Jump to content

spyware cleanup


tim37
 Share

Recommended Posts

I started a previous topic because my PC became infected with Antivirus 2008. It was actually not entirely a bad thing because in the course of cleaning my PC, other infections were deleted. Then I assumed that our other PC was affected and followed the 2936 thread instructions. Here is the S&D report:

--- Search result list ---

Hint of the Day: Click the bar at the right of this to see more information! ()

FunWebProducts: [sBI $B71E4FFD] Program directory (Directory, fixed)

C:\Program Files\FunWebProducts\

MyWay.MyWebSearch: [sBI $51E6ABA2] Program directory (Directory, fixing failed)

C:\Program Files\MyWebSearch\

MyWay.MyWebSearch: [sBI $FE5C4FC1] Program directory (Directory, fixing failed)

C:\Program Files\MYWEBSEARCH\bar\1.bin

MyWay.MyWebSearch: [sBI $78882F84] Program directory (Directory, fixing failed)

C:\Program Files\MyWebSearch\bar

MyWay.MyWebSearch: [sBI $78882F84] Program directory (Directory, fixing failed)

C:\Program Files\MyWebSearch\SrchAstt

DoubleClick: Tracking cookie (Internet Explorer: Bethany) (Cookie, fixed)

Right Media: Tracking cookie (Internet Explorer: Bethany) (Cookie, fixed)

--- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) ---

2008-07-07 blindman.exe (1.0.0.8)

2008-07-07 SDFiles.exe (1.6.0.4)

2008-07-07 SDMain.exe (1.0.0.6)

2008-07-07 SDShred.exe (1.0.2.3)

2008-07-07 SDUpdate.exe (1.6.0.8)

2008-07-07 SDWinSec.exe (1.0.0.12)

2008-07-07 SpybotSD.exe (1.6.0.30)

2008-07-07 TeaTimer.exe (1.6.0.20)

2008-09-05 unins000.exe (51.49.0.0)

2008-07-07 Update.exe (1.6.0.7)

2008-07-07 advcheck.dll (1.6.1.12)

2007-04-02 aports.dll (2.1.0.0)

2008-06-14 DelZip179.dll (1.79.11.1)

2008-07-07 SDHelper.dll (1.6.0.12)

2008-06-19 sqlite3.dll

2008-07-07 Tools.dll (2.1.5.7)

2008-09-02 Includes\Adware.sbi (*)

2008-09-02 Includes\AdwareC.sbi (*)

2008-06-03 Includes\Cookies.sbi (*)

2008-09-02 Includes\Dialer.sbi (*)

2008-09-02 Includes\DialerC.sbi (*)

2008-07-23 Includes\HeavyDuty.sbi (*)

2008-09-02 Includes\Hijackers.sbi (*)

2008-09-02 Includes\HijackersC.sbi (*)

2008-09-02 Includes\Keyloggers.sbi (*)

2008-09-02 Includes\KeyloggersC.sbi (*)

2004-11-29 Includes\LSP.sbi (*)

2008-09-02 Includes\Malware.sbi (*)

2008-09-02 Includes\MalwareC.sbi (*)

2008-09-02 Includes\PUPS.sbi (*)

2008-09-02 Includes\PUPSC.sbi (*)

2007-11-07 Includes\Revision.sbi (*)

2008-06-18 Includes\Security.sbi (*)

2008-09-02 Includes\SecurityC.sbi (*)

2008-06-03 Includes\Spybots.sbi (*)

2008-06-03 Includes\SpybotsC.sbi (*)

2008-09-02 Includes\Spyware.sbi (*)

2008-09-02 Includes\SpywareC.sbi (*)

2008-06-03 Includes\Tracks.uti

2008-09-03 Includes\Trojans.sbi (*)

2008-09-02 Includes\TrojansC.sbi (*)

2008-03-04 Plugins\Chai.dll

2008-03-05 Plugins\Fennel.dll

2008-02-26 Plugins\Mate.dll

2007-12-24 Plugins\TCPIPAddress.dll

--- System information ---

Windows Vista (Build: 6001) Service Pack 1 (6.0.6001)

/ MSXML4SP2: Security update for MSXML4 SP2 (KB936181)

--- Startup entries list ---

Located: HK_LM:Run, Acer Assist Launcher

command: C:\Program Files\Acer Assist\launcher.exe

file: C:\Program Files\Acer Assist\launcher.exe

size: 1261568

MD5: 0C435E1492EA452354649D6C1D9A7281

Located: HK_LM:Run, Acer Product Registration

command: "C:\Program Files\Acer Registration\ACE1.exe" /startup

file: C:\Program Files\Acer Registration\ACE1.exe

size: 3166208

MD5: 9F74E40FC8F6D83DFE422431AB134E74

Located: HK_LM:Run, Acer Tour

command:

file:

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: HK_LM:Run, Acer Tour Reminder

command: C:\Acer\AcerTour\Reminder.exe

file: C:\Acer\AcerTour\Reminder.exe

size: 151552

MD5: 6FC62D5E53E2F1F004A10C5316EFBA0B

Located: HK_LM:Run, ALaunch

command: C:\ACERSW\AUDIT\ALAUNCH.EXE

file: C:\ACERSW\AUDIT\ALAUNCH.EXE

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: HK_LM:Run, ccApp

command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe

size: 115816

MD5: 25BE770865658CB79100117112819A7C

Located: HK_LM:Run, eRecoveryService

command:

file:

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: HK_LM:Run, Google Desktop Search

command: "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

file: C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

size: 29744

MD5: 5661660C40B14359C14641EEB2A32084

Located: HK_LM:Run, HotKeysCmds

command: C:\Windows\system32\hkcmd.exe

file: C:\Windows\system32\hkcmd.exe

size: 106496

MD5: BF3E01C18CE6CDEF16B0DF23E1DCF376

Located: HK_LM:Run, IgfxTray

command: C:\Windows\system32\igfxtray.exe

file: C:\Windows\system32\igfxtray.exe

size: 98304

MD5: 1C64DD02FDE078608549C62398DE2FEF

Located: HK_LM:Run, iTunesHelper

command: "C:\Program Files\iTunes\iTunesHelper.exe"

file: C:\Program Files\iTunes\iTunesHelper.exe

size: 267048

MD5: 04A9F0C58B170F30445BCC0683EF9FFC

Located: HK_LM:Run, LManager

command: C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE

file: C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE

size: 483328

MD5: 7A657BB5E406EBC7AD8FD099A54F3BB7

Located: HK_LM:Run, PCMService

command: "C:\Program Files\Acer\Acer Arcade\PCMService.exe"

file: C:\Program Files\Acer\Acer Arcade\PCMService.exe

size: 151552

MD5: 2862436E1CE0825B561EF37C2143C18A

Located: HK_LM:Run, Persistence

command: C:\Windows\system32\igfxpers.exe

file: C:\Windows\system32\igfxpers.exe

size: 81920

MD5: 8E899A1A7C4670CE4EC1337CBF989787

Located: HK_LM:Run, QuickTime Task

command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime

file: C:\Program Files\QuickTime\QTTask.exe

size: 413696

MD5: 6DF76965A0FB8237E9C3B3CAB9815EC2

Located: HK_LM:Run, RtHDVCpl

command: RtHDVCpl.exe

file: C:\Windows\RtHDVCpl.exe

size: 4186112

MD5: 32E4E820EDBD675009605F90DD97EE6C

Located: HK_LM:Run, SetPanel

command: C:\Acer\APanel\APanel.cmd

file: C:\Acer\APanel\APanel.cmd

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: HK_LM:Run, Symantec PIF AlertEng

command: "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

file: C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

size: 583048

MD5: 2D1389E05A807D956829F44BD4B60389

Located: HK_LM:Run, SynTPEnh

command: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

file: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

size: 815104

MD5: F98281EF23616F751FABE97A6EC5DBE6

Located: HK_LM:Run, Windows Defender

command: %ProgramFiles%\Windows Defender\MSASCui.exe -hide

file: C:\Program Files\Windows Defender\MSASCui.exe

size: 1008184

MD5: 0D392EDE3B97E0B3131B2F63EF1DB94E

Located: HK_LM:Run, XDc

command: C:\Program Files\Xtreme Desktop\xdc\startxdc.exe

file: C:\Program Files\Xtreme Desktop\xdc\startxdc.exe

size: 2496232

MD5: F47789E8FEE8CC9505D33BB1E360A498

Located: HK_LM:Run, YOP

command: C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart

file: C:\PROGRA~1\Yahoo!\YOP\yop.exe

size: 509224

MD5: 176A0FA6851AB08491AA4EFB4D0258EF

Located: HK_LM:RunOnce, SpybotSnD

command: "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck

file: C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

size: 4891472

MD5: 3B1B5D09D3C9C4CD39D4DB06ED7A0855

Located: HK_CU:Run, Sidebar

where: S-1-5-19...

command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem

file: C:\Program Files\Windows Sidebar\Sidebar.exe

size: 1233920

MD5: FD278E51A7D6F52D22FCE6C67E037AD6

Located: HK_CU:Run, WindowsWelcomeCenter

where: S-1-5-19...

command: rundll32.exe oobefldr.dll,ShowWelcomeCenter

file: C:\Windows\system32\oobefldr.dll

size: 2153472

MD5: 83E4A5435B0FA6AD0166722621A04725

Located: HK_CU:Run, Sidebar

where: S-1-5-20...

command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem

file: C:\Program Files\Windows Sidebar\Sidebar.exe

size: 1233920

MD5: FD278E51A7D6F52D22FCE6C67E037AD6

Located: HK_CU:Run, WindowsWelcomeCenter

where: S-1-5-20...

command: rundll32.exe oobefldr.dll,ShowWelcomeCenter

file: C:\Windows\system32\oobefldr.dll

size: 2153472

MD5: 83E4A5435B0FA6AD0166722621A04725

Located: HK_CU:Run, Acer Tour Reminder

where: S-1-5-21-2600728346-3050826308-2323720026-1000...

command:

file:

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: HK_CU:Run, Picasa Media Detector

where: S-1-5-21-2600728346-3050826308-2323720026-1000...

command: C:\Program Files\Picasa2\PicasaMediaDetector.exe

file: C:\Program Files\Picasa2\PicasaMediaDetector.exe

size: 443968

MD5: 03463803AE9386EB095FFFD8DD26B85B

Located: HK_CU:Run, Yahoo! Pager

where: S-1-5-21-2600728346-3050826308-2323720026-1000...

command: "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

file: C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

size: 4670704

MD5: 7CC91433496BAEB738A002DE3E3F6D9B

Located: HK_CU:RunOnce, SpybotDeletingB1550

where: S-1-5-21-2600728346-3050826308-2323720026-1000...

command: command /c del "C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe_old"

file: command /c del "C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: HK_CU:RunOnce, SpybotDeletingB6311

where: S-1-5-21-2600728346-3050826308-2323720026-1000...

command: command /c del "C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL_old"

file: command /c del "C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL_old"

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: HK_CU:RunOnce, SpybotDeletingB7783

where: S-1-5-21-2600728346-3050826308-2323720026-1000...

command: command /c del "C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL_old"

file: command /c del "C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL_old"

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: HK_CU:RunOnce, SpybotDeletingB7902

where: S-1-5-21-2600728346-3050826308-2323720026-1000...

command: command /c del "C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL_old"

file: command /c del "C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL_old"

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: HK_CU:RunOnce, SpybotDeletingD2266

where: S-1-5-21-2600728346-3050826308-2323720026-1000...

command: cmd /c del "C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe_old"

file: cmd /c del "C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: HK_CU:RunOnce, SpybotDeletingD3667

where: S-1-5-21-2600728346-3050826308-2323720026-1000...

command: cmd /c del "C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL_old"

file: cmd /c del "C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL_old"

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: HK_CU:RunOnce, SpybotDeletingD7419

where: S-1-5-21-2600728346-3050826308-2323720026-1000...

command: cmd /c del "C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL_old"

file: cmd /c del "C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL_old"

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: HK_CU:RunOnce, SpybotDeletingD9309

where: S-1-5-21-2600728346-3050826308-2323720026-1000...

command: cmd /c del "C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL_old"

file: cmd /c del "C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL_old"

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: Startup (common), Adobe Reader Speed Launch.lnk

where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...

command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

size: 29696

MD5: DEB88AEF013DD1EEFB462D7CAD642166

Located: Startup (common), Empowering Technology Launcher.lnk

where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...

command: C:\Acer\Empowering Technology\eAPLauncher.exe

file: C:\Acer\Empowering Technology\eAPLauncher.exe

size: 528384

MD5: C849D57292E58A9E1C55559930FD1082

Located: Startup (user), Yahoo! Widgets.lnk

where: C:\Users\Bethany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup...

command: C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

file: C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

size: 4742184

MD5: E98EA7471918E1987075815DC4C61001

Located: WinLogon, igfxcui

command: igfxdev.dll

file: igfxdev.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

--- Browser helper object list ---

{02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)

location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

BHO name:

CLSID name: Yahoo! Toolbar Helper

description: Yahoo Companion!

classification: Legitimate

known filename: Ycomp*_*_*_*.dll

info link: http://companion.yahoo.com/

info source: TonyKlein

Path: C:\Program Files\Yahoo!\Companion\Installs\cpn\

Long name: yt.dll

Short name:

Date (created): 12/26/2007 1:55:06 PM

Date (last access): 12/26/2007 1:55:06 PM

Date (last write): 11/29/2006 6:35:00 PM

Filesize: 436288

Attributes: archive

MD5: 3374C2A0344BE49368DC342329404B49

CRC32: D21F22AC

Version: 2006.11.29.1

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)

location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

BHO name:

CLSID name: AcroIEHlprObj Class

description: Adobe Acrobat reader

classification: Legitimate

known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll

info link: http://www.adobe.com/products/acrobat/readstep2.html

info source: TonyKlein

Path: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\

Long name: AcroIEHelper.dll

Short name: ACROIE~1.DLL

Date (created): 12/14/2004 3:56:50 AM

Date (last access): 4/10/2007 11:54:44 AM

Date (last write): 12/14/2004 3:56:50 AM

Filesize: 63136

Attributes: archive

MD5: 42729C3DE75A7A51FC6F9EF6546C9199

CRC32: 4D60BD07

Version: 7.0.0.1333

{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)

location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

BHO name:

CLSID name: Spybot-S&D IE Protection

description: Spybot-S&D IE Browser plugin

classification: Legitimate

known filename: SDhelper.dll

info link: http://spybot.eon.net.au/

info source: Patrick M. Kolla

Path: C:\Program Files\Spybot - Search & Destroy\

Long name: SDHelper.dll

Short name:

Date (created): 9/5/2008 5:40:14 PM

Date (last access): 9/5/2008 5:40:14 PM

Date (last write): 7/7/2008 9:41:58 AM

Filesize: 1562448

Attributes: archive

MD5: 32981ADE44D01EC2A9EBC2E311291707

CRC32: C2F522E6

Version: 1.6.0.12

{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} ()

location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

BHO name:

CLSID name:

--- ActiveX list ---

{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support)

DPF name:

CLSID name: Installation Support

Installer:

Codebase: C:\Program Files\Yahoo!\Common\Yinsthelper.dll

Path: C:\Program Files\Yahoo!\Common\

Long name: YInstHelper.dll

Short name: YINSTH~1.DLL

Date (created): 3/15/2007 9:49:04 PM

Date (last access): 4/8/2008 6:54:44 PM

Date (last write): 3/15/2007 9:49:04 PM

Filesize: 209448

Attributes: archive

MD5: 4380A4799E826AF03FD975B4A71E9268

CRC32: 423BF1F7

Version: 2007.3.15.1

--- Process list ---

PID: 2028 (1064) C:\Windows\system32\Dwm.exe

size: 81920

MD5: 59903071D7ACE6A02093C47E9E38AF97

PID: 2044 (1076) C:\Windows\system32\taskeng.exe

size: 169472

MD5: 5F109032CE46B7184ED9E50F9FE8489E

PID: 196 (2012) C:\Windows\Explorer.EXE

size: 2927104

MD5: FFA764631CB70A30065C12EF8E174F9F

PID: 2920 ( 196) C:\Windows\system32\runonce.exe

size: 38400

MD5: 9A6A653ADF28D9D69670B48F535E6B90

PID: 3112 (2920) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

size: 4891472

MD5: 3B1B5D09D3C9C4CD39D4DB06ED7A0855

PID: 0 ( 0) [system Process]

PID: 4 ( 0) System

PID: 420 ( 4) smss.exe

size: 64000

PID: 488 ( 476) csrss.exe

size: 6144

PID: 532 ( 476) wininit.exe

size: 96768

PID: 540 ( 524) csrss.exe

size: 6144

PID: 572 ( 524) winlogon.exe

size: 314880

PID: 620 ( 532) services.exe

size: 279040

PID: 632 ( 532) lsass.exe

size: 9728

PID: 640 ( 532) lsm.exe

size: 229888

PID: 800 ( 620) svchost.exe

size: 21504

PID: 860 ( 620) svchost.exe

size: 21504

PID: 1036 ( 620) svchost.exe

size: 21504

PID: 1064 ( 620) svchost.exe

size: 21504

PID: 1076 ( 620) svchost.exe

size: 21504

PID: 1148 (1036) audiodg.exe

size: 88064

PID: 1176 ( 620) SLsvc.exe

size: 2623488

PID: 1236 ( 620) svchost.exe

size: 21504

PID: 1380 ( 620) svchost.exe

size: 21504

PID: 1516 ( 620) ccSvcHst.exe

PID: 1596 ( 620) AppSvc32.exe

PID: 1732 ( 620) spoolsv.exe

size: 125952

PID: 1760 ( 620) svchost.exe

size: 21504

PID: 968 ( 620) agrsmsvc.exe

size: 9216

PID: 1140 ( 620) AppleMobileDeviceService.exe

PID: 1268 ( 620) AluSchedulerSvc.exe

PID: 1884 ( 620) mDNSResponder.exe

PID: 1972 ( 620) CLCapSvc.exe

PID: 1204 ( 620) ccSvcHst.exe

PID: 284 ( 620) CLMLServer.exe

PID: 2100 ( 620) LSSrvc.exe

PID: 2240 ( 620) MobilityService.exe

PID: 2308 ( 620) MWSSVC.EXE

PID: 2360 ( 620) svchost.exe

size: 21504

PID: 2388 ( 620) RichVideo.exe

PID: 2432 ( 620) svchost.exe

size: 21504

PID: 2460 ( 620) svchost.exe

size: 21504

PID: 2488 ( 620) SearchIndexer.exe

size: 302080

PID: 2636 ( 620) CLSched.exe

PID: 2644 (1064) WUDFHost.exe

size: 142336

PID: 2672 ( 620) eRecoveryService.exe

PID: 3228 (1076) taskeng.exe

size: 169472

PID: 2868 (1076) taskeng.exe

size: 169472

PID: 3300 ( 620) symlcsvc.exe

--- Browser start & search pages list ---

Spybot - Search & Destroy browser pages report, 9/6/2008 5:17:07 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page

C:\Windows\system32\blank.htm

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page

http://www.google.com

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar

http://www.google.com/ie

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page

http://www.google.com/

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL

http://www.google.com/ie

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant

http://www.google.com/ie

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@

http://www.google.com/keyword/%s

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page

%SystemRoot%\system32\blank.htm

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page

http://go.microsoft.com/fwlink/?LinkId=54896

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page

http://en.us.acer.yahoo.com

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL

http://en.us.acer.yahoo.com

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL

http://go.microsoft.com/fwlink/?LinkId=54896

--- Winsock Layered Service Provider list ---

Protocol 0: MSAFD Tcpip [TCP/IP]

GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP IP protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD Tcpip [*]

Protocol 1: MSAFD Tcpip [uDP/IP]

GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP IP protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD Tcpip [*]

Protocol 2: MSAFD Tcpip [RAW/IP]

GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP IP protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD Tcpip [*]

Protocol 3: MSAFD Tcpip [TCP/IPv6]

GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP IPv6 protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD Tcpip [*]

Protocol 4: MSAFD Tcpip [uDP/IPv6]

GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP IPv6 protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD Tcpip [*]

Protocol 5: MSAFD Tcpip [RAW/IPv6]

GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP IPv6 protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD Tcpip [*]

Protocol 6: RSVP TCPv6 Service Provider

GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP RVSP

DB filename: %SystemRoot%\system32\rsvpsp.dll

DB protocol: RSVP * Service Provider

Protocol 7: RSVP TCP Service Provider

GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP RVSP

DB filename: %SystemRoot%\system32\rsvpsp.dll

DB protocol: RSVP * Service Provider

Protocol 8: RSVP UDPv6 Service Provider

GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP RVSP

DB filename: %SystemRoot%\system32\rsvpsp.dll

DB protocol: RSVP * Service Provider

Protocol 9: RSVP UDP Service Provider

GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP RVSP

DB filename: %SystemRoot%\system32\rsvpsp.dll

DB protocol: RSVP * Service Provider

Protocol 10: MSAFD Irda [irDA]

GUID: {3972523D-2AF1-11D1-B655-00805F3642CC}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Infrared protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD Irda [irDA]

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CC9526A4-D5B9-49D5-BB6E-2E26BA943E9D}] SEQPACKET 0

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CC9526A4-D5B9-49D5-BB6E-2E26BA943E9D}] DATAGRAM 0

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E1795AE2-3E53-4AE2-8621-13E43020585F}] SEQPACKET 2

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E1795AE2-3E53-4AE2-8621-13E43020585F}] DATAGRAM 2

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{3ADDB9D5-C88F-4C0E-8D91-E6D17C6C821C}] SEQPACKET 4

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{3ADDB9D5-C88F-4C0E-8D91-E6D17C6C821C}] DATAGRAM 4

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{BFE06293-F0BC-4551-A233-3E65BFB949D1}] SEQPACKET 5

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{BFE06293-F0BC-4551-A233-3E65BFB949D1}] DATAGRAM 5

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{3C73C043-BE40-4486-883C-B393D21B78DA}] SEQPACKET 6

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{3C73C043-BE40-4486-883C-B393D21B78DA}] DATAGRAM 6

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{860D293B-D179-4339-A41F-3C80D2665B7A}] SEQPACKET 7

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{860D293B-D179-4339-A41F-3C80D2665B7A}] DATAGRAM 7

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 23: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{CC9526A4-D5B9-49D5-BB6E-2E26BA943E9D}] SEQPACKET 1

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 24: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{CC9526A4-D5B9-49D5-BB6E-2E26BA943E9D}] DATAGRAM 1

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 25: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{E1795AE2-3E53-4AE2-8621-13E43020585F}] SEQPACKET 3

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 26: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{E1795AE2-3E53-4AE2-8621-13E43020585F}] DATAGRAM 3

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Network Location Awareness Legacy (NLAv1) Namespace

GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}

Filename:

Description: Microsoft Windows NT/2k/XP name space provider

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: NLA-Namespace

Namespace Provider 1: E-mail Naming Shim Provider

GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}

Filename:

Namespace Provider 2: PNRP Cloud Namespace Provider

GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}

Filename:

Namespace Provider 3: PNRP Name Namespace Provider

GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}

Filename:

Namespace Provider 4: mdnsNSP

GUID: {B600E6E9-553B-4A19-8696-335E5C896153}

Filename: C:\Program Files\Bonjour\mdnsNSP.dll

Description: Apple Rendezvous protocol

DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll

DB protocol: mdnsNSP

Namespace Provider 5: Tcpip

GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}

Filename:

Description: Microsoft Windows NT/2k/XP TCP/IP name space provider

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: TCP/IP

Namespace Provider 6: NTDS

GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}

Filename: %SystemRoot%\System32\winrnr.dll

Description: Microsoft Windows NT/2k/XP name space provider

DB filename: %SystemRoot%\system32\winrnr.dll

DB protocol: NTDS

Link to post
Share on other sites

Here is the Malware report:

Malwarebytes' Anti-Malware 1.26

Database version: 1120

Windows 6.0.6001 Service Pack 1

9/6/2008 5:50:16 PM

mbam-log-2008-09-06 (17-50-16).txt

Scan type: Quick Scan

Objects scanned: 37552

Time elapsed: 5 minute(s), 40 second(s)

Memory Processes Infected: 1

Memory Modules Infected: 0

Registry Keys Infected: 19

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 5

Files Infected: 4

Memory Processes Infected:

C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Unloaded process successfully.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mywebsearchservice (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\mywebsearchservice (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mywebsearchservice (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\SrchAstt\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:

C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Windows\System32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\Internet Explorer\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Yes, the issues have been removed.

Here is the HiJack log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:41:26 PM, on 9/7/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\rundll32.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Acer\Acer Arcade\PCMService.exe

C:\Program Files\Launch Manager\QtZgAcer.EXE

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\Yahoo!\YOP\yop.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE

C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe

C:\Windows\system32\igfxext.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O1 - Hosts: ::1 localhost

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ALaunch] C:\ACERSW\AUDIT\ALAUNCH.EXE

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE

O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe

O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup

O4 - HKLM\..\Run: [setPanel] C:\Acer\APanel\APanel.cmd

O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [XDc] C:\Program Files\Xtreme Desktop\xdc\startxdc.exe

O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Empowering Technology Launcher.lnk = ?

O8 - Extra context menu item: &Search - ?p=ZC

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O13 - Gopher Prefix:

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: Google Desktop Manager 5.7.805.16405 (GoogleDesktopManager-051608-133132) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--

End of file - 8985 bytes

Link to post
Share on other sites

We need to disable your Microsoft Windows Defender Real-time Protection to prevent any interference with HijackThis.

  • Open Microsoft Windows Defender. Click Start, Programs, Windows Defender
  • Click on Tools, General Settings
  • Under Real-time protection options, unselect the Turn on real-time protection check box
  • Click Save

After all of the fixes are complete it is very important that you enable Real-time Protection again.

Please run HijackThis again and check the box next to the following entries:

O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)

O8 - Extra context menu item: &Search - ?p=ZC

Close all windows now except for hijackthis application's window, then click the Fix Checked button.

Reboot and post back a fresh HijackThis log. Advise how the system behaves now. Thanks!

Link to post
Share on other sites

I did as you asked -- here is the new file:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:38:54 PM, on 9/8/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\rundll32.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Acer\Acer Arcade\PCMService.exe

C:\Program Files\Launch Manager\QtZgAcer.EXE

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\Yahoo!\YOP\yop.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE

C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe

C:\Windows\system32\igfxext.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\SearchFilterHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O1 - Hosts: ::1 localhost

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ALaunch] C:\ACERSW\AUDIT\ALAUNCH.EXE

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE

O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe

O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup

O4 - HKLM\..\Run: [setPanel] C:\Acer\APanel\APanel.cmd

O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [XDc] C:\Program Files\Xtreme Desktop\xdc\startxdc.exe

O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Empowering Technology Launcher.lnk = ?

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O13 - Gopher Prefix:

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: Google Desktop Manager 5.7.805.16405 (GoogleDesktopManager-051608-133132) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--

End of file - 8832 bytes

Thank you for the help!

Link to post
Share on other sites

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to anyone of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic

in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.