Buy Malwarebytes antimalware











This site is hosted at Hostgator.com




Sponsored Adverts

Sponsored Ads

These adverts come direct from Google adsense



Recent Posts

Pages: 1 2 [3] 4 5 6 7 8 ... 10
21
Malware removal and help / Running very slow and other issues
« Last post by Davejj on September 06, 2014, 23:17:04 »
Hi Derek....

Back again, My laptop is running very slow, web pages sometimes take minuets to change, or they will not work at all.

I can type words faster than they appear on the screen... videos will not run at times and i have a error loading 0361.dll message at start up.
So before I throw it out of the window I thought I would see if you can find any issues.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16476
Run by Dave at 21:52:53 on 2014-09-06
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Webroot\WRSA.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Codebox\BitMeterOS\BitMeterCaptureService.exe
C:\Program Files\Codebox\BitMeterOS\BitMeterWebService.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\SMINST\BLService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\002\yewimmxqbs32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Webroot\WRSA.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_14_0_0_176_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\consent.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.co.uk/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Pavilion&pf=cnnb
uURLSearchHooks: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - <orphaned>
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Webroot Filtering Extension: {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - c:\program files\webroot\wrdata\pkg\vistax86\wrflt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [WRSVC] "c:\program files\webroot\WRSA.exe" -ul
mRun: [NPSStartup] <no file>
mRunOnce: [NCPluginUpdater] "c:\program files\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" Update
uPolicies-Explorer: NoViewOnDrive = dword:0
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: DisableLocalMachineRun = dword:0
uPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
uPolicies-Explorer: DisableCurrentUserRun = dword:0
uPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
uPolicies-Explorer: NoFile = dword:0
uPolicies-Explorer: HideClock = dword:0
uPolicies-Explorer: NoDevMgrUpdate = dword:0
uPolicies-Explorer: NoDFSTab = dword:0
uPolicies-Explorer: NoWindowsUpdate = dword:0
uPolicies-Explorer: NoEncryptOnMove = dword:0
uPolicies-Explorer: NoRunasInstallPrompt = dword:0
uPolicies-Explorer: NoResolveTrack = dword:0
uPolicies-Explorer: NoStartMenuSubFolders = dword:0
uPolicies-System: NoDispAppearancePage = dword:0
uPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {F4430FE8-2638-42e5-B849-800749B94EED} - c:\programs\partygaming.net\partypokernet\RunPF.exe
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20090626094001
DPF: {2665693B-C4F3-434B-83DB-7574CF50C8B7} - hxxp://www.kaspersky.co.uk/downloads/misc/kasperskylicensefinder.cab
DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} - hxxp://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} - hxxp://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.tescophoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{53D38130-0C0D-45EA-B153-990B34E9E740} : DHCPNameServer = 194.168.4.100 194.168.8.100
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\dave\appdata\roaming\mozilla\firefox\profiles\zcqxsw8e.default\
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin101714.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: c:\program files\sony\media go\npmediago.dll
FF - plugin: c:\program files\sony\playstation network downloader\nppsndl.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_14_0_0_145.dll
FF - ExtSQL: !HIDDEN! 2010-05-01 16:56; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
============= SERVICES / DRIVERS ===============
.
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? Com4QLBEx;Com4QLBEx
R? CTUPnPSv;Creative Centrale Media Server
R? FsUsbExDisk;FsUsbExDisk
R? Norton Internet Security;Norton Internet Security
R? OA004Ufd;Creative Camera OA004 Upper Filter Driver
R? OA004Vid;Creative Camera OA004 Function Driver
R? SkypeUpdate;Skype Updater
R? Sony PC Companion;Sony PC Companion
R? Update Server;BitDefender Update Server v2
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? BitMeterCaptureService;BitMeter Capture Service
S? BitMeterWebService;BitMeter Web Service
S? ezSharedSvc;Easybits Shared Services for Windows
S? FontCache;Windows Font Cache Service
S? IntcHdmiAddService;Intel(R) High Definition Audio HDMI
S? Recovery Service for Windows;Recovery Service for Windows
S? WRkrn;WRkrn
S? WRSVC;WRSVC
S? yewimmxqbs32;yewimmxqbs32
.
=============== Created Last 30 ================
.
2014-09-06 20:16:13   --------   d-----w-   c:\programdata\REGSERVO
2014-09-06 20:16:05   --------   d-----w-   c:\program files\REGSERVO
2014-09-05 07:43:18   8581864   ----a-w-   c:\programdata\microsoft\windows defender\definition updates\{4b13788b-bd91-4e49-b510-7fe333c7e9aa}\mpengine.dll
2014-08-21 05:27:39   --------   d-----w-   c:\users\dave\appdata\local\Adobe
.
==================== Find3M  ====================
.
2014-09-02 20:51:33   153256   ----a-w-   c:\windows\system32\WRusr.dll
2014-09-02 20:51:33   116736   ----a-w-   c:\windows\system32\drivers\WRkrn.sys
2014-08-25 05:53:44   231584   ------w-   c:\windows\system32\MpSigStub.exe
2014-08-15 05:26:12   71344   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2014-08-15 05:26:12   699568   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2013-12-11 12:14:59   10395072   ----a-w-   c:\program files\common files\wruninstall.exe
2010-07-08 09:37:14   101544   ----a-w-   c:\program files\common files\LinkInstaller.exe
.
============= FINISH: 21:54:26.41 ===============
22
Malware removal and help / Re: just a check
« Last post by rock995 on August 13, 2014, 21:58:27 »
Good to know that it's probably not going to be a problem but just to see if I could find it manually, I've tried to search for where this bho is via regedit but can't locate it. 
23
Malware removal and help / Re: just a check
« Last post by rock995 on August 13, 2014, 15:36:47 »
So, I'm good to go?  No obvious problems?  If not, then on to the HH donation link.

I have to say that the "no script" add-on for FireFox may be a pain to use (one must enable each and every website one visits for enhanced
content like flash, etc.) but it keeps websites from injecting the computer with malware.
24
Malware removal and help / Re: just a check
« Last post by Derek on August 13, 2014, 15:08:21 »
I wouldn't worry about the  registry key that spybot keeps finding
It is just an entry that doesn't do anything
25
Malware removal and help / Re: just a check
« Last post by rock995 on August 13, 2014, 14:55:51 »
Bleeping Computer was down so I d/l from CNET.  After running adw and auto-restarting, the log did not pop up anywhere so I ran adw a second time.  I know. I know.  But I thought that maybe the first one didn't work.  After restarting, it still didn't display a log so I did a search and found
them in a folder elsewhere.  I will include both logs.  Also, here's the SpyBot scan that shows the Win32.2UrFace.bho problem.
26
Malware removal and help / Re: just a check
« Last post by Derek on August 13, 2014, 07:32:27 »
Click on this link to download : ADWCleaner Click on ONE of the Two  Blue Download Now buttons That have a blue arrow beside them  and save it to your desktop. Do not click on any links in the top Advert.

See the screenshot where the proper download buttons are highlighted


 NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

 Close your browser and double click on this icon on your desktop:



 You will then see the screen below, click on the Scan button (as indicated), accept any prompts that appear and allow it to run, it may take several minutes to complete, when it is done, you will get a  message saying "PENDING" , Ignore that &  click on the Clean button, accept any prompts that appear and allow the system to reboot. You will then be presented with the report, Copy & Paste it into your next post.


27
Malware removal and help / just a check
« Last post by rock995 on August 13, 2014, 00:11:04 »
Hi Derek.  Back from my travels and, sure enough, my girlfriend who was using my computer has perhaps picked up
a bit of malware, specifically Win32.2UrFace.bho (which SpyBot S&D says is there but can't seem to eliminate it).

I went to donate to the HH but, on second thought, didn't want to do any financial transactions with something possible lurking in the backgroung.

Anyway to check this computer and see if anything fishy shows up?

I see that the site hasn't been that active since my posting in January.  Hope your health is holding up my friend.

rock
28
Uploads / Re: Files Requested by eddie:
« Last post by Referee06 on July 04, 2014, 03:51:43 »
Second Qoobox submission
30
Malware removal and help / Re: adware/malware popups etc
« Last post by Derek on April 28, 2014, 23:05:59 »
the civic cookie is genuine for this site, I have to have that to comply with EU cookie laws. You will get that every time until you accept it 
What is the suspicious update message
Pages: 1 2 [3] 4 5 6 7 8 ... 10

Donations

You have come to The Spykiller for help because your Antivirus or Antispyware hasn't been able to fix your problem.

Modern Malware has become so involved and difficult to fix that it takes a very long time and a lot of hard work to read all the logs posted here and research and prepare the fixes for you. In many cases each part of the fix takes about 30 minutes to prepare, so a large part of my time is spent helping you

Would you do all this for nothing?

The reason I run this site is to raise funds for Hedgehog Rescue

Please donate if I have helped you or you have found this site useful.

You can donate safely and securely by using the paypal service, just click on one of the buttons below.

To donate in UK £

To donate in US$

To donate in Euro €

Any amount no matter how small is gratefully accepted and needed to ensure we keep the Rescue Centre running

To donate via paypal when the button doesn't appear or the link doesn't work: just go to www.paypal.com or your country's paypal log in page and chose send money and use help@thehedgehog.co.uk as recipient email address and select other service as the option. then follow prompts


Useful Advice and Programs

Stop killing hedgehogs with strimmers
Welcome, Guest. Please login or register.
December 22, 2014, 04:09:32

Login with username, password and session length

secunia Software inspector


RoboForm: Learn more...

You have come to The Spykiller for help because your Antivirus or Antispyware hasn't been able to fix your problem.

Modern Malware is so involved and difficult to fix that it takes a very long time and a lot of hard work to read all the logs posted here and research and prepare the fixes for you.
In many cases each part of the fix takes about 30 minutes to prepare, so a large part of my time is spent helping you

Would you do all this for nothing?

I run this site to help raise funds for Hedgehog Rescue

Please donate if I have helped you or you have found this site useful.

You can donate safely and securely by using the PayPal service, just click on one of the buttons below.

To donate in UK £

To donate in US$

To donate in Euro €

Any amount no matter how small is gratefully accepted and needed to ensure we keep the Rescue Centre running