Vista Security Tool 2010
Solved/Closed
Related:
- Vista Security Tool 2010
- Microsoft office 2010 free download - Download - Office suites
- Microsoft publisher 2010 free download - Download - Publishing
- Pdf and xps add in 2010 - Download - Other
- Fnaf security breach free download - Download - Horror
- Usb debugging enabler tool - Download - Other
23 responses
Dear Sir,
Your post actually lacks specific information. However, I will request you to get through the below instructions to get the problem solved.
http://ccm.net/faq/6844-rogue-vista-internet-security-2010-pro-removal
Thanks in advance.
Your post actually lacks specific information. However, I will request you to get through the below instructions to get the problem solved.
http://ccm.net/faq/6844-rogue-vista-internet-security-2010-pro-removal
Thanks in advance.
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,170
Mar 16, 2010 at 04:52 PM
Mar 16, 2010 at 04:52 PM
Hello,
With all due respect for my friend Ash Perez
Here is how to get rid of this scam rogue virus designed to get to your credit card account and it is a good thing you did not fall for it.
Please follow the following procedure carefully and to the letter.
Security tool is a rogue virus which is self protective, thus it will prevent any antivirus from fonctionning.
You must kill the processes which the virus is presently running. If you don't it will keep reproducing the files for ever.
To kill the processes:
Download to your desktop and run Rogue Kill:
https://download.bleepingcomputer.com/grinler/rkill.com
5.You should now see a window that shows all of your desktop icons, including the rkill.com program. Now double-click on the rkill.com in order to automatically attempt to stop any processes associated with Security Tool and other Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step. If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by Security Tool when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate Security Tool . So, please try running Rkill until malware is no longer running.
Please, DO NOT REBOOT your computer or the processes will come back to haunt you!
Download to your desktop Malwarebyte.
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/
Once on your desktop, we must still outwit the virus.
Right click on the MBAM icon and click on rename. Rename it Explorer.exe.
Install Malwarebyte and launch it. From the second tab, update it.
Pretty please, request a FULL system scan which should take more than hour. Once the scan is finish, delete all of item that were found.
Once your computer is clean and working normally just to be on the safe side
*Turn off system restore and wait 30 seconds,
*Turn it back on and create a new restore point.
This way it gets rid of anything bad that might have gotten saved in a restore point and you have a clean restore point to use in the near future if needed.
Do not turn it off until your computer is clean and working normally because you might need to use it if something goes wrong during the clean-up process.
It is better to go back to an infected restore point if something goes wrong then to not be able to undo changes that were damaging.
Once all this is completed, I always suggest to delete Malwarebyte as some people have reported that it may interfere with other antivirus applications.
Please let us know about the results which I am sure will be positive.
Regards
With all due respect for my friend Ash Perez
Here is how to get rid of this scam rogue virus designed to get to your credit card account and it is a good thing you did not fall for it.
Please follow the following procedure carefully and to the letter.
Security tool is a rogue virus which is self protective, thus it will prevent any antivirus from fonctionning.
You must kill the processes which the virus is presently running. If you don't it will keep reproducing the files for ever.
To kill the processes:
Download to your desktop and run Rogue Kill:
https://download.bleepingcomputer.com/grinler/rkill.com
5.You should now see a window that shows all of your desktop icons, including the rkill.com program. Now double-click on the rkill.com in order to automatically attempt to stop any processes associated with Security Tool and other Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step. If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by Security Tool when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate Security Tool . So, please try running Rkill until malware is no longer running.
Please, DO NOT REBOOT your computer or the processes will come back to haunt you!
Download to your desktop Malwarebyte.
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/
Once on your desktop, we must still outwit the virus.
Right click on the MBAM icon and click on rename. Rename it Explorer.exe.
Install Malwarebyte and launch it. From the second tab, update it.
Pretty please, request a FULL system scan which should take more than hour. Once the scan is finish, delete all of item that were found.
Once your computer is clean and working normally just to be on the safe side
*Turn off system restore and wait 30 seconds,
*Turn it back on and create a new restore point.
This way it gets rid of anything bad that might have gotten saved in a restore point and you have a clean restore point to use in the near future if needed.
Do not turn it off until your computer is clean and working normally because you might need to use it if something goes wrong during the clean-up process.
It is better to go back to an infected restore point if something goes wrong then to not be able to undo changes that were damaging.
Once all this is completed, I always suggest to delete Malwarebyte as some people have reported that it may interfere with other antivirus applications.
Please let us know about the results which I am sure will be positive.
Regards
Hello
I am now performing the system scan as you recommended....I just did the rkill.com
How do I turn off system restore and then turn it back on and make a new date
Also previously I had done the scan and it found the files and supposedly deletd them....however it did not do the trick and the vista security tool was still hijacking. I hope the rkill.com put a stop to that
I am now performing the system scan as you recommended....I just did the rkill.com
How do I turn off system restore and then turn it back on and make a new date
Also previously I had done the scan and it found the files and supposedly deletd them....however it did not do the trick and the vista security tool was still hijacking. I hope the rkill.com put a stop to that
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,170
Mar 17, 2010 at 04:36 AM
Mar 17, 2010 at 04:36 AM
Dear Cath,
I trust you perform the RKill before you "Malwarebyted" for it is important to remove the malicious processes first as the the dead trojan will ressucitate.
Malwarebyte should take at least 90 minutes. Let me know when it is done and I will answer on system restore.
Thank you
I trust you perform the RKill before you "Malwarebyted" for it is important to remove the malicious processes first as the the dead trojan will ressucitate.
Malwarebyte should take at least 90 minutes. Let me know when it is done and I will answer on system restore.
Thank you
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,170
Apr 2, 2010 at 04:17 PM
Apr 2, 2010 at 04:17 PM
That is a good idea, however you may still remain with the a virus in your system volume information, who knows when it will return to haunt you?
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,170
Mar 17, 2010 at 09:33 AM
Mar 17, 2010 at 09:33 AM
Okay,
No virus has ever resisted me.
I assume that when you say scan and scan you mean with Rkill.
Let us do it this way.
Download Process Explorer and save on C:
http://live.sysinternals.com/procexp.exe
Run the tool and spot any unusual processes especially those that are numeric, or says pcsecurity, vista security, dr.guard, etc
Kill the process or processes!
Do not reboot your machine as the processes will be reanimated and come back to haunt you.
Then follow the exact procedure I indicated to you for Malwarebyte.
Let me know
No virus has ever resisted me.
I assume that when you say scan and scan you mean with Rkill.
Let us do it this way.
Download Process Explorer and save on C:
http://live.sysinternals.com/procexp.exe
Run the tool and spot any unusual processes especially those that are numeric, or says pcsecurity, vista security, dr.guard, etc
Kill the process or processes!
Do not reboot your machine as the processes will be reanimated and come back to haunt you.
Then follow the exact procedure I indicated to you for Malwarebyte.
Let me know
Didn't find the answer you are looking for?
Ask a question
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,170
Mar 17, 2010 at 10:21 AM
Mar 17, 2010 at 10:21 AM
Pardon me but who are they when you say the file THEY kept killing ?
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,170
Mar 17, 2010 at 10:35 AM
Mar 17, 2010 at 10:35 AM
Please stop and close the RKill
Download Process Explorer and save on C:
http://live.sysinternals.com/procexp.exe
Run the tool and spot any unusual processes especially those that are numeric, or says pcsecurity, vista security, dr.guard, etc
Kill the process or processes!
Do not reboot your machine as the processes will be reanimated and come back to haunt you.
Then follow the exact procedure I indicated to you for Malwarebyte.
Let me know
Download Process Explorer and save on C:
http://live.sysinternals.com/procexp.exe
Run the tool and spot any unusual processes especially those that are numeric, or says pcsecurity, vista security, dr.guard, etc
Kill the process or processes!
Do not reboot your machine as the processes will be reanimated and come back to haunt you.
Then follow the exact procedure I indicated to you for Malwarebyte.
Let me know
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,170
Mar 17, 2010 at 12:17 PM
Mar 17, 2010 at 12:17 PM
Try renaming it to Explorer.exe and then run it.
If you still get the same song, try opening your task manager and click on the process tab to see if yu can find the processes to terminate them.
Right clicking on the task bar opens a context menu, which happens to have Task Manager as an option or Open your start menu, and type "taskmgr" (no quotes) in the search bar, and click enter. Doing so should automatically run it.
If you still get the same song, try opening your task manager and click on the process tab to see if yu can find the processes to terminate them.
Right clicking on the task bar opens a context menu, which happens to have Task Manager as an option or Open your start menu, and type "taskmgr" (no quotes) in the search bar, and click enter. Doing so should automatically run it.
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,170
Mar 17, 2010 at 12:30 PM
Mar 17, 2010 at 12:30 PM
Packed Win32.Krap.as you say!
Different story all together. Stop everything!
Please Cathy
Download and install Hyjackthis. Request a full scan and save a log. Copy the lof and post it here.
http://free.antivirus.com/hijackthis/
Paste the log and standby for further instruction.
Different story all together. Stop everything!
Please Cathy
Download and install Hyjackthis. Request a full scan and save a log. Copy the lof and post it here.
http://free.antivirus.com/hijackthis/
Paste the log and standby for further instruction.
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,170
Mar 17, 2010 at 01:16 PM
Mar 17, 2010 at 01:16 PM
Hello Cathy,
How are you doing the Hyjackthis log?
I must leave the forum in 10 minutes or so to return in about three hours. Should I receive your log within 10 minutes I should have time to guide you, otherwise I will talk to you later.
How are you doing the Hyjackthis log?
I must leave the forum in 10 minutes or so to return in about three hours. Should I receive your log within 10 minutes I should have time to guide you, otherwise I will talk to you later.
gfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 1:15:56 PM, on 3/17/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\aestsrv.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.aol.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cyberdefender.com/smallsearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.earthlink.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.aol.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=53EEB45F21EA47F2B95DF58497B5E6B6
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=53EEB45F21EA47F2B95DF58497B5E6B6
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.aol.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Users\chattycathy526\AppData\LocalLow\CyberDefender\cdmyidd.dll
O1 - Hosts: ::1 localhost
O2 - BHO: EarthLink BHO Guard - {00000000-0000-0000-0000-000000000002} - C:\Program Files\EarthLink\Toolbar\EScamBlk.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: EarthLink ScamBlocker V3 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - (no file)
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink\Toolbar\ElnkPub.dll
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink\Toolbar\ProtctIE.dll
O2 - BHO: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Users\chattycathy526\AppData\LocalLow\CyberDefender\cdmyidd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink\Toolbar\uninsttb.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Users\chattycathy526\AppData\LocalLow\CyberDefender\cdmyidd.dll
O3 - Toolbar: MP3 Rocket Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink\Toolbar\Toolbar.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe"
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: MP3 Rocket (Minimized).lnk = C:\Program Files\MP3 Rocket\MP3Rocket.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\EarthLink\Toolbar\SearchUI.dll/search.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\scieplugin.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos1.walmart.com/WalmartActivia.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{00B599EE-5D2E-4662-84FF-7BC7D73855F8}: NameServer = 93.188.164.221,93.188.161.89
O17 - HKLM\System\CCS\Services\Tcpip\..\{7EA7CDFF-1CA4-4631-9D69-172807566E9B}: NameServer = 93.188.164.221,93.188.161.89
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.164.221,93.188.161.89
O17 - HKLM\System\CS1\Services\Tcpip\..\{00B599EE-5D2E-4662-84FF-7BC7D73855F8}: NameServer = 93.188.164.221,93.188.161.89
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.221,93.188.161.89
O20 - AppInit_DLLs: C:\PROGRA~1\PCSECU~1\THESHI~1\r3hook.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\aestsrv.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: The Shield Deluxe 2008 (AVP) - PCSecurityShield - C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: gupdate1ca1f9a5960b880 - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
Scan saved at 1:15:56 PM, on 3/17/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\aestsrv.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.aol.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cyberdefender.com/smallsearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.earthlink.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.aol.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=53EEB45F21EA47F2B95DF58497B5E6B6
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=53EEB45F21EA47F2B95DF58497B5E6B6
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.aol.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Users\chattycathy526\AppData\LocalLow\CyberDefender\cdmyidd.dll
O1 - Hosts: ::1 localhost
O2 - BHO: EarthLink BHO Guard - {00000000-0000-0000-0000-000000000002} - C:\Program Files\EarthLink\Toolbar\EScamBlk.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: EarthLink ScamBlocker V3 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - (no file)
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink\Toolbar\ElnkPub.dll
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink\Toolbar\ProtctIE.dll
O2 - BHO: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Users\chattycathy526\AppData\LocalLow\CyberDefender\cdmyidd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink\Toolbar\uninsttb.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Users\chattycathy526\AppData\LocalLow\CyberDefender\cdmyidd.dll
O3 - Toolbar: MP3 Rocket Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink\Toolbar\Toolbar.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe"
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: MP3 Rocket (Minimized).lnk = C:\Program Files\MP3 Rocket\MP3Rocket.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\EarthLink\Toolbar\SearchUI.dll/search.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\scieplugin.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos1.walmart.com/WalmartActivia.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{00B599EE-5D2E-4662-84FF-7BC7D73855F8}: NameServer = 93.188.164.221,93.188.161.89
O17 - HKLM\System\CCS\Services\Tcpip\..\{7EA7CDFF-1CA4-4631-9D69-172807566E9B}: NameServer = 93.188.164.221,93.188.161.89
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.164.221,93.188.161.89
O17 - HKLM\System\CS1\Services\Tcpip\..\{00B599EE-5D2E-4662-84FF-7BC7D73855F8}: NameServer = 93.188.164.221,93.188.161.89
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.221,93.188.161.89
O20 - AppInit_DLLs: C:\PROGRA~1\PCSECU~1\THESHI~1\r3hook.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\aestsrv.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: The Shield Deluxe 2008 (AVP) - PCSecurityShield - C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: gupdate1ca1f9a5960b880 - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,170
Mar 17, 2010 at 01:48 PM
Mar 17, 2010 at 01:48 PM
Hello Cathy
Thank you for the log and also for the info on the Pack Win virus. Incidently it is not a rogue security virus, just a plain trojan.
Your processes are okay and clean.
Please run Hyjackthis again and just request a scan, no log
When the scan has ended check the following items:
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (NOT CRITICAL BUT A SECURITY RISK)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
The please click on Fix Checked.
Close Hyjackthis
Download to your desktop Malwarebyte.
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/es-anti-malware
Once on your desktop, we must still outwit the virus.
Right click on the MBAM icon and click on rename. Rename it Explorer.exe.
Install Malwarebyte and launch it. From the second tab, update it.
Pretty please, request a FULL system scan which should take more than hour. Once the scan is finish, delete all of item that were found.
Once your computer is clean and working normally just to be on the safe side
•Turn off system restore and wait 30 seconds,
•Turn it back on and create a new restore point.
This way it gets rid of anything bad that might have gotten saved in a restore point and you have a clean restore point to use in the near future if needed.
Do not turn it off until your computer is clean and working normally because you might need to use it if something goes wrong during the clean-up process.
To disable system restore and create a new restore point, here are two links with some pics
https://www.howtogeek.com/howto/windows-vista/disable-system-restore-in-windows-vista/
https://www.howtogeek.com/howto/windows-vista/create-a-restore-point-for-windows-vistas-system-restore/
Please let me know how you did. From here on end, I think we can cry victory.
Jules
Thank you for the log and also for the info on the Pack Win virus. Incidently it is not a rogue security virus, just a plain trojan.
Your processes are okay and clean.
Please run Hyjackthis again and just request a scan, no log
When the scan has ended check the following items:
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (NOT CRITICAL BUT A SECURITY RISK)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
The please click on Fix Checked.
Close Hyjackthis
Download to your desktop Malwarebyte.
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/es-anti-malware
Once on your desktop, we must still outwit the virus.
Right click on the MBAM icon and click on rename. Rename it Explorer.exe.
Install Malwarebyte and launch it. From the second tab, update it.
Pretty please, request a FULL system scan which should take more than hour. Once the scan is finish, delete all of item that were found.
Once your computer is clean and working normally just to be on the safe side
•Turn off system restore and wait 30 seconds,
•Turn it back on and create a new restore point.
This way it gets rid of anything bad that might have gotten saved in a restore point and you have a clean restore point to use in the near future if needed.
Do not turn it off until your computer is clean and working normally because you might need to use it if something goes wrong during the clean-up process.
To disable system restore and create a new restore point, here are two links with some pics
https://www.howtogeek.com/howto/windows-vista/disable-system-restore-in-windows-vista/
https://www.howtogeek.com/howto/windows-vista/create-a-restore-point-for-windows-vistas-system-restore/
Please let me know how you did. From here on end, I think we can cry victory.
Jules
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,170
Mar 17, 2010 at 04:52 PM
Mar 17, 2010 at 04:52 PM
Dear Cathy,
When you run Hyjackthis, do not request a log, just the scan and you will see the check boxes.
Because of the virus, Malwarebyte may have been corrupted. Download a fresh copy and insure you rename it to Explorer.exe.
See you later alligator
When you run Hyjackthis, do not request a log, just the scan and you will see the check boxes.
Because of the virus, Malwarebyte may have been corrupted. Download a fresh copy and insure you rename it to Explorer.exe.
See you later alligator
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,170
Mar 17, 2010 at 06:26 PM
Mar 17, 2010 at 06:26 PM
Hello Cathy,
How did you do?
7:30 PM here and logging off.
Talk to you tomorrow.
How did you do?
7:30 PM here and logging off.
Talk to you tomorrow.
Bad New.....did scan with Stopzilla. It found a lot of infected files. I deleted them. Then it asked me to reboot...I did....Tried to get on internet.....computer is still hijacked with vista security tool. Also
computer is running really slow...took forever to reboot.
I am ready to pul my hair out.....what is going on?
computer is running really slow...took forever to reboot.
I am ready to pul my hair out.....what is going on?
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,170
Mar 18, 2010 at 05:06 AM
Mar 18, 2010 at 05:06 AM
Cathy
Pretty please, did you remove the items I listed on Hyjackthis? This is the heart of the procedure. Then even after your removed the Hyjackthis items and can't update Malwarebyte please run it. Of course, Stopzilla will not help.
Please confirm that you have removed the items from Hyjackthis. Thank you.
Pretty please, did you remove the items I listed on Hyjackthis? This is the heart of the procedure. Then even after your removed the Hyjackthis items and can't update Malwarebyte please run it. Of course, Stopzilla will not help.
Please confirm that you have removed the items from Hyjackthis. Thank you.
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,170
Mar 18, 2010 at 05:08 AM
Mar 18, 2010 at 05:08 AM
Cathy
Pretty please, did you remove the items I listed on Hyjackthis? This is the heart of the procedure. Then even after your removed the Hyjackthis items and can't update Malwarebyte please run it. Of course, Stopzilla will not help.
Please confirm that you have removed the items from Hyjackthis. Thank you.
Pretty please, did you remove the items I listed on Hyjackthis? This is the heart of the procedure. Then even after your removed the Hyjackthis items and can't update Malwarebyte please run it. Of course, Stopzilla will not help.
Please confirm that you have removed the items from Hyjackthis. Thank you.
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,170
Mar 18, 2010 at 05:08 AM
Mar 18, 2010 at 05:08 AM
Cathy
Pretty please, did you remove the items I listed on Hyjackthis? This is the heart of the procedure. Then even after your removed the Hyjackthis items and can't update Malwarebyte please run it. Of course, Stopzilla will not help.
Please confirm that you have removed the items from Hyjackthis. Thank you.
Pretty please, did you remove the items I listed on Hyjackthis? This is the heart of the procedure. Then even after your removed the Hyjackthis items and can't update Malwarebyte please run it. Of course, Stopzilla will not help.
Please confirm that you have removed the items from Hyjackthis. Thank you.
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,170
Mar 18, 2010 at 06:49 AM
Mar 18, 2010 at 06:49 AM
Great! I hope that have not returned since you probably rebooted yesterday.
Now, if you have renamed Malwarebyte to Explorer.exe, try to update Malwarebyte, if it does not update, please nevermind and run it while you are off Internet.
In the process you may be asked to reboot your machine. You can safely do so and the scan will continue.
Now, if you have renamed Malwarebyte to Explorer.exe, try to update Malwarebyte, if it does not update, please nevermind and run it while you are off Internet.
In the process you may be asked to reboot your machine. You can safely do so and the scan will continue.
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,170
Mar 18, 2010 at 07:02 AM
Mar 18, 2010 at 07:02 AM
Wonderful!
Already you should see some improvement. Please, go ahead with Malwarebyte as indicated above.
I am impatient to see the results.
Already you should see some improvement. Please, go ahead with Malwarebyte as indicated above.
I am impatient to see the results.
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,170
Mar 18, 2010 at 07:22 AM
Mar 18, 2010 at 07:22 AM
Because it is a deep clean tool which goes right down into the system volume information and it detects everything.
It is recommended by all the experts on this forum including those on the other versions of Kioskea (French, German, Spanish, etc.)
Just curious, what city are you working in?
Anyway, hope to hear from you when you return to your personal desktop.
It is recommended by all the experts on this forum including those on the other versions of Kioskea (French, German, Spanish, etc.)
Just curious, what city are you working in?
Anyway, hope to hear from you when you return to your personal desktop.
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,170
Mar 18, 2010 at 07:40 AM
Mar 18, 2010 at 07:40 AM
Way up north, across the border, 30 miles north of Three Rivers (between Montreal and Quebec City) a city called Shawinigan, Quebec, Canada.
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,170
Mar 18, 2010 at 10:42 AM
Mar 18, 2010 at 10:42 AM
I doubt very much if Malwarebyte does not find anything. But, since you asked, I have, in a locked cabinet, a secret potion which is sure to safely put the virus to sleep forever.
It found nine and I have removed them and now it wants me to reboot. However, I have to go meet with customers and won't be back until around 5:00pm central time. I will reboot it then....
any other instructions? You are the most patient peson I have ever seen! Thanks for all you are doing to help me
Cathy
any other instructions? You are the most patient peson I have ever seen! Thanks for all you are doing to help me
Cathy
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,170
Mar 18, 2010 at 11:06 AM
Mar 18, 2010 at 11:06 AM
No more instruction until you have finished rebooting and finished the scan.
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,170
Mar 19, 2010 at 05:22 AM
Mar 19, 2010 at 05:22 AM
Hello Cathy,
First, please do the system restore as indicated above.
Then, be daring and brave: browse to your heart's content.
Let me know how well your system works.
Regards
P.S. Your accent is charming.
First, please do the system restore as indicated above.
Then, be daring and brave: browse to your heart's content.
Let me know how well your system works.
Regards
P.S. Your accent is charming.
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,170
Mar 19, 2010 at 08:16 AM
Mar 19, 2010 at 08:16 AM
Hello Cathy,
Well at least we got the thing working and that we sent the Trojan Horse to the glue factory.
Slow you say, now we are fighting ninja turtles.
When you say slow, I assume that is while you are surfing, if so, I suspect the presence of spyware which are attempting to hyjack your browser. you may be able to see it in a Hyjackthis log in the form of a "BHO no name no file".
Now lets get down to business.
Please download Spybot Search and Destroy. During the installation process, your will be given the choice on components to install. Uncheck "Tea Timer" as I find it to be a nuisance.
Once installed, scan your system. After the scan, delete the items marked in red, but before you do let me know which ones were found.
You will be able to get Spybot through this link:
https://ccm.net/downloads/security-and-maintenance/4561-spybot-search-destroy/
Finally, you may have some applications that start at boot time which run in the background and consume your resources. Usually these applications do not need to start at boot time.
You can download and run this small tool called startuplite, which will guide you, just follow the prompts.
https://www.malwarebytes.com/mwb-download/
Finally, if you wish to check your system's intrusion safety (firewall and all) while you are surfing, you can give it the following test.
http://www.pcflank.com/pcflankleaktest.htm
Am I giving too much info at a time?
Catch you later alligator...
Well at least we got the thing working and that we sent the Trojan Horse to the glue factory.
Slow you say, now we are fighting ninja turtles.
When you say slow, I assume that is while you are surfing, if so, I suspect the presence of spyware which are attempting to hyjack your browser. you may be able to see it in a Hyjackthis log in the form of a "BHO no name no file".
Now lets get down to business.
Please download Spybot Search and Destroy. During the installation process, your will be given the choice on components to install. Uncheck "Tea Timer" as I find it to be a nuisance.
Once installed, scan your system. After the scan, delete the items marked in red, but before you do let me know which ones were found.
You will be able to get Spybot through this link:
https://ccm.net/downloads/security-and-maintenance/4561-spybot-search-destroy/
Finally, you may have some applications that start at boot time which run in the background and consume your resources. Usually these applications do not need to start at boot time.
You can download and run this small tool called startuplite, which will guide you, just follow the prompts.
https://www.malwarebytes.com/mwb-download/
Finally, if you wish to check your system's intrusion safety (firewall and all) while you are surfing, you can give it the following test.
http://www.pcflank.com/pcflankleaktest.htm
Am I giving too much info at a time?
Catch you later alligator...
Hi,
I'm sorry for hijacking your board but I've been trying to follow your instructions to get rid of this annoying spyware. I too started off with the rkill and then malwarebytes and it hasn't worked. Now I've been trying to continue with your advice but when I try to download the process explorer to my C drive it says I don't have the authority to do that. Now I'm stuck and I really don't know what to do!!!
Again, sorry for the interruption.
Tash
I'm sorry for hijacking your board but I've been trying to follow your instructions to get rid of this annoying spyware. I too started off with the rkill and then malwarebytes and it hasn't worked. Now I've been trying to continue with your advice but when I try to download the process explorer to my C drive it says I don't have the authority to do that. Now I'm stuck and I really don't know what to do!!!
Again, sorry for the interruption.
Tash
