#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2010
    Posts
    3
    Rep Power
    0

    Virus preventing use of Anti-virus software


    I've received help from this forum before with success, and have previously followed the "start here" thread when i've had infection issues.

    However i've managed to get a virus which has actually blocked all my antivirus software.

    I only the programs which are actually mention in that thread.

    - When I start windows, it states that there was a problem with Windows Defender and it cannot load.
    - It also gives the same message for "Google Installer" each time I start the PC.

    * I have ran CCleaner according to instructions.
    * I have ran ATF Cleaner according to instructions.

    * Malwarebytes will not load up.
    * SuperAntiSpyware will not load up.
    * Bitdefender loads up the website, but had trouble with installing the ActiveX and running it (not sure if this is another effect of the virus)

    * Hijack this works however so I have posted the log for this below.

    (In regards to Malwarebytes and SAP, I have read looked up the problem and found people suggesting that by simply changing a letter in the name of the .exe files, the virus will let the programs open, however they will not update due to the virus)

    I was going to try the above fix for the anti-virus/malware programs however I would rather follow the expert advice here.

    Thank you in advance for the help and advice.

    Oh finally, is Porthos still around? He was a tremendous help last time.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:25:27 PM, on 6/01/2010
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v8.00 (8.00.6001.18865)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\KWorld MultiMedia\HyperMedia\DTVR\Scheduled.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Orbitdownloader\orbitdm.exe
    C:\Program Files\Orbitdownloader\orbitnet.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\System32\notepad.exe
    C:\Program Files\Internet Explorer\Iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ()=3&tp=iehome&locale=en_au&c=83&bd=Presario&pf=cnnb
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = ()=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ()=3&tp=iehome&locale=en_au&c=83&bd=Presario&pf=cnnb
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = ()=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ()=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = ()=3&tp=iehome&locale=en_au&c=83&bd=Presario&pf=cnnb
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
    O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll
    O3 - Toolbar: FrostWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Center Agent] C:\Program Files\KWorld Multimedia\HyperMedia\DTVR\Scheduled.exe
    O4 - HKCU\..\Run: [settdebugx.exe] C:\Users\Lucy\AppData\Local\Temp\settdebugx.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-AU\local\search.html
    O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
    O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
    O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
    O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O13 - Gopher Prefix:
    O16 - DPF: {049A470D-F818-4E34-B14D-E4E237DADCF8} (CPlayFirstFashionDasControl Object) - ()
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Enchanted%20Katya%20-%20Mystery%20of%20the%20Lost%20Wizard/Images/stg_drm.ocx
    O16 - DPF: {195B4BBF-E1E4-4020-9773-0A8C6F65EA35} (CPlayFirstCookingDasControl Object) - ()
    O16 - DPF: {26E6B759-DEEB-42A1-A21C-78CD29098411} (CPlayFirstFitnessDasControl Object) - ()
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - ()
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - ()
    O16 - DPF: {6C7CAD20-85AA-475A-AC0D-303C4A9A69CE} (CPlayFirstGreatChocoControl Object) - ()
    O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} (GameHouse Games Player) - ()
    O16 - DPF: {7D492D61-303A-45C3-8A55-63449339943D} (CPlayFirstNightShiftControl Object) - ()
    O16 - DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} (Jolly Bear Games Player) - ()
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - ()
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - ()
    O16 - DPF: {C0C0CB9B-BFEB-47C2-90FA-BE9692875ADB} (CPlayFirstPetShopHopControl Object) - ()
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - ()
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Masters%20of%20Mystery%20-%20Crime%20of%20Fashion/Images/armhelper.ocx
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - ()
    O16 - DPF: {F135A813-7152-4532-AC8D-28AC2136DFC7} (CPlayFirstParkingDasControl Object) - ()
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - ()
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Update Service (gupdate1c95dddf33212f2) (gupdate1c95dddf33212f2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 11961 bytes
  2. #2
  3. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2009
    Location
    Hobart, Tasmania
    Posts
    475
    Rep Power
    286
    From the look at that "selection" of wonderful applications, you are an avid downloader of "stuff" with little regard for the health of your PC.

    There are at least 3 nasties on your system including ArmHelper Control, Bear Share Media Bar, and stg_drm.ocx but there are probably others too.

    Use good old Google to find instructions on how to delete EVERYTHING you do not use. IE ... if you don't use it professionally or didn't buy it shrink wrapped ... get rid of it.

    Don't get suckered by all those anti-spyware programs ... they are simply spyware in a turtle-knecked jumper.

    In fact ... here's a good policy to follow to PREVENT this rubbish in the future ... STOP DOWNLOADING CRAP.

    When my 12 year old did this to the lounge room PC ... I confiscated it and grounded him for two weeks. You are old enough to meter out your own punishment.

    Comments on this post

    • lucyhart1985 agrees : No points to offer i'm sorry, but a thanks to a fellow Aussie for helping out, none the less.
    Latery Matey
  4. #3
  5. They're coming to take me away

    Join Date
    Jan 2005
    Location
    Florida
    Posts
    5,103
    Rep Power
    5049
    Originally Posted by lucyhart1985
    (In regards to Malwarebytes and SAP, I have read looked up the problem and found people suggesting that by simply changing a letter in the name of the .exe files, the virus will let the programs open, however they will not update due to the virus)
    If you can get them to install, then run them (without updating). You can update after it somewhat disinfects.

    If you can't get them to install, try booting into Safe Mode to install and run.
  6. #4
  7. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2010
    Posts
    3
    Rep Power
    0
    Originally Posted by l8rm8e
    From the look at that "selection" of wonderful applications, you are an avid downloader of "stuff" with little regard for the health of your PC.

    There are at least 3 nasties on your system including ArmHelper Control, Bear Share Media Bar, and stg_drm.ocx but there are probably others too.

    Use good old Google to find instructions on how to delete EVERYTHING you do not use. IE ... if you don't use it professionally or didn't buy it shrink wrapped ... get rid of it.

    Don't get suckered by all those anti-spyware programs ... they are simply spyware in a turtle-knecked jumper.

    In fact ... here's a good policy to follow to PREVENT this rubbish in the future ... STOP DOWNLOADING CRAP.

    When my 12 year old did this to the lounge room PC ... I confiscated it and grounded him for two weeks. You are old enough to meter out your own punishment.
    Thank you for the advice. I share the computer with a somewhat safety ignorant person who downloads things and uses them for a day.

    The only program I use download wise is Orbit just to manage my Rapidshare downloads. The rest is unused rubbish which following your reminder, will all be cleaned off here asap.

    (for the bold type, getting a pesky virus is usually a good punishment)

    I will do what it takes to run Malwarebytes and SAP and try to do a bit of cleaning also, and post back to see how we can go with getting rid of whatever is on here.
  8. #5
  9. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2010
    Posts
    3
    Rep Power
    0
    Okay here is an update regarding this problem.. It was very disheartening.

    * I cleaned up a lot of the programs on here and got back about 65% of my hard-drive (Was down to about 10%)

    * Ran Malbytes but it didn't detect anything.
    * Ran SuperAntiSpyware and it detect a couple of cookie tracking things but it has always done that. No other problem.

    As my Malbytes wasn't able to update, I downloaded the latest version on another computer then installed on this PC.

    I ran this latest version of Malbytes and it did detect and remove a few things. Log posted at bottom. I then ran SuperAntiSpyware and this picked up a few things from memory which it fixed.

    I decided to ran Malbytes another time just to confirm everything was gone, and that's when the problems started. Mid way through the scan it had already detected the same problems as with the original scan, but then the computer just turned itself off. After trying to restart and having the computer turn off each time it tried to go into windows, it came up with a screen saying that my startup was ruined and restoring to a previous date may help. I did this and Windows went back to a working state.

    I have since backed up all essential documents etc from my PC which I want to keep, incase of another crash.

    Here are the logs for your reference, and a latest hijack this log as hopefully some of the junk I deleted is gone and didn't come back when the system had to restore.

    ((I think it can be assumed that these removed objects are still on the PC, as when I ran the Malbytes the second time, these came up again before the crash))

    Malwarebytes' Anti-Malware 1.44
    Database version: 3510
    Windows 6.0.6001 Service Pack 1
    Internet Explorer 7.0.6001.18000

    8/01/2010 8:15:40 PM
    mbam-log-2010-01-08 (20-15-40).txt

    Scan type: Quick Scan
    Objects scanned: 98193
    Time elapsed: 7 minute(s), 26 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 1
    Registry Keys Infected: 1
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 2

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    \\?\globalroot\systemroot\System32\H8SRTbfbmcpsmhp.dll (Trojan.Vundo) -> Delete on reboot.

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT (Rootkit.TDSS) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\settdebugx.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    \\?\globalroot\systemroot\System32\H8SRTbfbmcpsmhp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Windows\System32\krl32mainweq.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.



    ((This I don't think is the 100% updated version of SAS, however I can download and run newest version upon instruction))
    SUPERAntiSpyware Scan Log


    Generated 01/08/2010 at 09:40 PM

    Application Version : 4.33.1000

    Core Rules Database Version : 4459
    Trace Rules Database Version: 2280

    Scan type : Complete Scan
    Total Scan Time : 01:10:49

    Memory items scanned : 681
    Memory threats detected : 0
    Registry items scanned : 7478
    Registry threats detected : 0
    File items scanned : 39752
    File threats detected : 14

    Adware.Tracking Cookie
    C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\lucy@serving-sys[2].txt
    C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\lucy@clickbank[1].txt
    C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\lucy@media.sensis.com[1].txt
    C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\lucy@bs.serving-sys[1].txt
    C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\lucy@atdmt[1].txt
    C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\lucy@ads.basrv[2].txt
    C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\lucy@tnswvisitnswdev.122.2o7[1].txt
    C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\lucy@imrworldwide[2].txt
    C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\lucy@lifeevents.112.2o7[1].txt
    C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\lucy@doubleclick[2].txt
    C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\lucy@clickpayz3.91452.blueseek[2].txt
    C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\lucy@overture[1].txt
    C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\lucy@stableclick.285-new.blueseek[2].txt

    Rogue.SmartProtector
    C:\Windows\system32\srcr.dat


    ((Bare in mind I did try to remove those stupid Ask.com toolbars etc, but the system restore may have effected that. I also had quite a bit of trouble removing Internet Explorer as you suggested. I managed to move back to an earlier version but had trouble from there... Should I leave this on anyway to run Bitdefender?))

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:27:44 PM, on 18/01/2010
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v8.00 (8.00.6001.18865)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\KWorld MultiMedia\HyperMedia\DTVR\Scheduled.exe
    C:\Windows\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = =3&tp=iehome&locale=en_au&c=83&bd=Presario&pf=cnnb
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = =54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = =3&tp=iehome&locale=en_au&c=83&bd=Presario&pf=cnnb
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = =54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = =54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = =3&tp=iehome&locale=en_au&c=83&bd=Presario&pf=cnnb
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
    O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll
    O3 - Toolbar: FrostWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
    O4 - HKCU\..\Run: [Center Agent] C:\Program Files\KWorld Multimedia\HyperMedia\DTVR\Scheduled.exe
    O4 - HKCU\..\Run: [settdebugx.exe] C:\Users\Lucy\AppData\Local\Temp\settdebugx.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-AU\local\search.html
    O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
    O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
    O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
    O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O13 - Gopher Prefix:
    O16 - DPF: {049A470D-F818-4E34-B14D-E4E237DADCF8} (CPlayFirstFashionDasControl Object) -
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Enchanted%20Katya%20-%20Mystery%20of%20the%20Lost%20Wizard/Images/stg_drm.ocx
    O16 - DPF: {195B4BBF-E1E4-4020-9773-0A8C6F65EA35} (CPlayFirstCookingDasControl Object) -
    O16 - DPF: {26E6B759-DEEB-42A1-A21C-78CD29098411} (CPlayFirstFitnessDasControl Object) -
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) -
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
    O16 - DPF: {6C7CAD20-85AA-475A-AC0D-303C4A9A69CE} (CPlayFirstGreatChocoControl Object) -
    O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} (GameHouse Games Player) -
    O16 - DPF: {7D492D61-303A-45C3-8A55-63449339943D} (CPlayFirstNightShiftControl Object) -
    O16 - DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} (Jolly Bear Games Player) -
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) -
    O16 - DPF: {C0C0CB9B-BFEB-47C2-90FA-BE9692875ADB} (CPlayFirstPetShopHopControl Object) -
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Masters%20of%20Mystery%20-%20Crime%20of%20Fashion/Images/armhelper.ocx
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
    O16 - DPF: {F135A813-7152-4532-AC8D-28AC2136DFC7} (CPlayFirstParkingDasControl Object) -
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) -
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
    O23 - Service: Google Update Service (gupdate1c95dddf33212f2) (gupdate1c95dddf33212f2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 12049 bytes



    Thank you very much again for your assistance.
  10. #6
  11. No Profile Picture
    Permanently Banned
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2006
    Posts
    277
    Rep Power
    0
    Most reputable anti spyware systems also provide you with a link to download the newest definitions. They're familiar with the fact that it sometimes disables network connections or you would rather distribute an update with a single download.

    Spybot, for example, offers their includes right below the link for the main download.
  12. #7
  13. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2010
    Posts
    1
    Rep Power
    0
    Hello everyone,

    can someone tell me which is the best place to get free antivirus.
  14. #8
  15. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2010
    Posts
    31
    Rep Power
    5
    free antivirus: try to find avg antivirus in google.com
  16. #9
  17. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2010
    Posts
    31
    Rep Power
    5
    to lucyhart1985
    i would advise format your whole PC and get either norton or quickheal

IMN logo majestic logo threadwatch logo seochat tools logo