Hey guys,
I'm new here and i am really frustrated that my pc is slowing down completely as i have a bunch of trojan horses in my com which are although quarantined by norton is un identifable?that i really don't get and recently i deleted them for quarantine and i think i have actually made it worse.Any help here?Im suppose to dl Hijack this?
PoignantStory 0 Newbie Poster
PoignantStory 0 Newbie Poster
Oh sorry guys btw i have been running Trojan Remover,Windows Malicious Software remover tool,Spybot-Search and Destroy and Malwarebytes' Anti-Malware but to no avail =(
Here is the norton anti-virus risk log
Date and Time,Risk,Action,Filename,Risk Type,Original Location,Computer,User,Status,Current Location,Primary Action,Secondary Action,Logged By,Action Description
4/4/2010 1:33:55 PM,Tracking Cookies,Deleted,Unavailable,Trackware,Unavailable,ABRIAL-PC,abrial,Deleted,Deleted,Quarantine,Leave alone (log only),Manual scan,The file was deleted successfully.
1/4/2010 11:05:31 PM,Trojan Horse,Quarantined,DWHFAA3.tmp,File,c:\Users\abrial\AppData\Local\Temp\,ABRIAL-PC,abrial,Infected,Quarantine,Clean security risk,Quarantine,Manual scan,The file was quarantined successfully.
1/4/2010 11:03:26 PM,Trojan Horse,Quarantined,DWHE90.tmp,File,c:\Users\abrial\AppData\Local\Temp\,ABRIAL-PC,abrial,Infected,Quarantine,Clean security risk,Quarantine,Manual scan,The file was quarantined successfully.
1/4/2010 11:03:10 PM,Trojan Horse,Quarantined,DWHE658.tmp,File,c:\Users\abrial\AppData\Local\Temp\,ABRIAL-PC,abrial,Infected,Quarantine,Clean security risk,Quarantine,Manual scan,The file was quarantined successfully.
1/4/2010 11:02:48 PM,Trojan Horse,Quarantined,DWHCE84.tmp,File,c:\Users\abrial\AppData\Local\Temp\,ABRIAL-PC,abrial,Infected,Quarantine,Clean security risk,Quarantine,Manual scan,The file was quarantined successfully.
1/4/2010 11:02:35 PM,Trojan Horse,Quarantined,DWHBAA7.tmp,File,c:\Users\abrial\AppData\Local\Temp\,ABRIAL-PC,abrial,Infected,Quarantine,Clean security risk,Quarantine,Manual scan,The file was quarantined successfully.
1/4/2010 11:02:15 PM,Trojan Horse,Quarantined,DWHA6C9.tmp,File,c:\Users\abrial\AppData\Local\Temp\,ABRIAL-PC,abrial,Infected,Quarantine,Clean security risk,Quarantine,Manual scan,The file was quarantined successfully.
1/4/2010 11:02:01 PM,Trojan Horse,Quarantined,DWH8EF6.tmp,File,c:\Users\abrial\AppData\Local\Temp\,ABRIAL-PC,abrial,Infected,Quarantine,Clean security risk,Quarantine,Manual scan,The file was quarantined successfully.
1/4/2010 11:01:49 PM,Trojan Horse,Quarantined,DWH7B18.tmp,File,c:\Users\abrial\AppData\Local\Temp\,ABRIAL-PC,abrial,Infected,Quarantine,Clean security risk,Quarantine,Manual scan,The file was quarantined successfully.
1/4/2010 11:01:39 PM,Trojan Horse,Partial (Non Critical Failure),DWH78E.tmp,File,c:\Users\abrial\AppData\Local\Temp\,ABRIAL-PC,abrial,Infected,c:\Users\abrial\AppData\Local\Temp\,Clean security risk,Quarantine,Manual scan,Risk was partially removed.
1/4/2010 11:01:28 PM,Trojan Horse,Quarantined,DWH673A.tmp,File,c:\Users\abrial\AppData\Local\Temp\,ABRIAL-PC,abrial,Infected,Quarantine,Clean security risk,Quarantine,Manual scan,The file was quarantined successfully.
1/4/2010 11:01:13 PM,Trojan Horse,Quarantined,DWH535D.tmp,File,c:\Users\abrial\AppData\Local\Temp\,ABRIAL-PC,abrial,Infected,Quarantine,Clean security risk,Quarantine,Manual scan,The file was quarantined successfully.
1/4/2010 11:01:01 PM,Trojan Horse,Quarantined,DWH4E1F.tmp,File,c:\Users\abrial\AppData\Local\Temp\,ABRIAL-PC,abrial,Infected,Quarantine,Clean security risk,Quarantine,Manual scan,The file was quarantined successfully.
1/4/2010 11:00:48 PM,Trojan Horse,Quarantined,DWH3CA2.tmp,File,c:\Users\abrial\AppData\Local\Temp\,ABRIAL-PC,abrial,Infected,Quarantine,Clean security risk,Quarantine,Manual scan,The file was quarantined successfully.
1/4/2010 11:00:35 PM,Trojan Horse,Quarantined,DWH3A41.tmp,File,c:\Users\abrial\AppData\Local\Temp\,ABRIAL-PC,abrial,Infected,Quarantine,Clean security risk,Quarantine,Manual scan,The file was quarantined successfully.
1/4/2010 11:00:23 PM,Trojan Horse,Quarantined,DWH226E.tmp,File,c:\Users\abrial\AppData\Local\Temp\,ABRIAL-PC,abrial,Infected,Quarantine,Clean security risk,Quarantine,Manual scan,The file was quarantined successfully.
1/4/2010 10:53:53 PM,Trojan Horse,Quarantined,APQ891B.tmp,File,c:\ProgramData\Symantec\SRTSP\Quarantine\,ABRIAL-PC,abrial,Infected,Quarantine,Clean security risk,Quarantine,Manual scan,The file was quarantined successfully.
1/4/2010 10:53:46 PM,Trojan Horse,Quarantined,APQ88CC.tmp,File,c:\ProgramData\Symantec\SRTSP\Quarantine\,ABRIAL-PC,abrial,Infected,Quarantine,Clean security risk,Quarantine,Manual scan,The file was quarantined successfully.
1/4/2010 10:53:40 PM,Trojan Horse,Quarantined,APQ888D.tmp,File,c:\ProgramData\Symantec\SRTSP\Quarantine\,ABRIAL-PC,abrial,Infected,Quarantine,Clean security risk,Quarantine,Manual scan,The file was quarantined successfully.
1/4/2010 10:53:33 PM,Trojan Horse,Quarantined,APQ885D.tmp,File,c:\ProgramData\Symantec\SRTSP\Quarantine\,ABRIAL-PC,abrial,Infected,Quarantine,Clean security risk,Quarantine,Manual scan,The file was quarantined successfully.
1/4/2010 10:53:26 PM,Trojan Horse,Quarantined,APQ882D.tmp,File,c:\ProgramData\Symantec\SRTSP\Quarantine\,ABRIAL-PC,abrial,Infected,Quarantine,Clean security risk,Quarantine,Manual scan,The file was quarantined successfully.
1/4/2010 10:51:30 PM,Trojan Horse,Quarantined,APQ8742.tmp,File,c:\ProgramData\Symantec\SRTSP\Quarantine\,ABRIAL-PC,abrial,Infected,Quarantine,Clean security risk,Quarantine,Manual scan,The file was quarantined successfully.
1/4/2010 10:51:22 PM,Trojan Horse,Quarantined,APQ8722.tmp,File,c:\ProgramData\Symantec\SRTSP\Quarantine\,ABRIAL-PC,abrial,Infected,Quarantine,Clean security risk,Quarantine,Manual scan,The file was quarantined successfully.
1/4/2010 10:51:13 PM,Trojan Horse,Quarantined,APQ86F2.tmp,File,c:\ProgramData\Symantec\SRTSP\Quarantine\,ABRIAL-PC,abrial,Infected,Quarantine,Clean security risk,Quarantine,Manual scan,The file was quarantined successfully.
1/4/2010 10:51:04 PM,Trojan Horse,Quarantined,APQ86B3.tmp,File,c:\ProgramData\Symantec\SRTSP\Quarantine\,ABRIAL-PC,abrial,Infected,Quarantine,Clean security risk,Quarantine,Manual scan,The file was quarantined successfully.
1/4/2010 10:50:57 PM,Trojan Horse,Quarantined,APQ8693.tmp,File,c:\ProgramData\Symantec\SRTSP\Quarantine\,ABRIAL-PC,abrial,Infected,Quarantine,Clean security risk,Quarantine,Manual scan,The file was quarantined successfully.
1/4/2010 10:50:45 PM,Trojan Horse,Quarantined,APQ8663.tmp,File,c:\ProgramData\Symantec\SRTSP\Quarantine\,ABRIAL-PC,abrial,Infected,Quarantine,Clean security risk,Quarantine,Manual scan,The file was quarantined successfully.
1/4/2010 10:50:37 PM,Trojan Horse,Quarantined,APQ8643.tmp,File,c:\ProgramData\Symantec\SRTSP\Quarantine\,ABRIAL-PC,abrial,Infected,Quarantine,Clean security risk,Quarantine,Manual scan,The file was quarantined successfully.
1/4/2010 10:50:28 PM,Trojan Horse,Quarantined,APQ8535.tmp,File,c:\ProgramData\Symantec\SRTSP\Quarantine\,ABRIAL-PC,abrial,Infected,Quarantine,Clean security risk,Quarantine,Manual scan,The file was quarantined successfully.
1/4/2010 10:50:16 PM,Trojan Horse,Quarantined,APQ8603.tmp,File,c:\ProgramData\Symantec\SRTSP\Quarantine\,ABRIAL-PC,abrial,Infected,Quarantine,Clean security risk,Quarantine,Manual scan,The file was quarantined successfully.
1/4/2010 10:50:04 PM,Trojan Horse,Quarantined,APQ84A7.tmp,File,c:\ProgramData\Symantec\SRTSP\Quarantine\,ABRIAL-PC,abrial,Infected,Quarantine,Clean security risk,Quarantine,Manual scan,The file was quarantined successfully.
1/4/2010 10:49:44 PM,Trojan Horse,Quarantined,APQ8584.tmp,File,c:\ProgramData\Symantec\SRTSP\Quarantine\,ABRIAL-PC,abrial,Infected,Quarantine,Clean security risk,Quarantine,Manual scan,The file was quarantined successfully.
1/4/2010 10:49:36 PM,Trojan Horse,Quarantined,APQ85C4.tmp,File,c:\ProgramData\Symantec\SRTSP\Quarantine\,ABRIAL-PC,abrial,Infected,Quarantine,Clean security risk,Quarantine,Manual scan,The file was quarantined successfully.
1/4/2010 10:49:19 PM,Trojan Horse,Quarantined,APQ84D7.tmp,File,c:\ProgramData\Symantec\SRTSP\Quarantine\,ABRIAL-PC,abrial,Infected,Quarantine,Clean security risk,Quarantine,Manual scan,The file was quarantined successfully.
1/4/2010 10:18:42 PM,Tracking Cookies,Deleted,Unavailable,Trackware,Unavailable,ABRIAL-PC,abrial,Deleted,Deleted,Quarantine,Leave alone (log only),Manual scan,The file was deleted successfully.
27/3/2010 1:13:03 AM,Tracking Cookie,Deleted,Unavailable,Trackware,Unavailable,ABRIAL-PC,abrial,Deleted,Deleted,Quarantine,Leave alone (log only),Manual scan,The file was deleted successfully.
27/3/2010 12:35:26 AM,Tracking Cookie,Deleted,Unavailable,Trackware,Unavailable,ABRIAL-PC,abrial,Deleted,Deleted,Quarantine,Leave alone (log only),Manual scan,The file was deleted successfully.
26/3/2010 9:12:21 PM,Trojan Horse,Quarantined,DWH6D24.tmp,File,C:\Users\abrial\AppData\Local\Temp\,ABRIAL-PC,abrial,Infected,Quarantine,Clean security risk,Quarantine,Auto-Protect scan,The file was quarantined successfully.
26/3/2010 9:11:44 PM,Trojan Horse,Quarantined,DWH5FFA.tmp,File,C:\Users\abrial\AppData\Local\Temp\,ABRIAL-PC,abrial,Infected,Quarantine,Clean security risk,Quarantine,Auto-Protect scan,The file was quarantined successfully.
26/3/2010 9:11:01 PM,Trojan Horse,Quarantined,DWH59B3.tmp,File,C:\Users\abrial\AppData\Local\Temp\,ABRIAL-PC,abrial,Infected,Quarantine,Clean security risk,Quarantine,Auto-Protect scan,The file was quarantined successfully.
26/3/2010 9:10:19 PM,Trojan Horse,Quarantined,DWH558E.tmp,File,C:\Users\abrial\AppData\Local\Temp\,ABRIAL-PC,abrial,Infected,Quarantine,Clean security risk,Quarantine,Auto-Protect scan,The file was quarantined successfully.
26/3/2010 9:09:38 PM,Trojan Horse,Quarantined,DWH4C0D.tmp,File,C:\Users\abrial\AppData\Local\Temp\,ABRIAL-PC,abrial,Infected,Quarantine,Clean security risk,Quarantine,Auto-Protect scan,The file was quarantined successfully.
26/3/2010 9:08:55 PM,Trojan Horse,Quarantined,DWH4614.tmp,File,C:\Users\abrial\AppData\Local\Temp\,ABRIAL-PC,abrial,Infected,Quarantine,Clean security risk,Quarantine,Auto-Protect scan,The file was quarantined successfully.
26/3/2010 9:08:10 PM,Trojan Horse,Quarantined,DWH3E09.tmp,File,C:\Users\abrial\AppData\Local\Temp\,ABRIAL-PC,abrial,Infected,Quarantine,Clean security risk,Quarantine,Auto-Protect scan,The file was quarantined successfully.
26/3/2010 9:07:23 PM,Trojan Horse,Quarantined,DWH385E.tmp,File,C:\Users\abrial\AppData\Local\Temp\,ABRIAL-PC,abrial,Infected,Quarantine,Clean security risk,Quarantine,Auto-Protect scan,The file was quarantined successfully.
26/3/2010 9:06:36 PM,Trojan Horse,Quarantined,DWH2E8E.tmp,File,C:\Users\abrial\AppData\Local\Temp\,ABRIAL-PC,abrial,Infected,Quarantine,Clean security risk,Quarantine,Auto-Protect scan,The file was quarantined successfully.
26/3/2010 9:05:44 PM,Trojan Horse,Quarantined,DWH2A3B.tmp,File,C:\Users\abrial\AppData\Local\Temp\,ABRIAL-PC,abrial,Infected,Quarantine,Clean security risk,Quarantine,Auto-Protect scan,The file was quarantined successfully.
26/3/2010 9:04:56 PM,Trojan Horse,Quarantined,DWH249F.tmp,File,C:\Users\abrial\AppData\Local\Temp\,ABRIAL-PC,abrial,Infected,Quarantine,Clean security risk,Quarantine,Auto-Protect scan,The file was quarantined successfully.
26/3/2010 9:04:03 PM,Trojan Horse,Quarantined,DWH16DA.tmp,File,C:\Users\abrial\AppData\Local\Temp\,ABRIAL-PC,abrial,Infected,Quarantine,Clean security risk,Quarantine,Auto-Protect scan,The file was quarantined successfully.
26/3/2010 9:03:10 PM,Trojan Horse,Quarantined,DWH1100.tmp,File,C:\Users\abrial\AppData\Local\Temp\,ABRIAL-PC,abrial,Infected,Quarantine,Clean security risk,Quarantine,Auto-Protect scan,The file was quarantined successfully.
26/3/2010 9:01:34 PM,Trojan Horse,Pending
Analysis,DWHFF45.tmp,File,C:\Users\abrial\AppData\Local\Temp\,ABRIAL-PC,abrial,Infected,C:\Users\abrial\AppData\Local\Temp\,Clean security risk,Quarantine,Auto-Protect scan,
26/3/2010 9:01:34 PM,Trojan Horse,Pending Analysis,DWHFD61.tmp,File,C:\Users\abrial\AppData\Local\Temp\,ABRIAL-PC,abrial,Infected,C:\Users\abrial\AppData\Local\Temp\,Clean security risk,Quarantine,Auto-Protect scan,
26/3/2010 9:01:34 PM,Trojan Horse,Pending Analysis,DWHF20B.tmp,File,C:\Users\abrial\AppData\Local\Temp\,ABRIAL-PC,abrial,Infected,C:\Users\abrial\AppData\Local\Temp\,Clean security risk,Quarantine,Auto-Protect scan,
26/3/2010 9:01:34 PM,Trojan Horse,Pending Analysis,DWHE7BF.tmp,File,C:\Users\abrial\AppData\Local\Temp\,ABRIAL-PC,abrial,Infected,C:\Users\abrial\AppData\Local\Temp\,Clean security risk,Quarantine,Auto-Protect scan,
26/3/2010 9:01:34 PM,Trojan Horse,Pending Analysis,DWHE56E.tmp,File,C:\Users\abrial\AppData\Local\Temp\,ABRIAL-PC,abrial,Infected,C:\Users\abrial\AppData\Local\Temp\,Clean security risk,Quarantine,Auto-Protect scan,
26/3/2010 9:01:33 PM,Trojan Horse,Pending Analysis,DWHD22D.tmp,File,C:\Users\abrial\AppData\Local\Temp\,ABRIAL-PC,abrial,Infected,C:\Users\abrial\AppData\Local\Temp\,Clean security risk,Quarantine,Auto-Protect scan,
26/3/2010 9:01:33 PM,Trojan Horse,Pending Analysis,DWHCDE8.tmp,File,C:\Users\abrial\AppData\Local\Temp\,ABRIAL-PC,abrial,Infected,C:\Users\abrial\AppData\Local\Temp\,Clean security risk,Quarantine,Auto-Protect scan,
26/3/2010 9:01:33 PM,Trojan Horse,Pending Analysis,DWHBAA7.tmp,File,C:\Users\abrial\AppData\Local\Temp\,ABRIAL-PC,abrial,Infected,C:\Users\abrial\AppData\Local\Temp\,Clean security risk,Quarantine,Auto-Protect scan,
26/3/2010 9:01:33 PM,Trojan Horse,Pending Analysis,DWHB5D6.tmp,File,C:\Users\abrial\AppData\Local\Temp\,ABRIAL-PC,abrial,Infected,C:\Users\abrial\AppData\Local\Temp\,Clean security risk,Quarantine,Auto-Protect scan,
26/3/2010 9:01:33 PM,Trojan Horse,Pending Analysis,DWHB402.tmp,File,C:\Users\abrial\AppData\Local\Temp\,ABRIAL-PC,abrial,Infected,C:\Users\abrial\AppData\Local\Temp\,Clean security risk,Quarantine,Auto-Protect scan,
26/3/2010 9:01:33 PM,Trojan Horse,Pending Analysis,DWHA321.tmp,File,C:\Users\abrial\AppData\Local\Temp\,ABRIAL-PC,abrial,Infected,C:\Users\abrial\AppData\Local\Temp\,Clean security risk,Quarantine,Auto-Protect scan,
26/3/2010 9:01:33 PM,Trojan Horse,Pending Analysis,DWH9E41.tmp,File,C:\Users\abrial\AppData\Local\Temp\,ABRIAL-PC,abrial,Infected,C:\Users\abrial\AppData\Local\Temp\,Clean security risk,Quarantine,Auto-Protect scan,
26/3/2010 9:01:33 PM,Trojan Horse,Pending Analysis,DWH9C6D.tmp,File,C:\Users\abrial\AppData\Local\Temp\,ABRIAL-PC,abrial,Infected,C:\Users\abrial\AppData\Local\Temp\,Clean security risk,Quarantine,Auto-Protect scan,
26/3/2010 9:01:33 PM,Trojan Horse,Pending Analysis,DWH8B7C.tmp,File,C:\Users\abrial\AppData\Local\Temp\,ABRIAL-PC,abrial,Infected,C:\Users\abrial\AppData\Local\Temp\,Clean security risk,Quarantine,Auto-Protect scan,
26/3/2010 9:01:33 PM,Trojan Horse,Pending Analysis,DWH865E.tmp,File,C:\Users\abrial\AppData\Local\Temp\,ABRIAL-PC,abrial,Infected,C:\Users\abrial\AppData\Local\Temp\,Clean security risk,Quarantine,Auto-Protect scan,
26/3/2010 9:01:33 PM,Trojan Horse,Pending Analysis,DWH84E8.tmp,File,C:\Users\abrial\AppData\Local\Temp\,ABRIAL-PC,abrial,Infected,C:\Users\abrial\AppData\Local\Temp\,Clean security risk,Quarantine,Auto-Protect scan,
26/3/2010 9:01:33 PM,Trojan Horse,Pending Analysis,DWH73F7.tmp,File,C:\Users\abrial\AppData\Local\Temp\,ABRIAL-PC,abrial,Infected,C:\Users\abrial\AppData\Local\Temp\,Clean security risk,Quarantine,Auto-Protect scan,
26/3/2010 9:01:33 PM,Trojan Horse,Pending Analysis,DWH7139.tmp,File,C:\Users\abrial\AppData\Local\Temp\,ABRIAL-PC,abrial,Infected,C:\Users\abrial\AppData\Local\Temp\,Clean security risk,Quarantine,Auto-Protect scan,
Edited by PoignantStory because: n/a
PoignantStory 0 Newbie Poster
Here is the HijackThis Log. Hope it helps!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:16:25 PM, on 4/4/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\System Control Manager\MGSysCtrl.exe
C:\MSI\Advanced Wheel Mouse\wh_exec.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\DacEasy\pvsw\W3DBSMGR.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msi.com.tw
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msi.com.tw
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - D:\PROGRA~1\FUCKIN~1\IEFlash.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - D:\Program Files\Hotspot Shield\hssie\HssIE.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [WheelMouse] C:\MSI\ADVANC~1\wh_exec.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NBAgent] "D:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [Memeo Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe --silent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdcBase.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TrojanScanner] D:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [mspaint] "C:\Windows\system32\Paint.exe" -autocheck
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "d:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [oovoo.exe] D:\Program Files\ooVoo\ooVoo.exe /minimized
O4 - HKCU\..\Run: [Eraser] D:\Program Files\Eraser\Eraser.exe -hide
O4 - HKCU\..\Run: [HostsServer] "D:\Program Files\HostsMan\hostssrv.exe" --start
O4 - HKCU\..\Run: [Google Update] "C:\Users\abrial\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; InfoPath.2; OfficeLiveConnector.1.4; OfficeLivePatch.0.0; .NET CLR 3.0.30729)" -"http://www.miniclip.com/games/beat-the-wall/en/"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Pervasive.SQL Workgroup Engine.lnk = C:\DacEasy\pvsw\W3DBSMGR.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} (Symantec Configuration Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - D:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - D:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
O23 - Service: Micro Star SCM - Unknown owner - C:\Program Files\System Control Manager\MSIService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
--
End of file - 13059 bytes
Dataken 0 Newbie Poster
Your screwed lol just joking. I remove virus and spyware for a living so I will give you a quick rundown. A lot of times it’s hard to get rid of these things when they’re running in the background.
So I would try removing them and run your cleaning programs in safe mode with networking. Once you’re in safe mode run malware bytes full scan. Then run spybot. Make sure there all up to date. Also in spybot run in advanced mode. Check on the startup program in spybot and remove anything that looks funny. If you know what spyware or virus is giving you problems you might see it in the start up or in add and remove programs.
Make sure to delete all temp internet file.
Sometimes it helps to turn off the restore feature in windows. Some virus will load again on start up. So with the restore feature turned off it won’t and then when you run all your cleaning programs you have a better chance of them working and getting your system completely clean. Then turn it back on.
Also I see your running Norton and it’s a good program but I use AVG free or paid. I have had clients that where running Norton but it was an older ver and I removed it loaded AVG and bam it found the virus right away and locked them down.
You can’t run both programs at the same time.
So run malewarebytes, spybot and AVG then run them again until they all say clean. This will take some time 4 to 6 hours.
All you really need are these three program. I don’t like to run any other programs or registry cleaners I don’t trust them. If you have any question shoot me an email <snip> Hope this helps you or any others out there with the same problem.
Edited by crunchie because: Snipped email address. Keep it on the site!
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
FYI, MBA-M is designed to run best in normal mode when it's drivers/services are running :).
We also do not recommend turning off system restore. A bad restore point is better than none when things go wrong.
Edited by crunchie because: n/a
Dataken 0 Newbie Poster
FYI, MBA-M is designed to run best in normal mode when it's drivers/services are running :).
We also do not recommend turning off system restore. A bad restore point is better than none when things go wrong.
I would run all the programs again in normal mode after running them in safe mode. It just helps to run in safe mode at first because some of the spyware or virus wont be running when in safe mode. I have a few computers that I use to remove virus's and I will hook up the infected hard drive as a slave and remove the spyware and virus's that way.
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
No problem with that. Just letting you know that MBA-M does not work as well in safe mode as is does in normal :).
PoignantStory 0 Newbie Poster
Hey Dataken and crunchie thanks so much for the replies =) really appreciate it! Im gonna try it out now and oh ya btw the i have been facing the blue screen a couple of times already.Could it be the virus causing the problem? My norton anti-virus also gets stuck at a point when i do a full system scan.
Hey really sorry, what do i do to remove the infected ones in quarantine?Recently i deleted them but it seems like i made it worse? They are in norton's quarantine!
Edited by PoignantStory because: n/a
PoignantStory 0 Newbie Poster
Both norton and avg gets stuck at this file and my whole pc just go hang mode when it reaches here C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}..=(
jholland1964 650 Posting Expert Team Colleague Featured Poster
Both norton and avg gets stuck at this file and my whole pc just go hang mode when it reaches here C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}..=(
What do you mean Norton and AVG? Those are both anti-virus programs. The absolute rule is ONE anti-virus program should run on a system NEVER two at the same time.
Dataken, am going to have to totally disagree concerning AVG, paid or free, it ranks near the bottom as far as Anti-virus programs go. But that said, one never should have two anti-virus programs running on the same computer.
PoignantStory you shouldn't be installing another anti-virus program while having another on the system and Norton at #7 has a much higher ranking than AVG which ranked 16th out of the 20 tested by av-comparatives.org
what do i do to remove the infected ones in quarantine?Recently i deleted them but it seems like i made it worse? They are in norton's quarantine!
They are fine in Quarantine. That means they are locked up, can do no harm. But to get files out of Quarantine, just empty Quarantine.
Edited by jholland1964 because: n/a
PoignantStory 0 Newbie Poster
Hey thanks for the reply so,when i delete them it;s wrong? Erm i ran in safe mode and ran each at a time .But they both including malware btye when ran got hang at a particular file.How do i solve this? Thank you in adcnace =(
jholland1964 650 Posting Expert Team Colleague Featured Poster
Hey thanks for the reply so,when i delete them it;s wrong? Erm i ran in safe mode and ran each at a time .But they both including malware btye when ran got hang at a particular file.How do i solve this? Thank you in adcnace =(
Sorry, but "shorthand" makes no sense here. What is it you are trying to ask and say?
Erm i ran in safe mode
When you said you
ran each at a time
I have to assume you mean you ran the scanning portion for each anti-virus program at a time....they BOTH run all the time, even when they are not scanning and both will conflict with each other. You should never have more than one anti-virus program on the same computer. Uninstall that AVG program and leave it off of there.
How long do these programs hang at that particular file? Do they never continue? Do you give it time to continue? If the file is large then it takes awhile to scan it. But remove that AVG.
Edited by jholland1964 because: n/a
PoignantStory 0 Newbie Poster
Hey thanks so much for the reply =),
Erm i meant i ran them both once at a time in safe mode and both got hang at a particular file and my whole pc just frozed.How do i solve that.=(
And i deleted the files which were trojan in the quarantine it means it's wrong to do that?
Thanks you,
Abrial
jholland1964 650 Posting Expert Team Colleague Featured Poster
Hey thanks so much for the reply =),
Erm i meant i ran them both once at a time in safe mode and both got hang at a particular file and my whole pc just frozed.How do i solve that.=(
And i deleted the files which were trojan in the quarantine it means it's wrong to do that?
Thanks you,
Abrial
Removing the Quarantine files was fine. But you MUST uninstall the AVG program immediately. What is the Full Name of the file where the scans stall?
Edited by jholland1964 because: n/a
PoignantStory 0 Newbie Poster
Oh,
Phew erm C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\_Setup.dll here.It stalls like forever and the com hangs.
tyvm
jholland1964 650 Posting Expert Team Colleague Featured Poster
Oh,
Phew erm C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\_Setup.dll here.It stalls like forever and the com hangs.
tyvm
That folder contains the Install Info for many of your programs. It may be quite large because of this. How long are you giving it before deciding the computer has frozen? You know even in Safe Mode these scans should take more than one hour.
Can you drop the acronyms and abbreviations please.
Edited by jholland1964 because: n/a
PoignantStory 0 Newbie Poster
I gave it 4 hours man!
jholland1964 650 Posting Expert Team Colleague Featured Poster
Go to http://virusscan.jotti.org/en
upload that file
C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\_Setup.dll
from your computer to that website. It will scan the file with 20 different scanners and give you a report on whether it is infected.
Post back here with the report.
PoignantStory 0 Newbie Poster
Filename: _Setup.dll
Status:
Scan finished. 0 out of 20 scanners reported malware.
Scan taken on: Fri 15 Jan 2010 23:24:52 (CET) Permalink
jholland1964 650 Posting Expert Team Colleague Featured Poster
Filename: _Setup.dll
Status:
Scan finished. 0 out of 20 scanners reported malware.
Scan taken on: Fri 15 Jan 2010 23:24:52 (CET) Permalink
You need to do it again. That was just the last time the scan was done on that particular file. It will give you the option to rescan YOUR file.
Edited by jholland1964 because: n/a
jholland1964 650 Posting Expert Team Colleague Featured Poster
Have you emptied ALL of your Temp Files as noted earlier?
PoignantStory 0 Newbie Poster
Yes,i did everything.
Filename: _Setup.dll
Status:
Scan finished. 0 out of 20 scanners reported malware.
Scan taken on: Mon 5 Apr 2010 23:41:56 (CET) Permalink
There! Thanks once again for your help.
Edited by PoignantStory because: n/a
jholland1964 650 Posting Expert Team Colleague Featured Poster
Well that's good, you know it is clean. It is just that one file that holds it all up?
PoignantStory 0 Newbie Poster
Well that's good, you know it is clean. It is just that one file that holds it all up?
Yes, it just hangs there.
jholland1964 650 Posting Expert Team Colleague Featured Poster
Did these stalls begin BEFORE the removals by your Norton program or after?
Try removing that ONE file and see if the stalling still happens.
PoignantStory 0 Newbie Poster
Did these stalls begin BEFORE the removals by your Norton program or after?
Try removing that ONE file and see if the stalling still happens.
Is it safe to delete those files?
jholland1964 650 Posting Expert Team Colleague Featured Poster
Is it safe to delete those files?
Safe to delete WHAT files? You didn't answer my previous question.
Did these stalls begin BEFORE the removals by your Norton program or after?
Edited by jholland1964 because: n/a
PoignantStory 0 Newbie Poster
Removals by my norton program? You mean the trojans i removed in the quarantine folder? Sorry for the late reply internet was down.
jholland1964 650 Posting Expert Team Colleague Featured Poster
Removals by my norton program? You mean the trojans i removed in the quarantine folder? Sorry for the late reply internet was down.
Yes, that is what I asked you
Did these stalls begin BEFORE the removals by your Norton program or AFTER the removals?
I really don't know how I can ask you this more clearly.
I want to also know what files you are talking about when you asked this:
Is it safe to delete those files?
PoignantStory 0 Newbie Poster
It stalled after the removals.The files where norton always stall?
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.