Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Random adware windows pop up, very slow computer.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Random adware windows pop up, very slow computer.

Unread postby Vitor » May 27th, 2009, 10:17 pm

This is my HJT file.
Thank you in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:14:24 PM, on 5/27/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\PLFSetI.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\VICTOR~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Users\Victor Rocha Sr\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\REIOHVNR\HijackThis[2].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\\PLFSetL.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MEMO LINK] "C:\ProgramData\BoneHeartHeart.943spi6"
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)" -"http://www.juegos.com/juego/number-karts.html"
O4 - Startup: WinMail - Shortcut.lnk = C:\Program Files\Windows Mail\WinMail.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - (no CLSID) - (no file)
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12400 bytes
Vitor
Regular Member
 
Posts: 25
Joined: April 18th, 2009, 12:08 am
Advertisement
Register to Remove

Re: Random adware windows pop up, very slow computer.

Unread postby MWR 3 day Mod » May 31st, 2009, 1:49 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Random adware windows pop up, very slow computer.

Unread postby Axephilic » May 31st, 2009, 2:29 pm

Welcome to the Malware Removal Forums! My name is Adam and I will be assisting you with getting the malware off of your computer. Please observe the following points before we start:
  1. If at any point you don't understand something, please let me know and I will be glad to explain or go more into depth for you. :)
  2. Please remember, I am a volunteer and I have a personal life. I go to school full time, have a part time job, and I do sports. A lot of this takes a lot of time.
  3. Please keep all of your replies in this topic/thread and do not make a new topic/thread, thanks!
  4. Please stick with this, don't stop responding because the symptoms are gone, the infection could still be there. Keep replying to my posts until I give you the All Clean message. ;)
  5. If you don't reply within five days after my last instructions this topic will be closed. If you will not be able to reply within five days please tell me so the topic will not be closed.
  6. Please do not run other tools to remove the malware unless I ask you to until I give you the all clean. They will just mess up my fixes and make things more complicated, not fix the problem.

Windows Vista Intructions
Since you are running Windows Vista, please make sure that all of the tools that I ask you to run are run by right clicking and selecting Run as administrator. This will ensure the correct functionality of the tools with Windows Vista compatibility.

I will post my first fix for you soon.

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: Random adware windows pop up, very slow computer.

Unread postby Axephilic » May 31st, 2009, 2:33 pm

Hi there,

Please navigate to the system tray on the bottom right hand corner and look for a Image sign.
  • Right-click it -> chose "Exit."
  • A popup will warn that protection will now be disabled. Click on "Yes" to disable the Antivirus guard.
You successfully disabled the McAfee Guard.

Run LOP S&D
Download Lop S&D by Eric_71 and save it to your desktop.
Lop S&D will only run on Windows XP and Windows Vista

Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D.
To see how to disable security programs visit this tutorial:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
You will need to disable following programs:
(list here)
  • Double-click Lop S&D.exe
  • Choose the language by typing of the corresponding letter and press Enter
  • Click OK at the informative window
  • Type 1, to choose Option 1 (Search) then press Enter
  • Wait until the end of the scan
  • A report will be generated, post the contents of it in your next reply.
(Copy of the report can be found at this location: %systemdrive%\lopR.txt, in most cases C:\lopR.txt)

In your next reply, please include:
  1. lopR.txt log
  2. A new HijackThis log

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: Random adware windows pop up, very slow computer.

Unread postby Vitor » May 31st, 2009, 11:20 pm

Thank you Adam.
I have a couple of changes. I no longer have McAffee. I now have Norton Antivirus.

Here's the LopR log:

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Home Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Celeron(R) CPU 560 @ 2.13GHz )
BIOS : Default System BIOS
USER : Victor Rocha Sr ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:50 Go (Free:18 Go)
D:\ (Local Disk) - NTFS - Total:49 Go (Free:49 Go)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Sun 05/31/2009|20:12 )

[ UAC => 1 ]

--------------------\\ Listing folders in Local

[12/18/2008|12:45] C:\Users\VICTOR~1\AppData\Local\<DIR> Acer Arcade Deluxe
[12/06/2008|07:24] C:\Users\VICTOR~1\AppData\Local\<DIR> acer eNM
[02/27/2009|11:35] C:\Users\VICTOR~1\AppData\Local\<DIR> Adobe
[12/06/2008|08:24] C:\Users\VICTOR~1\AppData\Local\<DIR> Apple
[12/06/2008|09:24] C:\Users\VICTOR~1\AppData\Local\<DIR> Apple Computer
[12/06/2008|07:21] C:\Users\VICTOR~1\AppData\Local\<JUNCTION> Application Data
[04/23/2009|04:11] C:\Users\VICTOR~1\AppData\Local\7,168 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[12/06/2008|07:24] C:\Users\VICTOR~1\AppData\Local\70,104 GDIPFONTCACHEV1.DAT
[04/29/2009|05:50] C:\Users\VICTOR~1\AppData\Local\<DIR> Google
[12/06/2008|07:21] C:\Users\VICTOR~1\AppData\Local\<JUNCTION> History
[05/30/2009|10:18] C:\Users\VICTOR~1\AppData\Local\2,006,503 IconCache.db
[05/29/2009|09:40] C:\Users\VICTOR~1\AppData\Local\<DIR> Microsoft
[12/06/2008|08:38] C:\Users\VICTOR~1\AppData\Local\<DIR> PlayMovie
[12/18/2008|12:44] C:\Users\VICTOR~1\AppData\Local\<DIR> PowerCinema
[05/31/2009|08:10] C:\Users\VICTOR~1\AppData\Local\<DIR> Temp
[12/06/2008|07:21] C:\Users\VICTOR~1\AppData\Local\<JUNCTION> Temporary Internet Files
[02/27/2009|11:35] C:\Users\VICTOR~1\AppData\Local\<DIR> VirtualStore

--------------------\\ Scheduled Tasks located in C:\Windows\Tasks

[05/31/2009 06:47 AM][--ah-----] C:\Windows\tasks\SA.DAT
[05/30/2009 10:19 PM][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing Folders in C:\ProgramData

[03/20/2008|10:28] C:\ProgramData\<DIR> {174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[12/06/2008|08:27] C:\ProgramData\<DIR> {3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[03/20/2008|10:07] C:\ProgramData\<DIR> Acer GameZone Console
[03/08/2009|12:26] C:\ProgramData\<DIR> Adobe
[12/06/2008|08:21] C:\ProgramData\<DIR> Apple
[12/06/2008|08:27] C:\ProgramData\<DIR> Apple Computer
[11/02/2006|06:02] C:\ProgramData\<JUNCTION> Application Data
[04/27/2009|05:13] C:\ProgramData\<DIR> Arcade Lab
[05/27/2009|07:04] C:\ProgramData\356,368 BoneHeartHeart.943spi6
[05/08/2009|06:18] C:\ProgramData\393,232 BoneHeartHeart.bnmj1
[04/03/2009|05:46] C:\ProgramData\344,080 BoneHeartHeart.oi2c2
[05/08/2009|06:18] C:\ProgramData\241,680 BoneHeartHeart.uqmg77
[05/08/2009|06:26] C:\ProgramData\<DIR> comp two long internet
[12/06/2008|08:15] C:\ProgramData\<DIR> CyberLink
[11/02/2006|06:02] C:\ProgramData\<JUNCTION> Desktop
[11/02/2006|06:02] C:\ProgramData\<JUNCTION> Documents
[05/08/2009|06:26] C:\ProgramData\<DIR> Error Second Dent
[05/25/2009|06:37] C:\ProgramData\56 ezsidmv.dat
[11/02/2006|06:02] C:\ProgramData\<JUNCTION> Favorites
[05/08/2009|06:26] C:\ProgramData\282,640 Flag Move Chic.rhrfi
[03/20/2008|09:58] C:\ProgramData\<DIR> FloodLightGames
[04/29/2009|05:50] C:\ProgramData\<DIR> GamesBar
[04/06/2009|11:11] C:\ProgramData\<DIR> Google
[07/29/2008|06:45] C:\ProgramData\<DIR> InstallShield
[05/25/2009|08:56] C:\ProgramData\<DIR> Malwarebytes
[05/29/2009|09:40] C:\ProgramData\<DIR> McAfee
[04/08/2009|11:46] C:\ProgramData\<DIR> Messenger Plus!
[04/02/2009|08:50] C:\ProgramData\<DIR> Microsoft
[05/17/2009|05:33] C:\ProgramData\<DIR> Microsoft Help
[05/29/2009|09:52] C:\ProgramData\<DIR> Norton
[05/29/2009|09:50] C:\ProgramData\<DIR> NortonInstaller
[04/11/2009|08:28] C:\ProgramData\<DIR> Oberon Games
[04/11/2009|08:52] C:\ProgramData\<DIR> PlayFirst
[04/03/2009|07:42] C:\ProgramData\<DIR> Sandlot Games
[12/07/2008|07:56] C:\ProgramData\<DIR> SiteAdvisor
[05/25/2009|06:32] C:\ProgramData\<DIR> Skype
[05/25/2009|07:44] C:\ProgramData\<DIR> Spybot - Search & Destroy
[11/02/2006|06:02] C:\ProgramData\<JUNCTION> Start Menu
[05/30/2009|02:47] C:\ProgramData\<DIR> Symantec
[05/03/2009|05:39] C:\ProgramData\<DIR> TEMP
[11/02/2006|06:02] C:\ProgramData\<JUNCTION> Templates
[02/27/2009|11:42] C:\ProgramData\<DIR> WindowsSearch
[04/02/2009|04:39] C:\ProgramData\<DIR> WLInstaller
[04/04/2009|12:09] C:\ProgramData\<DIR> Yahoo! Companion
[03/08/2009|12:16] C:\ProgramData\<DIR> ZoomBrowser

--------------------\\ Listing Folders in C:\Program Files

[12/06/2008|07:21] C:\Program Files\<DIR> Acer
[07/29/2008|06:52] C:\Program Files\<DIR> Acer Arcade Deluxe
[03/20/2008|10:07] C:\Program Files\<DIR> Acer GameZone
[07/29/2008|07:06] C:\Program Files\<DIR> Acer Inc
[03/20/2008|10:28] C:\Program Files\<DIR> Activation Assistant for the 2007 Microsoft Office suites
[03/08/2009|12:26] C:\Program Files\<DIR> Adobe
[07/29/2008|07:04] C:\Program Files\<DIR> Apoint2K
[12/06/2008|08:23] C:\Program Files\<DIR> Apple Software Update
[03/20/2008|10:07] C:\Program Files\<DIR> Big Kahuna Reef
[12/06/2008|08:25] C:\Program Files\<DIR> Bonjour
[03/08/2009|12:17] C:\Program Files\<DIR> Canon
[05/29/2009|10:23] C:\Program Files\<DIR> Circle Development
[05/29/2009|09:51] C:\Program Files\<DIR> Common Files
[03/20/2008|09:29] C:\Program Files\<DIR> CONEXANT
[03/20/2008|09:51] C:\Program Files\<DIR> CyberLink
[04/27/2009|05:12] C:\Program Files\<DIR> Gamenext
[05/25/2009|09:02] C:\Program Files\<DIR> GamesBar
[04/06/2009|08:49] C:\Program Files\<DIR> Google
[07/29/2008|07:03] C:\Program Files\<DIR> InstallShield Installation Information
[03/20/2008|09:20] C:\Program Files\<DIR> Intel
[04/15/2009|02:08] C:\Program Files\<DIR> Internet Explorer
[12/06/2008|08:27] C:\Program Files\<DIR> iPod
[12/06/2008|08:27] C:\Program Files\<DIR> iTunes
[07/29/2008|06:50] C:\Program Files\<DIR> Launch Manager
[05/28/2009|09:34] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[04/03/2009|05:45] C:\Program Files\<DIR> Messenger Plus! Live
[04/02/2009|08:53] C:\Program Files\<DIR> Microsoft
[11/02/2006|05:37] C:\Program Files\<DIR> Microsoft Games
[03/20/2008|10:27] C:\Program Files\<DIR> Microsoft Office
[04/03/2009|05:30] C:\Program Files\<DIR> Microsoft Silverlight
[04/02/2009|05:10] C:\Program Files\<DIR> Microsoft SQL Server Compact Edition
[04/02/2009|08:51] C:\Program Files\<DIR> Microsoft Sync Framework
[04/02/2009|05:53] C:\Program Files\<DIR> Microsoft Works
[03/20/2008|10:24] C:\Program Files\<DIR> Microsoft.NET
[01/20/2008|07:35] C:\Program Files\<DIR> Movie Maker
[11/02/2006|05:37] C:\Program Files\<DIR> MSBuild
[12/06/2008|07:48] C:\Program Files\<DIR> MSXML 4.0
[03/20/2008|09:39] C:\Program Files\<DIR> NewTech Infosystems
[05/29/2009|09:50] C:\Program Files\<DIR> Norton Internet Security
[05/29/2009|09:50] C:\Program Files\<DIR> NortonInstaller
[04/27/2009|05:12] C:\Program Files\<DIR> Oberon Media
[02/27/2009|10:57] C:\Program Files\<DIR> Okidata
[12/06/2008|08:25] C:\Program Files\<DIR> QuickTime
[03/20/2008|09:25] C:\Program Files\<DIR> Realtek
[11/02/2006|05:37] C:\Program Files\<DIR> Reference Assemblies
[05/25/2009|06:32] C:\Program Files\<DIR> Skype
[05/25/2009|09:05] C:\Program Files\<DIR> Spybot - Search & Destroy
[07/29/2008|06:45] C:\Program Files\<DIR> SuYin
[05/29/2009|09:51] C:\Program Files\<DIR> Symantec
[12/06/2008|07:54] C:\Program Files\<DIR> The Learning Company
[11/02/2006|06:01] C:\Program Files\<DIR> Uninstall Information
[01/20/2008|07:35] C:\Program Files\<DIR> Windows Calendar
[01/20/2008|07:35] C:\Program Files\<DIR> Windows Collaboration
[01/20/2008|07:35] C:\Program Files\<DIR> Windows Defender
[01/20/2008|07:35] C:\Program Files\<DIR> Windows Journal
[04/02/2009|08:53] C:\Program Files\<DIR> Windows Live
[04/02/2009|05:07] C:\Program Files\<DIR> Windows Live Favorites
[04/02/2009|08:44] C:\Program Files\<DIR> Windows Live SkyDrive
[04/02/2009|08:51] C:\Program Files\<DIR> Windows Live Toolbar
[05/17/2009|05:18] C:\Program Files\<DIR> Windows Mail
[03/11/2009|01:31] C:\Program Files\<DIR> Windows Media Player
[11/02/2006|05:37] C:\Program Files\<DIR> Windows NT
[01/20/2008|07:35] C:\Program Files\<DIR> Windows Photo Gallery
[01/20/2008|07:35] C:\Program Files\<DIR> Windows Sidebar
[03/20/2008|10:13] C:\Program Files\<DIR> Yahoo!

--------------------\\ Listing Folders in C:\Program Files\Common Files

[03/08/2009|12:26] C:\Program Files\Common Files\<DIR> Adobe
[12/06/2008|08:27] C:\Program Files\Common Files\<DIR> Apple
[03/08/2009|12:12] C:\Program Files\Common Files\<DIR> Canon
[03/20/2008|10:24] C:\Program Files\Common Files\<DIR> DESIGNER
[07/29/2008|06:45] C:\Program Files\Common Files\<DIR> InstallShield
[03/20/2008|09:38] C:\Program Files\Common Files\<DIR> LightScribe
[04/02/2009|05:58] C:\Program Files\Common Files\<DIR> microsoft shared
[03/20/2008|09:38] C:\Program Files\Common Files\<DIR> muvee Technologies
[03/20/2008|09:39] C:\Program Files\Common Files\<DIR> NewTech Infosystems
[04/27/2009|05:12] C:\Program Files\Common Files\<DIR> Oberon Media
[11/02/2006|04:18] C:\Program Files\Common Files\<DIR> Services
[05/25/2009|06:32] C:\Program Files\Common Files\<DIR> Skype
[07/29/2008|06:46] C:\Program Files\Common Files\<DIR> snp2uvc
[11/02/2006|04:18] C:\Program Files\Common Files\<DIR> SpeechEngines
[05/29/2009|10:23] C:\Program Files\Common Files\<DIR> Symantec Shared
[01/20/2008|07:35] C:\Program Files\Common Files\<DIR> System
[04/02/2009|08:21] C:\Program Files\Common Files\<DIR> Windows Live
[04/02/2009|04:43] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller

--------------------\\ Process

( 88 Processes )

iexplore.exe ~ [PID:4380]
iexplore.exe ~ [PID:5072]
iexplore.exe ~ [PID:1320]

--------------------\\ Searching with S_Lop

C:\ProgramData\BoneHeartHeart.bnmj1
C:\ProgramData\BoneHeartHeart.oi2c2
C:\ProgramData\Flag Move Chic.rhrfi
C:\ProgramData\BoneHeartHeart.uqmg77
C:\ProgramData\BoneHeartHeart.943spi6

--------------------\\ Searching for Lop Files - Folders

C:\ProgramData\comp two long internet
C:\ProgramData\comp two long internet\curb find.dat
C:\ProgramData\comp two long internet\curb find.exe

--------------------\\ Searching within the Registry

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MEMO LINK"="\"C:\\ProgramData\\BoneHeartHeart.943spi6\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-31 20:12:19
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections


No other infections found !

[F:662][D:53]-> C:\Users\VICTOR~1\AppData\Local\Temp
[F:30][D:1]-> C:\Users\VICTOR~1\AppData\Roaming\MICROS~1\Windows\Cookies
[F:41][D:4]-> C:\Users\VICTOR~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:2][D:2]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - Sun 05/31/2009|20:13 - Option : [1]

--------------------\\ Scan completed at 20:13:43
[ UAC => 1 ]




Here's the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:19:53 PM, on 5/31/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\PLFSetI.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\VICTOR~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Victor Rocha Sr\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/av ... x_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\\PLFSetL.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MEMO LINK] "C:\ProgramData\BoneHeartHeart.943spi6"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)" -"http://www.juegos.com/juego/number-karts.html"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: WinMail - Shortcut.lnk = C:\Program Files\Windows Mail\WinMail.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O18 - Protocol: skype4com - (no CLSID) - (no file)
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11962 bytes
Vitor
Regular Member
 
Posts: 25
Joined: April 18th, 2009, 12:08 am

Re: Random adware windows pop up, very slow computer.

Unread postby Vitor » May 31st, 2009, 11:20 pm

Thank you Adam.
I have a couple of changes. I no longer have McAffee. I now have Norton Antivirus.

Here's the LopR log:

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Home Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Celeron(R) CPU 560 @ 2.13GHz )
BIOS : Default System BIOS
USER : Victor Rocha Sr ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:50 Go (Free:18 Go)
D:\ (Local Disk) - NTFS - Total:49 Go (Free:49 Go)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Sun 05/31/2009|20:12 )

[ UAC => 1 ]

--------------------\\ Listing folders in Local

[12/18/2008|12:45] C:\Users\VICTOR~1\AppData\Local\<DIR> Acer Arcade Deluxe
[12/06/2008|07:24] C:\Users\VICTOR~1\AppData\Local\<DIR> acer eNM
[02/27/2009|11:35] C:\Users\VICTOR~1\AppData\Local\<DIR> Adobe
[12/06/2008|08:24] C:\Users\VICTOR~1\AppData\Local\<DIR> Apple
[12/06/2008|09:24] C:\Users\VICTOR~1\AppData\Local\<DIR> Apple Computer
[12/06/2008|07:21] C:\Users\VICTOR~1\AppData\Local\<JUNCTION> Application Data
[04/23/2009|04:11] C:\Users\VICTOR~1\AppData\Local\7,168 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[12/06/2008|07:24] C:\Users\VICTOR~1\AppData\Local\70,104 GDIPFONTCACHEV1.DAT
[04/29/2009|05:50] C:\Users\VICTOR~1\AppData\Local\<DIR> Google
[12/06/2008|07:21] C:\Users\VICTOR~1\AppData\Local\<JUNCTION> History
[05/30/2009|10:18] C:\Users\VICTOR~1\AppData\Local\2,006,503 IconCache.db
[05/29/2009|09:40] C:\Users\VICTOR~1\AppData\Local\<DIR> Microsoft
[12/06/2008|08:38] C:\Users\VICTOR~1\AppData\Local\<DIR> PlayMovie
[12/18/2008|12:44] C:\Users\VICTOR~1\AppData\Local\<DIR> PowerCinema
[05/31/2009|08:10] C:\Users\VICTOR~1\AppData\Local\<DIR> Temp
[12/06/2008|07:21] C:\Users\VICTOR~1\AppData\Local\<JUNCTION> Temporary Internet Files
[02/27/2009|11:35] C:\Users\VICTOR~1\AppData\Local\<DIR> VirtualStore

--------------------\\ Scheduled Tasks located in C:\Windows\Tasks

[05/31/2009 06:47 AM][--ah-----] C:\Windows\tasks\SA.DAT
[05/30/2009 10:19 PM][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing Folders in C:\ProgramData

[03/20/2008|10:28] C:\ProgramData\<DIR> {174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[12/06/2008|08:27] C:\ProgramData\<DIR> {3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[03/20/2008|10:07] C:\ProgramData\<DIR> Acer GameZone Console
[03/08/2009|12:26] C:\ProgramData\<DIR> Adobe
[12/06/2008|08:21] C:\ProgramData\<DIR> Apple
[12/06/2008|08:27] C:\ProgramData\<DIR> Apple Computer
[11/02/2006|06:02] C:\ProgramData\<JUNCTION> Application Data
[04/27/2009|05:13] C:\ProgramData\<DIR> Arcade Lab
[05/27/2009|07:04] C:\ProgramData\356,368 BoneHeartHeart.943spi6
[05/08/2009|06:18] C:\ProgramData\393,232 BoneHeartHeart.bnmj1
[04/03/2009|05:46] C:\ProgramData\344,080 BoneHeartHeart.oi2c2
[05/08/2009|06:18] C:\ProgramData\241,680 BoneHeartHeart.uqmg77
[05/08/2009|06:26] C:\ProgramData\<DIR> comp two long internet
[12/06/2008|08:15] C:\ProgramData\<DIR> CyberLink
[11/02/2006|06:02] C:\ProgramData\<JUNCTION> Desktop
[11/02/2006|06:02] C:\ProgramData\<JUNCTION> Documents
[05/08/2009|06:26] C:\ProgramData\<DIR> Error Second Dent
[05/25/2009|06:37] C:\ProgramData\56 ezsidmv.dat
[11/02/2006|06:02] C:\ProgramData\<JUNCTION> Favorites
[05/08/2009|06:26] C:\ProgramData\282,640 Flag Move Chic.rhrfi
[03/20/2008|09:58] C:\ProgramData\<DIR> FloodLightGames
[04/29/2009|05:50] C:\ProgramData\<DIR> GamesBar
[04/06/2009|11:11] C:\ProgramData\<DIR> Google
[07/29/2008|06:45] C:\ProgramData\<DIR> InstallShield
[05/25/2009|08:56] C:\ProgramData\<DIR> Malwarebytes
[05/29/2009|09:40] C:\ProgramData\<DIR> McAfee
[04/08/2009|11:46] C:\ProgramData\<DIR> Messenger Plus!
[04/02/2009|08:50] C:\ProgramData\<DIR> Microsoft
[05/17/2009|05:33] C:\ProgramData\<DIR> Microsoft Help
[05/29/2009|09:52] C:\ProgramData\<DIR> Norton
[05/29/2009|09:50] C:\ProgramData\<DIR> NortonInstaller
[04/11/2009|08:28] C:\ProgramData\<DIR> Oberon Games
[04/11/2009|08:52] C:\ProgramData\<DIR> PlayFirst
[04/03/2009|07:42] C:\ProgramData\<DIR> Sandlot Games
[12/07/2008|07:56] C:\ProgramData\<DIR> SiteAdvisor
[05/25/2009|06:32] C:\ProgramData\<DIR> Skype
[05/25/2009|07:44] C:\ProgramData\<DIR> Spybot - Search & Destroy
[11/02/2006|06:02] C:\ProgramData\<JUNCTION> Start Menu
[05/30/2009|02:47] C:\ProgramData\<DIR> Symantec
[05/03/2009|05:39] C:\ProgramData\<DIR> TEMP
[11/02/2006|06:02] C:\ProgramData\<JUNCTION> Templates
[02/27/2009|11:42] C:\ProgramData\<DIR> WindowsSearch
[04/02/2009|04:39] C:\ProgramData\<DIR> WLInstaller
[04/04/2009|12:09] C:\ProgramData\<DIR> Yahoo! Companion
[03/08/2009|12:16] C:\ProgramData\<DIR> ZoomBrowser

--------------------\\ Listing Folders in C:\Program Files

[12/06/2008|07:21] C:\Program Files\<DIR> Acer
[07/29/2008|06:52] C:\Program Files\<DIR> Acer Arcade Deluxe
[03/20/2008|10:07] C:\Program Files\<DIR> Acer GameZone
[07/29/2008|07:06] C:\Program Files\<DIR> Acer Inc
[03/20/2008|10:28] C:\Program Files\<DIR> Activation Assistant for the 2007 Microsoft Office suites
[03/08/2009|12:26] C:\Program Files\<DIR> Adobe
[07/29/2008|07:04] C:\Program Files\<DIR> Apoint2K
[12/06/2008|08:23] C:\Program Files\<DIR> Apple Software Update
[03/20/2008|10:07] C:\Program Files\<DIR> Big Kahuna Reef
[12/06/2008|08:25] C:\Program Files\<DIR> Bonjour
[03/08/2009|12:17] C:\Program Files\<DIR> Canon
[05/29/2009|10:23] C:\Program Files\<DIR> Circle Development
[05/29/2009|09:51] C:\Program Files\<DIR> Common Files
[03/20/2008|09:29] C:\Program Files\<DIR> CONEXANT
[03/20/2008|09:51] C:\Program Files\<DIR> CyberLink
[04/27/2009|05:12] C:\Program Files\<DIR> Gamenext
[05/25/2009|09:02] C:\Program Files\<DIR> GamesBar
[04/06/2009|08:49] C:\Program Files\<DIR> Google
[07/29/2008|07:03] C:\Program Files\<DIR> InstallShield Installation Information
[03/20/2008|09:20] C:\Program Files\<DIR> Intel
[04/15/2009|02:08] C:\Program Files\<DIR> Internet Explorer
[12/06/2008|08:27] C:\Program Files\<DIR> iPod
[12/06/2008|08:27] C:\Program Files\<DIR> iTunes
[07/29/2008|06:50] C:\Program Files\<DIR> Launch Manager
[05/28/2009|09:34] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[04/03/2009|05:45] C:\Program Files\<DIR> Messenger Plus! Live
[04/02/2009|08:53] C:\Program Files\<DIR> Microsoft
[11/02/2006|05:37] C:\Program Files\<DIR> Microsoft Games
[03/20/2008|10:27] C:\Program Files\<DIR> Microsoft Office
[04/03/2009|05:30] C:\Program Files\<DIR> Microsoft Silverlight
[04/02/2009|05:10] C:\Program Files\<DIR> Microsoft SQL Server Compact Edition
[04/02/2009|08:51] C:\Program Files\<DIR> Microsoft Sync Framework
[04/02/2009|05:53] C:\Program Files\<DIR> Microsoft Works
[03/20/2008|10:24] C:\Program Files\<DIR> Microsoft.NET
[01/20/2008|07:35] C:\Program Files\<DIR> Movie Maker
[11/02/2006|05:37] C:\Program Files\<DIR> MSBuild
[12/06/2008|07:48] C:\Program Files\<DIR> MSXML 4.0
[03/20/2008|09:39] C:\Program Files\<DIR> NewTech Infosystems
[05/29/2009|09:50] C:\Program Files\<DIR> Norton Internet Security
[05/29/2009|09:50] C:\Program Files\<DIR> NortonInstaller
[04/27/2009|05:12] C:\Program Files\<DIR> Oberon Media
[02/27/2009|10:57] C:\Program Files\<DIR> Okidata
[12/06/2008|08:25] C:\Program Files\<DIR> QuickTime
[03/20/2008|09:25] C:\Program Files\<DIR> Realtek
[11/02/2006|05:37] C:\Program Files\<DIR> Reference Assemblies
[05/25/2009|06:32] C:\Program Files\<DIR> Skype
[05/25/2009|09:05] C:\Program Files\<DIR> Spybot - Search & Destroy
[07/29/2008|06:45] C:\Program Files\<DIR> SuYin
[05/29/2009|09:51] C:\Program Files\<DIR> Symantec
[12/06/2008|07:54] C:\Program Files\<DIR> The Learning Company
[11/02/2006|06:01] C:\Program Files\<DIR> Uninstall Information
[01/20/2008|07:35] C:\Program Files\<DIR> Windows Calendar
[01/20/2008|07:35] C:\Program Files\<DIR> Windows Collaboration
[01/20/2008|07:35] C:\Program Files\<DIR> Windows Defender
[01/20/2008|07:35] C:\Program Files\<DIR> Windows Journal
[04/02/2009|08:53] C:\Program Files\<DIR> Windows Live
[04/02/2009|05:07] C:\Program Files\<DIR> Windows Live Favorites
[04/02/2009|08:44] C:\Program Files\<DIR> Windows Live SkyDrive
[04/02/2009|08:51] C:\Program Files\<DIR> Windows Live Toolbar
[05/17/2009|05:18] C:\Program Files\<DIR> Windows Mail
[03/11/2009|01:31] C:\Program Files\<DIR> Windows Media Player
[11/02/2006|05:37] C:\Program Files\<DIR> Windows NT
[01/20/2008|07:35] C:\Program Files\<DIR> Windows Photo Gallery
[01/20/2008|07:35] C:\Program Files\<DIR> Windows Sidebar
[03/20/2008|10:13] C:\Program Files\<DIR> Yahoo!

--------------------\\ Listing Folders in C:\Program Files\Common Files

[03/08/2009|12:26] C:\Program Files\Common Files\<DIR> Adobe
[12/06/2008|08:27] C:\Program Files\Common Files\<DIR> Apple
[03/08/2009|12:12] C:\Program Files\Common Files\<DIR> Canon
[03/20/2008|10:24] C:\Program Files\Common Files\<DIR> DESIGNER
[07/29/2008|06:45] C:\Program Files\Common Files\<DIR> InstallShield
[03/20/2008|09:38] C:\Program Files\Common Files\<DIR> LightScribe
[04/02/2009|05:58] C:\Program Files\Common Files\<DIR> microsoft shared
[03/20/2008|09:38] C:\Program Files\Common Files\<DIR> muvee Technologies
[03/20/2008|09:39] C:\Program Files\Common Files\<DIR> NewTech Infosystems
[04/27/2009|05:12] C:\Program Files\Common Files\<DIR> Oberon Media
[11/02/2006|04:18] C:\Program Files\Common Files\<DIR> Services
[05/25/2009|06:32] C:\Program Files\Common Files\<DIR> Skype
[07/29/2008|06:46] C:\Program Files\Common Files\<DIR> snp2uvc
[11/02/2006|04:18] C:\Program Files\Common Files\<DIR> SpeechEngines
[05/29/2009|10:23] C:\Program Files\Common Files\<DIR> Symantec Shared
[01/20/2008|07:35] C:\Program Files\Common Files\<DIR> System
[04/02/2009|08:21] C:\Program Files\Common Files\<DIR> Windows Live
[04/02/2009|04:43] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller

--------------------\\ Process

( 88 Processes )

iexplore.exe ~ [PID:4380]
iexplore.exe ~ [PID:5072]
iexplore.exe ~ [PID:1320]

--------------------\\ Searching with S_Lop

C:\ProgramData\BoneHeartHeart.bnmj1
C:\ProgramData\BoneHeartHeart.oi2c2
C:\ProgramData\Flag Move Chic.rhrfi
C:\ProgramData\BoneHeartHeart.uqmg77
C:\ProgramData\BoneHeartHeart.943spi6

--------------------\\ Searching for Lop Files - Folders

C:\ProgramData\comp two long internet
C:\ProgramData\comp two long internet\curb find.dat
C:\ProgramData\comp two long internet\curb find.exe

--------------------\\ Searching within the Registry

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MEMO LINK"="\"C:\\ProgramData\\BoneHeartHeart.943spi6\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-31 20:12:19
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections


No other infections found !

[F:662][D:53]-> C:\Users\VICTOR~1\AppData\Local\Temp
[F:30][D:1]-> C:\Users\VICTOR~1\AppData\Roaming\MICROS~1\Windows\Cookies
[F:41][D:4]-> C:\Users\VICTOR~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:2][D:2]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - Sun 05/31/2009|20:13 - Option : [1]

--------------------\\ Scan completed at 20:13:43
[ UAC => 1 ]




Here's the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:19:53 PM, on 5/31/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\PLFSetI.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\VICTOR~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Victor Rocha Sr\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/av ... x_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\\PLFSetL.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MEMO LINK] "C:\ProgramData\BoneHeartHeart.943spi6"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)" -"http://www.juegos.com/juego/number-karts.html"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: WinMail - Shortcut.lnk = C:\Program Files\Windows Mail\WinMail.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O18 - Protocol: skype4com - (no CLSID) - (no file)
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11962 bytes
Vitor
Regular Member
 
Posts: 25
Joined: April 18th, 2009, 12:08 am

Re: Random adware windows pop up, very slow computer.

Unread postby Axephilic » June 1st, 2009, 4:17 pm

Hi there,

Please navigate to the system tray on the bottom right hand corner and look for a Image sign.
  • right-click it -> chose "Disable Auto-Protect."
  • select a duration of 5 hours [color="green"](this assures no interference with the cleanup of your pc)[/color]
  • click "Ok."
  • a popup will warn that protection will now be disabled and the sign will now look like this: Image
You successfully disabled the Norton Antivirus Guard.

Run LOP S&D
Double click LopSD.exe to start the program.

  • Choose the language by typing of the corresponding letter and press Enter
  • Click OK at the informative window
  • Type 3 to choose Option 3 (Fix - Hosts), then press Enter
  • Don't close the window during suppression!
  • Wait until the end of the scan
  • A report will be generated, post the contents of it in your next reply.
(Copy of the report can be found at this location: %systemdrive%\lopR.txt, in most cases C:\lopR.txt)

Please Download and Run Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
  • If you accidently close it, the log file is saved here and will be named like this: C:\Documents and Settings\<your username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

In your next reply, please include:
  1. LOP log
  2. MBAM log
  3. A new HijackThis log

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: Random adware windows pop up, very slow computer.

Unread postby Vitor » June 4th, 2009, 1:40 am

Thank you Adam.
Here's the reports.


--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Home Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Celeron(R) CPU 560 @ 2.13GHz )
BIOS : Default System BIOS
USER : Victor Rocha Sr ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:50 Go (Free:22 Go)
D:\ (Local Disk) - NTFS - Total:49 Go (Free:49 Go)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [3] ( Mon 06/01/2009|22:18 )

[ UAC => 1 ]


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX

Deleted! - C:\ProgramData\comp two long internet\curb find.dat
Deleted! - C:\ProgramData\comp two long internet\curb find.exe
Deleted! - C:\ProgramData\BoneHeartHeart.bnmj1
Deleted! - C:\ProgramData\BoneHeartHeart.oi2c2
Deleted! - C:\ProgramData\Flag Move Chic.rhrfi
Deleted! - C:\ProgramData\BoneHeartHeart.uqmg77
Deleted! - C:\ProgramData\BoneHeartHeart.943spi6
Deleted! - C:\ProgramData\comp two long internet

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing folders in Local

[12/18/2008|12:45] C:\Users\VICTOR~1\AppData\Local\<DIR> Acer Arcade Deluxe
[12/06/2008|07:24] C:\Users\VICTOR~1\AppData\Local\<DIR> acer eNM
[02/27/2009|11:35] C:\Users\VICTOR~1\AppData\Local\<DIR> Adobe
[12/06/2008|08:24] C:\Users\VICTOR~1\AppData\Local\<DIR> Apple
[12/06/2008|09:24] C:\Users\VICTOR~1\AppData\Local\<DIR> Apple Computer
[12/06/2008|07:21] C:\Users\VICTOR~1\AppData\Local\<JUNCTION> Application Data
[04/23/2009|04:11] C:\Users\VICTOR~1\AppData\Local\7,168 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[12/06/2008|07:24] C:\Users\VICTOR~1\AppData\Local\70,104 GDIPFONTCACHEV1.DAT
[04/29/2009|05:50] C:\Users\VICTOR~1\AppData\Local\<DIR> Google
[12/06/2008|07:21] C:\Users\VICTOR~1\AppData\Local\<JUNCTION> History
[06/01/2009|02:25] C:\Users\VICTOR~1\AppData\Local\2,796,440 IconCache.db
[05/29/2009|09:40] C:\Users\VICTOR~1\AppData\Local\<DIR> Microsoft
[12/06/2008|08:38] C:\Users\VICTOR~1\AppData\Local\<DIR> PlayMovie
[12/18/2008|12:44] C:\Users\VICTOR~1\AppData\Local\<DIR> PowerCinema
[06/01/2009|10:18] C:\Users\VICTOR~1\AppData\Local\<DIR> Temp
[12/06/2008|07:21] C:\Users\VICTOR~1\AppData\Local\<JUNCTION> Temporary Internet Files
[02/27/2009|11:35] C:\Users\VICTOR~1\AppData\Local\<DIR> VirtualStore

--------------------\\ Scheduled Tasks located in C:\Windows\Tasks

[06/01/2009 09:31 PM][--ah-----] C:\Windows\tasks\SA.DAT
[06/01/2009 09:29 PM][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing Folders in C:\ProgramData

[03/20/2008|10:28] C:\ProgramData\<DIR> {174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[12/06/2008|08:27] C:\ProgramData\<DIR> {3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[03/20/2008|10:07] C:\ProgramData\<DIR> Acer GameZone Console
[03/08/2009|12:26] C:\ProgramData\<DIR> Adobe
[12/06/2008|08:21] C:\ProgramData\<DIR> Apple
[12/06/2008|08:27] C:\ProgramData\<DIR> Apple Computer
[11/02/2006|06:02] C:\ProgramData\<JUNCTION> Application Data
[04/27/2009|05:13] C:\ProgramData\<DIR> Arcade Lab
[12/06/2008|08:15] C:\ProgramData\<DIR> CyberLink
[11/02/2006|06:02] C:\ProgramData\<JUNCTION> Desktop
[11/02/2006|06:02] C:\ProgramData\<JUNCTION> Documents
[05/08/2009|06:26] C:\ProgramData\<DIR> Error Second Dent
[05/25/2009|06:37] C:\ProgramData\56 ezsidmv.dat
[11/02/2006|06:02] C:\ProgramData\<JUNCTION> Favorites
[03/20/2008|09:58] C:\ProgramData\<DIR> FloodLightGames
[04/29/2009|05:50] C:\ProgramData\<DIR> GamesBar
[04/06/2009|11:11] C:\ProgramData\<DIR> Google
[07/29/2008|06:45] C:\ProgramData\<DIR> InstallShield
[05/25/2009|08:56] C:\ProgramData\<DIR> Malwarebytes
[05/29/2009|09:40] C:\ProgramData\<DIR> McAfee
[04/08/2009|11:46] C:\ProgramData\<DIR> Messenger Plus!
[04/02/2009|08:50] C:\ProgramData\<DIR> Microsoft
[05/17/2009|05:33] C:\ProgramData\<DIR> Microsoft Help
[05/29/2009|09:52] C:\ProgramData\<DIR> Norton
[05/29/2009|09:50] C:\ProgramData\<DIR> NortonInstaller
[04/11/2009|08:28] C:\ProgramData\<DIR> Oberon Games
[04/11/2009|08:52] C:\ProgramData\<DIR> PlayFirst
[04/03/2009|07:42] C:\ProgramData\<DIR> Sandlot Games
[12/07/2008|07:56] C:\ProgramData\<DIR> SiteAdvisor
[05/25/2009|06:32] C:\ProgramData\<DIR> Skype
[05/25/2009|07:44] C:\ProgramData\<DIR> Spybot - Search & Destroy
[11/02/2006|06:02] C:\ProgramData\<JUNCTION> Start Menu
[05/30/2009|02:47] C:\ProgramData\<DIR> Symantec
[05/03/2009|05:39] C:\ProgramData\<DIR> TEMP
[11/02/2006|06:02] C:\ProgramData\<JUNCTION> Templates
[02/27/2009|11:42] C:\ProgramData\<DIR> WindowsSearch
[04/02/2009|04:39] C:\ProgramData\<DIR> WLInstaller
[04/04/2009|12:09] C:\ProgramData\<DIR> Yahoo! Companion
[03/08/2009|12:16] C:\ProgramData\<DIR> ZoomBrowser

--------------------\\ Listing Folders in C:\Program Files

[12/06/2008|07:21] C:\Program Files\<DIR> Acer
[07/29/2008|06:52] C:\Program Files\<DIR> Acer Arcade Deluxe
[03/20/2008|10:07] C:\Program Files\<DIR> Acer GameZone
[07/29/2008|07:06] C:\Program Files\<DIR> Acer Inc
[03/20/2008|10:28] C:\Program Files\<DIR> Activation Assistant for the 2007 Microsoft Office suites
[03/08/2009|12:26] C:\Program Files\<DIR> Adobe
[07/29/2008|07:04] C:\Program Files\<DIR> Apoint2K
[12/06/2008|08:23] C:\Program Files\<DIR> Apple Software Update
[03/20/2008|10:07] C:\Program Files\<DIR> Big Kahuna Reef
[12/06/2008|08:25] C:\Program Files\<DIR> Bonjour
[03/08/2009|12:17] C:\Program Files\<DIR> Canon
[05/29/2009|10:23] C:\Program Files\<DIR> Circle Development
[05/29/2009|09:51] C:\Program Files\<DIR> Common Files
[03/20/2008|09:29] C:\Program Files\<DIR> CONEXANT
[03/20/2008|09:51] C:\Program Files\<DIR> CyberLink
[04/27/2009|05:12] C:\Program Files\<DIR> Gamenext
[05/25/2009|09:02] C:\Program Files\<DIR> GamesBar
[04/06/2009|08:49] C:\Program Files\<DIR> Google
[07/29/2008|07:03] C:\Program Files\<DIR> InstallShield Installation Information
[03/20/2008|09:20] C:\Program Files\<DIR> Intel
[04/15/2009|02:08] C:\Program Files\<DIR> Internet Explorer
[12/06/2008|08:27] C:\Program Files\<DIR> iPod
[12/06/2008|08:27] C:\Program Files\<DIR> iTunes
[07/29/2008|06:50] C:\Program Files\<DIR> Launch Manager
[05/28/2009|09:34] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[04/03/2009|05:45] C:\Program Files\<DIR> Messenger Plus! Live
[04/02/2009|08:53] C:\Program Files\<DIR> Microsoft
[11/02/2006|05:37] C:\Program Files\<DIR> Microsoft Games
[03/20/2008|10:27] C:\Program Files\<DIR> Microsoft Office
[04/03/2009|05:30] C:\Program Files\<DIR> Microsoft Silverlight
[04/02/2009|05:10] C:\Program Files\<DIR> Microsoft SQL Server Compact Edition
[04/02/2009|08:51] C:\Program Files\<DIR> Microsoft Sync Framework
[04/02/2009|05:53] C:\Program Files\<DIR> Microsoft Works
[03/20/2008|10:24] C:\Program Files\<DIR> Microsoft.NET
[01/20/2008|07:35] C:\Program Files\<DIR> Movie Maker
[11/02/2006|05:37] C:\Program Files\<DIR> MSBuild
[12/06/2008|07:48] C:\Program Files\<DIR> MSXML 4.0
[03/20/2008|09:39] C:\Program Files\<DIR> NewTech Infosystems
[05/29/2009|09:50] C:\Program Files\<DIR> Norton Internet Security
[05/29/2009|09:50] C:\Program Files\<DIR> NortonInstaller
[04/27/2009|05:12] C:\Program Files\<DIR> Oberon Media
[02/27/2009|10:57] C:\Program Files\<DIR> Okidata
[12/06/2008|08:25] C:\Program Files\<DIR> QuickTime
[03/20/2008|09:25] C:\Program Files\<DIR> Realtek
[11/02/2006|05:37] C:\Program Files\<DIR> Reference Assemblies
[05/25/2009|06:32] C:\Program Files\<DIR> Skype
[05/25/2009|09:05] C:\Program Files\<DIR> Spybot - Search & Destroy
[07/29/2008|06:45] C:\Program Files\<DIR> SuYin
[05/29/2009|09:51] C:\Program Files\<DIR> Symantec
[12/06/2008|07:54] C:\Program Files\<DIR> The Learning Company
[11/02/2006|06:01] C:\Program Files\<DIR> Uninstall Information
[01/20/2008|07:35] C:\Program Files\<DIR> Windows Calendar
[01/20/2008|07:35] C:\Program Files\<DIR> Windows Collaboration
[01/20/2008|07:35] C:\Program Files\<DIR> Windows Defender
[01/20/2008|07:35] C:\Program Files\<DIR> Windows Journal
[04/02/2009|08:53] C:\Program Files\<DIR> Windows Live
[04/02/2009|05:07] C:\Program Files\<DIR> Windows Live Favorites
[04/02/2009|08:44] C:\Program Files\<DIR> Windows Live SkyDrive
[04/02/2009|08:51] C:\Program Files\<DIR> Windows Live Toolbar
[05/17/2009|05:18] C:\Program Files\<DIR> Windows Mail
[03/11/2009|01:31] C:\Program Files\<DIR> Windows Media Player
[11/02/2006|05:37] C:\Program Files\<DIR> Windows NT
[01/20/2008|07:35] C:\Program Files\<DIR> Windows Photo Gallery
[01/20/2008|07:35] C:\Program Files\<DIR> Windows Sidebar
[03/20/2008|10:13] C:\Program Files\<DIR> Yahoo!

--------------------\\ Listing Folders in C:\Program Files\Common Files

[03/08/2009|12:26] C:\Program Files\Common Files\<DIR> Adobe
[12/06/2008|08:27] C:\Program Files\Common Files\<DIR> Apple
[03/08/2009|12:12] C:\Program Files\Common Files\<DIR> Canon
[03/20/2008|10:24] C:\Program Files\Common Files\<DIR> DESIGNER
[07/29/2008|06:45] C:\Program Files\Common Files\<DIR> InstallShield
[03/20/2008|09:38] C:\Program Files\Common Files\<DIR> LightScribe
[04/02/2009|05:58] C:\Program Files\Common Files\<DIR> microsoft shared
[03/20/2008|09:38] C:\Program Files\Common Files\<DIR> muvee Technologies
[03/20/2008|09:39] C:\Program Files\Common Files\<DIR> NewTech Infosystems
[04/27/2009|05:12] C:\Program Files\Common Files\<DIR> Oberon Media
[11/02/2006|04:18] C:\Program Files\Common Files\<DIR> Services
[05/25/2009|06:32] C:\Program Files\Common Files\<DIR> Skype
[07/29/2008|06:46] C:\Program Files\Common Files\<DIR> snp2uvc
[11/02/2006|04:18] C:\Program Files\Common Files\<DIR> SpeechEngines
[05/29/2009|10:23] C:\Program Files\Common Files\<DIR> Symantec Shared
[01/20/2008|07:35] C:\Program Files\Common Files\<DIR> System
[04/02/2009|08:21] C:\Program Files\Common Files\<DIR> Windows Live
[04/02/2009|04:43] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller

--------------------\\ Process

( 83 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-01 22:19:08
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections


No other infections found !

[F:681][D:53]-> C:\Users\VICTOR~1\AppData\Local\Temp
[F:31][D:1]-> C:\Users\VICTOR~1\AppData\Roaming\MICROS~1\Windows\Cookies
[F:106][D:4]-> C:\Users\VICTOR~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:2][D:2]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - Sun 05/31/2009|20:13 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - Mon 06/01/2009|22:20 - Option : [3]

--------------------\\ Scan completed at 22:20:27
[ UAC => 1 ]




Malwarebytes' Anti-Malware 1.37
Database version: 2227
Windows 6.0.6001 Service Pack 1

6/3/2009 10:33:09 PM
mbam-log-2009-06-03 (22-33-09).txt

Scan type: Full Scan (C:\|)
Objects scanned: 158236
Time elapsed: 44 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:08:13 PM, on 6/3/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Users\VICTOR~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Victor Rocha Sr\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/av ... x_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\\PLFSetL.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)" -"http://www.juegos.com/juego/number-karts.html"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: WinMail - Shortcut.lnk = C:\Program Files\Windows Mail\WinMail.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O18 - Protocol: skype4com - (no CLSID) - (no file)
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11355 bytes
Vitor
Regular Member
 
Posts: 25
Joined: April 18th, 2009, 12:08 am

Re: Random adware windows pop up, very slow computer.

Unread postby Axephilic » June 4th, 2009, 4:27 pm

Hello,

Fix HijackThis lines

  • Run HijackThis!
  • Click on Do a System Scan only
  • Place a tick next to the following lines:

    O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - (no file)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
Close all open windows and click on Fix checked and when you get a popup window click on Yes.

Kaspersky Online Scanner
Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.

In your next reply, please include:
  1. Kaspersky report
  2. How is it running now?
  3. A new HijackThis log

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: Random adware windows pop up, very slow computer.

Unread postby Vitor » June 5th, 2009, 8:23 pm

Thank you Adam. PC still running slow.

Here's the Kaspersky log.
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Friday, June 5, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Saturday, June 06, 2009 00:50:47
Records in database: 2316531
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 99750
Threat name: 1
Infected objects: 9
Suspicious objects: 0
Duration of the scan: 01:06:47


File name / Threat name / Threats count
C:\Lop SD\Backup-Lop\ProgramData\comp two long internet\curb find.exe Infected: Trojan.Win32.Swizzor.a 1
C:\ProgramData\Error Second Dent\barb chin up.exe Infected: Trojan.Win32.Swizzor.a 1
C:\ProgramData\Error Second Dent\dlngdoqu.exe Infected: Trojan.Win32.Swizzor.a 1
C:\ProgramData\Error Second Dent\eggs dumb film view.exe Infected: Trojan.Win32.Swizzor.a 1
C:\ProgramData\Error Second Dent\uotjbomp.exe Infected: Trojan.Win32.Swizzor.a 1
C:\Users\All Users\Error Second Dent\barb chin up.exe Infected: Trojan.Win32.Swizzor.a 1
C:\Users\All Users\Error Second Dent\dlngdoqu.exe Infected: Trojan.Win32.Swizzor.a 1
C:\Users\All Users\Error Second Dent\eggs dumb film view.exe Infected: Trojan.Win32.Swizzor.a 1
C:\Users\All Users\Error Second Dent\uotjbomp.exe Infected: Trojan.Win32.Swizzor.a 1

The selected area was scanned.


Here's the HJT log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:22:56 PM, on 6/5/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\PLFSetI.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\VICTOR~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Users\Victor Rocha Sr\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\\PLFSetL.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)" -"http://www.juegos.com/juego/number-karts.html"
O4 - Startup: WinMail - Shortcut.lnk = C:\Program Files\Windows Mail\WinMail.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/ ... 586-jc.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O18 - Protocol: skype4com - (no CLSID) - (no file)
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11332 bytes
Vitor
Regular Member
 
Posts: 25
Joined: April 18th, 2009, 12:08 am

Re: Random adware windows pop up, very slow computer.

Unread postby Axephilic » June 6th, 2009, 12:58 pm

Hi there,

Fix HijackThis lines

  • Run HijackThis!
  • Click on Do a System Scan only
  • Place a tick next to the following lines:

    O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - (no file)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
Close all open windows and click on Fix checked and when you get a popup window click on Yes.

Download and Run OTM.exe

Download OTM.exe by Old Timer and save it to your Desktop.
  • Double-click OTM.exe. (Vista users, please right click on OTM.exe and select "Run as an Administrator")
  • Copy the lines in the codebox below.
Code: Select all
:Files
C:\Lop SD\Backup-Lop\ProgramData\comp two long internet\curb find.exe
C:\ProgramData\Error Second Dent
C:\Users\All Users\Error Second Dent
:Commands
[EmptyTemp]
[Reboot]

  • Return to OTM.exe, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTM.exe

For the slowness, you can try these suggestions: http://www.malwareremoval.com/tutorials ... slowly.php

In your next reply, please include:
  1. OTM Report
  2. A new HijackThis log

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: Random adware windows pop up, very slow computer.

Unread postby Vitor » June 6th, 2009, 3:02 pm

Adam, I think I did something wrong, when I tried to copy the OTM log it started doing something and eventually stopped.
I tried copying again and did the same thing. Eventually I got this.

Also, when I run HJT I get a messge that warns me that some host files are not accessible or something like that.

========== FILES ==========
C:\Lop SD\Backup-Lop\ProgramData\comp two long internet\curb find.exe moved successfully.
C:\ProgramData\Error Second Dent moved successfully.
File/Folder C:\Users\All Users\Error Second Dent not found.
========== COMMANDS ==========
File delete failed. C:\Users\VICTOR~1\AppData\Local\Temp\RtkBtMnt.exe scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Windows\temp\JET96A3.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Temp folders emptied.

OTM by OldTimer - Version 2.1.0.0 log created on 06062009_115729




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:01:12 PM, on 6/6/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\PLFSetI.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Users\VICTOR~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Users\Victor Rocha Sr\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\\PLFSetL.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [OTM] "C:\Users\Victor Rocha Sr\Desktop\OTM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)" -"http://www.juegos.com/juego/number-karts.html"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: WinMail - Shortcut.lnk = C:\Program Files\Windows Mail\WinMail.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/ ... 586-jc.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O18 - Protocol: skype4com - (no CLSID) - (no file)
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12033 bytes
Vitor
Regular Member
 
Posts: 25
Joined: April 18th, 2009, 12:08 am

Re: Random adware windows pop up, very slow computer.

Unread postby Axephilic » June 7th, 2009, 11:58 am

Hello,

I will need to see another online scan since the OTM report is saying that it couldn't find one of the folders.

When you are starting HJT to remove those lines, are you using run as administrator? The lines are still there and they should be gone now.

Eset Online Scanner

Please go to Eset website to perform an online scan. Please use Internet Explorer as it uses ActiveX.

  1. Check (tick) this box: YES, I accept the Terms of Use.
  2. Click on the Start button next to it.
  3. When prompted to run ActiveX. click Yes.
  4. You will be asked to install an ActiveX. Click Install.
  5. Once installed, the scanner will be initialized.
  6. After the scanner is initialized, click Start.
  7. Uncheck (untick) Remove found threats box.
  8. Check (tick) Scan unwanted applications.
  9. Click on Scan.
  10. It will start scanning. Please be patient.
  11. Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt. Please post this log in your next reply.

In your next reply, please include:
  1. ESET log
  2. A new HijackThis log

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: Random adware windows pop up, very slow computer.

Unread postby Axephilic » June 11th, 2009, 2:27 pm

Hello,

THREE DAY BUMP!

It has been three days since my last post.
  • Do you still need help with this?
  • Do you need more time?
  • Are you having problems following my instructions?

If after 48 hours you have not replied to this thread, then it will have to be closed!

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: Random adware windows pop up, very slow computer.

Unread postby Vitor » June 12th, 2009, 1:09 am

Yes, I need more time.
I had a family emergency that I'm currently tending to.
Thank you.
Vitor
Regular Member
 
Posts: 25
Joined: April 18th, 2009, 12:08 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 324 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware