videomail/vmLauncher.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 16386 bytes

mschroe919 View Member Profile	Oct 23 2009, 07:19 AM Post #2
basic Group: Malware Team Posts: 2,815 Joined: 12-January 05 From: Michigan Member No.: 22,799 Operating System: XP HOME	Hi Rusheng Welcome to the What the tech Forums My name is mschroe919 and I am going to read your log. I would like to help you So if you would.... Please be patient and I will be back as soon as possible. Please while I am gone do these steps: Show hidden files, Here is how: IN VISTA: To enable the viewing of hidden and protected system files in Windows Vista please follow these steps: 1 Close all programs so that you are at your desktop. 2 Click on the Start button. This is the small round button with the Windows flag in the lower left corner. 3 Click on the Control Panel menu option. 4 When the control panel opens you can either be in Classic View or Control Panel Home view: If you are in the Classic View do the following: 1 Double-click on the Folder Options icon. 2 Click on the View tab. 3 Go to step 5. If you are in the Control Panel Home view do the following: Click on the Appearance and Personalization link. Click on Show Hidden Files or Folders. Go to step 5. 1 Under the Hidden files and folders section select the radio button labeled Show hidden files and folders. 2 Remove the checkmark from the checkbox labeled Hide extensions for known file types. 3 Remove the checkmark from the checkbox labeled Hide protected operating system files. Once this is done, your Folder Options screen should look similar to the following image. 5 Under the Hidden files and folders section select the radio button labeled Show hidden files and folders. 6 Remove the checkmark from the checkbox labeled Hide extensions for known file types. 7 Remove the checkmark from the checkbox labeled Hide protected operating system files. Once this is done, your Folder Options screen should look similar to the following image. Press the Apply button and then the OK button. Now Windows Vista is configured to show hidden files NEXT: Please download ATF Cleaner by Atribune. Download it HERE: This program is for XP, Windows 2000, Vista Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. NEXT: Malwarebytes' Anti-Malware HERE * Double-click mbam-setup.exe and follow the prompts to install the program. * Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform FULL SCAN, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt post a new [HJT] log and the Malwarebytes' Anti-Malware log Be sure not to delete anything intill said ok to. also don't run any other cleanup programs till we get done it may goof ours up. Also if you have any questions feel fre to ask first. When you post another rhjt log and the Malwarebytes' Anti-Malware log , let me know how your PC is behaving I will be waiting to see new logs Please stay with us till you pc is clean, cause what may soon look like your pc is doing fine, a hidden virus shows up. mschroe919

Rusheng View Member Profile	Oct 25 2009, 01:23 AM Post #3
Authentic Member Group: Authentic Member Posts: 23 Joined: 22-October 09 Member No.: 88,485 Operating System: WindowsVista	Malwarebytes' Anti-Malware 1.41 Database version: 3028 Windows 6.0.6002 Service Pack 2 10/24/2009 10:17:52 PM mbam-log-2009-10-24 (22-17-52).txt Scan type: Full Scan (C:\\|D:\\|E:\\|) Objects scanned: 237768 Time elapsed: 2 hour(s), 39 minute(s), 12 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 18 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\yodaotoolbar.stockbar (Adware.Toolbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{4ef9fc88-fbf2-4da8-972b-7787087ce5e2} (Adware.Toolbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{1a9dcef3-df60-4ffb-8f07-da9cb28955be} (Adware.Toolbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{44ae0096-b0b8-42bf-acaf-f58fc0f868d0} (Adware.Toolbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{94f7090d-d0ea-48da-a411-0f947cf7fdbe} (Adware.Toolbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{b7b14c67-ace1-4f1b-a3d0-b4266d1d9cbd} (Adware.Toolbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e9999359-0aed-4949-bd0d-15278a593dd8} (Adware.Toolbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{ef9f4a6b-b76f-4632-9ce4-1b9cc8cf8706} (Adware.Toolbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{499aa10b-e9da-4ffc-a745-a39d2e698845} (Adware.Toolbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{6516e5bb-1186-4e2b-b8b8-2dc0e35ab1fa} (Adware.Toolbar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6516e5bb-1186-4e2b-b8b8-2dc0e35ab1fa} (Adware.Toolbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6516e5bb-1186-4e2b-b8b8-2dc0e35ab1fa} (Adware.Toolbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{7b434a2a-9e4c-48f2-8373-5801f316a4d5} (Adware.Toolbar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7b434a2a-9e4c-48f2-8373-5801f316a4d5} (Adware.Toolbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{bf480adc-d63d-45ff-a6e6-326e8e6f75bb} (Adware.Toolbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\yodaotoolbar.stockbar.1 (Adware.Toolbar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.AntiVirus2008) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7b434a2a-9e4c-48f2-8373-5801f316a4d5} (Adware.Toolbar) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Program Files\Yodao\Toolbar\ydtbv2.20.0011.4000\YodaoToolbar.dll (Adware.Toolbar) -> Quarantined and deleted successfully.

mschroe919 View Member Profile	Oct 25 2009, 06:11 AM Post #4
basic Group: Malware Team Posts: 2,815 Joined: 12-January 05 From: Michigan Member No.: 22,799 Operating System: XP HOME	Hi Rusheng QUOTE When you post another rhjt log and the Malwarebytes' Anti-Malware log , let me know how your PC is behaving I will be waiting to see new logs I need the new HJT log too. and let me know how the pc is doing also thanks mschroe919

Rusheng View Member Profile	Oct 31 2009, 12:20 PM Post #5
Authentic Member Group: Authentic Member Posts: 23 Joined: 22-October 09 Member No.: 88,485 Operating System: WindowsVista	Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:18:43 AM, on 10/31/2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18828) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Kingsoft\PowerWord Lite\XDict.exe C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\CursorXP\CursorXP.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Active Keys\akeys.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Startup Faster 2004\sfAgent.exe C:\Users\Rusheng\AppData\Local\Google\Update\GoogleUpdate.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\SearchFilterHost.exe R3 - URLSearchHook: MapQuest Toolbar Search Class - {2558d83c-097c-4cf1-9163-ce5ecc36ace2} - C:\Program Files\MapQuest Toolbar\mapquesttb.dll R3 - URLSearchHook: Free Tools Toolbar - {de6ae2bc-6ef1-4b9c-a9fe-4c4e0d45b63d} - C:\Program Files\StartPagePro\tbSta0.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll O2 - BHO: CBIEBuddy - {A412E581-59B2-485E-834F-C5F0C0268C79} - C:\Program Files\Kingsoft\PowerWord Lite\CBEBand.dll O2 - BHO: MapQuest Toolbar Loader - {bd3fd433-147a-482e-a192-614f26e2310c} - C:\Program Files\MapQuest Toolbar\mapquesttb.dll O2 - BHO: Recfree toolbar helper - {D286E828-E6B9-484d-A058-D7323666DE33} - C:\Program Files\RecFree.com\RecFreeToolbar\1.3.10.0\escort.dll O2 - BHO: Free Tools Toolbar - {de6ae2bc-6ef1-4b9c-a9fe-4c4e0d45b63d} - C:\Program Files\StartPagePro\tbSta0.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Free Tools Toolbar - {de6ae2bc-6ef1-4b9c-a9fe-4c4e0d45b63d} - C:\Program Files\StartPagePro\tbSta0.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: MapQuest Toolbar - {9302e698-7e00-43ab-b867-c6e759bc2ada} - C:\Program Files\MapQuest Toolbar\mapquesttb.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: RecFree Toolbar - {0508F8F1-08E3-43EE-AAA8-09AD09803084} - C:\Program Files\RecFree.com\RecFreeToolbar\1.3.10.0\escorTlbr.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [StartupFaster] "C:\Program Files\Startup Faster 2004\strpfstcfg.exe" -run -SFAURUN -SFCURUN -SFAUSTARTUP -SFCUSTARTUP O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user') O4 - Startup: StartupFaster O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: StartupFaster O4 - Global Startup: 谷歌金山词霸合作版.lnk = C:\Program Files\Kingsoft\PowerWord Lite\XDict.exe O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm O8 - Extra context menu item: 使用UUSee下载 - C:\Program Files\uusee\geturltodown.htm O8 - Extra context menu item: 使用UUSee加速播放 - C:\Program Files\uusee\geturltoplay.htm O8 - Extra context menu item: 有道搜索(&Y) - res://C:\Program Files\Yodao\Toolbar\ydtbv2.20.0011.4000\YodaoToolbar.dll/158.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe O9 - Extra button: oü?ìêó?μ???÷ - {998A88A0-A355-809B-831C-B83A80000991} - http://www.henkuai.com/?from=iebannel (file missing) O9 - Extra 'Tools' menuitem: oü?ìêó?μ???÷ - {998A88A0-A355-809B-831C-B83A80000991} - http://www.henkuai.com/?from=iebannel (file missing) O9 - Extra button: ???ˉUUSee í???μ?êó - {998A88A0-A355-809B-831C-B83A80000992} - C:\Program Files\uusee\UUSeePlayer.exe O9 - Extra 'Tools' menuitem: ???ˉUUSee í???μ?êó - {998A88A0-A355-809B-831C-B83A80000992} - C:\Program Files\uusee\UUSeePlayer.exe O9 - Extra button: ?eé?′ê°??ˉàà?÷à? - {A412E581-59B2-485E-834F-C5F0C0268C79} - C:\Program Files\Kingsoft\PowerWord Lite\CBEBand.dll O9 - Extra 'Tools' menuitem: ?eé?′ê°??ˉàà?÷à? - {A412E581-59B2-485E-834F-C5F0C0268C79} - C:\Program Files\Kingsoft\PowerWord Lite\CBEBand.dll O9 - Extra button: HP ???ü???? - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll O13 - Gopher Prefix: O15 - ESC Trusted Zone: http://*.update.microsoft.com O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O16 - DPF: {87587503-20F0-4FF5-8DA3-0107C4C03FDC} (vmLaunch Class) - http://downloads.comcast.net/videomail/vmLauncher.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 16640 bytes

Rusheng View Member Profile	Oct 31 2009, 03:22 PM Post #6
Authentic Member Group: Authentic Member Posts: 23 Joined: 22-October 09 Member No.: 88,485 Operating System: WindowsVista	Malwarebytes' Anti-Malware 1.41 Database version: 3028 Windows 6.0.6002 Service Pack 2 10/31/2009 2:19:00 PM mbam-log-2009-10-31 (14-19-00).txt Scan type: Full Scan (C:\\|D:\\|E:\\|) Objects scanned: 305427 Time elapsed: 2 hour(s), 20 minute(s), 33 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

Rusheng View Member Profile	Oct 31 2009, 03:23 PM Post #7
Authentic Member Group: Authentic Member Posts: 23 Joined: 22-October 09 Member No.: 88,485 Operating System: WindowsVista	thanks mschroe919 ：）

mschroe919 View Member Profile	Nov 1 2009, 12:27 AM Post #8
basic Group: Malware Team Posts: 2,815 Joined: 12-January 05 From: Michigan Member No.: 22,799 Operating System: XP HOME	Hi rusheng sorry I got back so late FIRST: I don't see any anti virus running as well as your zone alarm isn't showing that it is running as well. NEXT: Make sure Internet Explorer isn't open Run hijackthis again. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these: (Not to worry if not there) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: MapQuest Toolbar Loader - {bd3fd433-147a-482e-a192-614f26e2310c} - C:\Program Files\MapQuest Toolbar\mapquesttb.dll O2 - BHO: Recfree toolbar helper - {D286E828-E6B9-484d-A058-D7323666DE33} - C:\Program Files\RecFree.com\RecFreeToolbar\1.3.10.0\escort.dll O2 - BHO: Free Tools Toolbar - {de6ae2bc-6ef1-4b9c-a9fe-4c4e0d45b63d} - C:\Program Files\StartPagePro\tbSta0.dll O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL O3 - Toolbar: Free Tools Toolbar - {de6ae2bc-6ef1-4b9c-a9fe-4c4e0d45b63d} - C:\Program Files\StartPagePro\tbSta0.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: MapQuest Toolbar - {9302e698-7e00-43ab-b867-c6e759bc2ada} - C:\Program Files\MapQuest Toolbar\mapquesttb.dll O3 - Toolbar: RecFree Toolbar - {0508F8F1-08E3-43EE-AAA8-09AD09803084} - C:\Program Files\RecFree.com\RecFreeToolbar\1.3.10.0\escorTlbr.dll O4 - Startup: StartupFaster O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: StartupFaster O4 - Global Startup: 谷歌金山词霸合作版.lnk = C:\Program Files\Kingsoft\PowerWord Lite\XDict.exe O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: 使用UUSee下载 - C:\Program Files\uusee\geturltodown.htm O8 - Extra context menu item: 使用UUSee加速播放 - C:\Program Files\uusee\geturltoplay.htm O8 - Extra context menu item: 有道搜索(&Y) - res://C:\Program Files\Yodao\Toolbar\ydtbv2.20.0011.4000\YodaoToolbar.dll/158.htm O9 - Extra button: oü?ìêó?μ???÷ - {998A88A0-A355-809B-831C-B83A80000991} - http://www.henkuai.com/?from=iebannel (file missing) O9 - Extra 'Tools' menuitem: oü?ìêó?μ???÷ - {998A88A0-A355-809B-831C-B83A80000991} - http://www.henkuai.com/?from=iebannel O13 - Gopher Prefix:(file missing) Close ALL windows and browsers except HijackThis and click []b]Fix checked[/b] Then reboot NEXT: After reboot You have a lot of tool bars running some do tend to direct your visiting sites. As you see with the fixing of the 08 items this should stop them for a while. I would suggest you go to add/remove and remove the tool bars you don't realy need. Most people get all the tool bars as they download a program, with out noticing there is a box checked saying also download a givin toolbar reboot and post a HijackThis log......And Please Let Me Know how you computer is doing good luck mschroe919

Rusheng View Member Profile	Nov 3 2009, 05:28 PM Post #9
Authentic Member Group: Authentic Member Posts: 23 Joined: 22-October 09 Member No.: 88,485 Operating System: WindowsVista	Hi mschore919, I have a Norton virus installed in my computer; not sure why or how it does not run at the start up. can you please advise me? I have done everything according to your instruction and will post hijackthis log shortly after. Thanks again! Rusheng This post has been edited by Rusheng: Nov 3 2009, 05:35 PM

Rusheng View Member Profile	Nov 3 2009, 05:47 PM Post #10
Authentic Member Group: Authentic Member Posts: 23 Joined: 22-October 09 Member No.: 88,485 Operating System: WindowsVista	Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:45:15 PM, on 11/3/2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18828) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe C:\Program Files\CursorXP\CursorXP.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Active Keys\akeys.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Users\Rusheng\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Startup Faster 2004\sfAgent.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R3 - URLSearchHook: MapQuest Toolbar Search Class - {2558d83c-097c-4cf1-9163-ce5ecc36ace2} - (no file) R3 - URLSearchHook: (no name) - {de6ae2bc-6ef1-4b9c-a9fe-4c4e0d45b63d} - (no file) R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll O2 - BHO: CBIEBuddy - {A412E581-59B2-485E-834F-C5F0C0268C79} - C:\Program Files\Kingsoft\PowerWord Lite\CBEBand.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [StartupFaster] "C:\Program Files\Startup Faster 2004\strpfstcfg.exe" -run -SFAURUN -SFCURUN -SFAUSTARTUP -SFCUSTARTUP O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user') O4 - Startup: StartupFaster O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe O9 - Extra button: ???ˉUUSee í???μ?êó - {998A88A0-A355-809B-831C-B83A80000992} - C:\Program Files\uusee\UUSeePlayer.exe O9 - Extra 'Tools' menuitem: ???ˉUUSee í???μ?êó - {998A88A0-A355-809B-831C-B83A80000992} - C:\Program Files\uusee\UUSeePlayer.exe O9 - Extra button: ?eé?′ê°??ˉàà?÷à? - {A412E581-59B2-485E-834F-C5F0C0268C79} - C:\Program Files\Kingsoft\PowerWord Lite\CBEBand.dll O9 - Extra 'Tools' menuitem: ?eé?′ê°??ˉàà?÷à? - {A412E581-59B2-485E-834F-C5F0C0268C79} - C:\Program Files\Kingsoft\PowerWord Lite\CBEBand.dll O9 - Extra button: HP ???ü???? - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll O15 - ESC Trusted Zone: http://*.update.microsoft.com O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O16 - DPF: {87587503-20F0-4FF5-8DA3-0107C4C03FDC} (vmLaunch Class) - http://downloads.comcast.net/videomail/vmLauncher.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 14057 bytes

mschroe919 View Member Profile	Nov 3 2009, 10:03 PM Post #11
basic Group: Malware Team Posts: 2,815 Joined: 12-January 05 From: Michigan Member No.: 22,799 Operating System: XP HOME	Hi rusheng, NEXT: To see why Norton isn't running at startup do this: Click on the start up globe Then when opens you will see the search box There type in the word msconfig an click ok Then a msconfig box will open Click on the startup box on top look at all the stuff listed and see if norton is listed there and Has a check in a little box next to it Let me know what you find. ALSO you must have missed my requests for let me know how your pc is doing. Please let me know thank you mschroe919

Rusheng View Member Profile	Nov 4 2009, 07:29 PM Post #12
Authentic Member Group: Authentic Member Posts: 23 Joined: 22-October 09 Member No.: 88,485 Operating System: WindowsVista	Hi Mschroe960, thanks for your continuing help! First of all, I could not find Norton from msconfig- startup box; it has something else listed there though, for example, start upfaster and other unchecked ones. My computer now is running very good except that Ad-Aware repeatedly caught three spyware even after spyware removal and rebooting the system many times. Thanks again! Rusheng

Rusheng View Member Profile	Nov 4 2009, 07:37 PM Post #13
Authentic Member Group: Authentic Member Posts: 23 Joined: 22-October 09 Member No.: 88,485 Operating System: WindowsVista	Also, I am traveling at the moment and using wireless connection from unknown "unsecured connection"; would that put my computer in danger at all? What could that be? Thanks very much again!

mschroe919 View Member Profile	Nov 5 2009, 04:43 PM Post #14
basic Group: Malware Team Posts: 2,815 Joined: 12-January 05 From: Michigan Member No.: 22,799 Operating System: XP HOME	Hi NEXT: Open hjt again, then click on open misc tools section then click on gererate startuplist log, click yes on message window This will opem notepad with a list, please Copy and paste that log here. QUOTE My computer now is running very good except that Ad-Aware repeatedly caught three spyware even after spyware removal and rebooting the system many times. Please post here what the spywares are. And when it finds them do you have the option to delete them or quarentine them? if you quarentine them do the go into a vauly? Also when the show up again do you get the location of them? I am thinking that you Ad-Aware might be reading them in the vault where they are in. NEXT Download and scan with SUPERAntiSpyware get it HERE: Double-click SUPERAntiSpyware.exe and use the default settings for installation. An icon will be created on your desktop. Double-click that icon to launch the program. If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from HERE: Under "Configuration and Preferences" click the Preferences button. Click the Scanning Control tab. Under Scanner Options make sure the following are checked (leave all others unchecked): Close browsers before scanning Scan for tracking cookies. Terminate memory threats before quarantining. Click the "Close" button to leave the control center screen and exit the program. Now reboot into Safe Mode: How to enter safe mode Using the F8 Method Restart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with an Advanced Options menu. Select the option for Safe Mode using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. Perform the scan...Launch the program Back on the main screen, under "Scan for Harmful Software" click Scan your computer. On the left, make sure you check C:\Fixed Drive. On the right, under "Complete Scan", choose Perform Complete Scan. Click "Next" to start the scan. Please be patient while it scans your computer. After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK". Make sure everything has a checkmark next to it and click "Next". A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu. If asked if you want to reboot, click "Yes". To retrieve the removal information after reboot, launch SUPERAntispyware again. Click Preferences, then click the Statistics/Logs tab. Under Scanner Logs, double-click SUPERAntiSpyware Scan Log. If there are several logs, click the current dated log and press View log. A text file will open in your default text editor. Please copy and paste the Scan Log results in your next reply. Click Close to exit the program. QUOTE I am traveling at the moment and using wireless connection from unknown "unsecured connection"; would that put my computer in danger at all? What could that be? On an unsecured connection, a person cannot access your hard drive but rather there is a shared directory on the network that is viewable to all computers on the network. The only danger is that, being an unsecured network, details sent over it are not encrypted (unless explicitly stated such as an https site) so people could sniff packets coming from you to get FTP/SMTP/POP3 passwords. Those things are still possible though on a secure network but it would take an attacker around 30 minutes to sniff enough packets to decrypt them. mschroe919

Rusheng View Member Profile	Nov 7 2009, 01:48 PM Post #15
Authentic Member Group: Authentic Member Posts: 23 Joined: 22-October 09 Member No.: 88,485 Operating System: WindowsVista	StartupList report, 11/7/2009, 11:46:10 AM StartupList version: 1.52.2 Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE Detected: Windows Vista SP2 (WinNT 6.00.1906) Detected: Internet Explorer v8.00 (8.00.6001.18828) * Using default options ================================================== Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\CursorXP\CursorXP.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Active Keys\akeys.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Startup Faster 2004\sfAgent.exe C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Users\Rusheng\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Rusheng\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Raxco\PerfectDisk10\PerfectDisk.exe -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\Windows\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run StartupFaster = "C:\Program Files\Startup Faster 2004\strpfstcfg.exe" -run -SFAURUN -SFCURUN -SFAUSTARTUP -SFCUSTARTUP -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run [OptionalComponents] = [StartupFaster] No values found -------------------------------------------------- Shell & screensaver key from C:\Windows\SYSTEM.INI: Shell=INI section not found SCRNSAVE.EXE=INI section not found drivers=INI section not found Shell & screensaver key from Registry: Shell=explorer.exe SCRNSAVE.EXE=C:\Windows\DREAMA~1.SCR drivers=Registry value not found Policies Shell key: HKCU\..\Policies: Shell=Registry key not found HKLM\..\Policies: Shell=Registry value not found -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll - {02478D38-C3F9-4efb-9B51-7695ECA05670} (no name) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (no name) - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll - {3049C3E9-B461-4BC5-8870-4C09146192CA} NCO 2.0 IE BHO - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} Symantec Intrusion Prevention - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} RoboForm - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll - {724d43a9-0d85-11d4-9908-00400523e39a} (no name) - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6} Babylon IE plugin - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} CBIEBuddy - C:\Program Files\Kingsoft\PowerWord Lite\CBEBand.dll - {A412E581-59B2-485E-834F-C5F0C0268C79} (no name) - C:\Program Files\Windows Live\Toolbar\wltcore.dll - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -------------------------------------------------- Enumerating Task Scheduler jobs: GoogleUpdateTaskUserS-1-5-21-2298868915-570432474-2787161315-1000Core.job GoogleUpdateTaskUserS-1-5-21-2298868915-570432474-2787161315-1000UA.job User_Feed_Synchronization-{EB7C435D-A3BF-4FE7-8557-E4916E55F695}.job -------------------------------------------------- Enumerating Download Program Files: [HP Download Manager] InProcServer32 = C:\Windows\Downloaded Program Files\HPDEXAXO.dll CODEBASE = https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab [vmLaunch Class] InProcServer32 = C:\Windows\system32\vmlauncher0107.dll CODEBASE = http://downloads.comcast.net/videomail/vmLauncher.cab [Shockwave Flash Object] InProcServer32 = C:\Windows\system32\Macromed\Flash\Flash9f.ocx CODEBASE = http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #1: C:\Windows\system32\NLAapi.dll NameSpace #2: C:\Windows\system32\napinsp.dll NameSpace #3: C:\Windows\system32\pnrpnsp.dll NameSpace #4: C:\Windows\system32\pnrpnsp.dll NameSpace #5: C:\Program Files\Bonjour\mdnsNSP.dll NameSpace #6: C:\Windows\system32\wshbth.dll Protocol #1: C:\PROGRA~1\SPEEDB~1\sblsp.dll Protocol #2: C:\PROGRA~1\SPEEDB~1\sblsp.dll Protocol #3: C:\PROGRA~1\SPEEDB~1\sblsp.dll Protocol #4: C:\PROGRA~1\SPEEDB~1\sblsp.dll Protocol #5: C:\PROGRA~1\SPEEDB~1\sblsp.dll Protocol #6: C:\PROGRA~1\SPEEDB~1\sblsp.dll Protocol #40: C:\PROGRA~1\SPEEDB~1\sblsp.dll -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: WebCheck: C:\Windows\System32\webcheck.dll -------------------------------------------------- End of report, 6,849 bytes Report generated in 0.172 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only

« Next Oldest · Infections Removal · Next Newest »

3 Pages

1 2 3 >

Closed Topic

Start new topic

Similar Topics

Similar Topics

Similar Topics

		Topic Title	Replies	Topic Starter	Views	Last Action
		Infections Removal [Resolved] Google redirect (via Firefox) 12	18	notaguru	161	Today, 01:41 PM Last post by: SweetTech
		Infections Removal Computer infected/browser problems	4	Helpless Oldie	61	Today, 01:07 PM Last post by: Helpless Oldie
		System Building & Upgrading Building a computer for the first time	6	Sabre	49	Today, 12:57 PM Last post by: Sabre
		Infections Removal Computer keep running	0	gjw43	13	Today, 08:31 AM Last post by: gjw43

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Time is now: 14th March 2010 - 02:58 PM

Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk.
Member site: Alliance of Security Analysis Professionals | UNITE Against Malware
Memory Forums | Auto Repair Forum
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy

Powered By IP.Board © 2010 IPS, Inc.