Logfile of HijackThis v1.99.1 Scan saved at 12:11:26 AM, on 6/6/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE C:\Program Files\blueyonder\PCguard advisor\PCguardadvisor.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\antivirus\SpyCatcher\Protector.exe C:\Program Files\antivirus\SpyCatcher\Scheduler daemon.exe C:\Program Files\blueyonder IST\bin\mpbtn.exe C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Program Files\Windows Media Player\WMPNetwk.exe C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Magic Holdem\magic.exe C:\Program Files\Magic Holdem\MagicMenu.exe C:\Documents and Settings\Laura\Desktop\mark\LimeWire\LimeWire.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\antivirus\Spyware Terminator\SpywareTerminatorShield.exe C:\Program Files\antivirus\Spyware Terminator\SpywareTerminator.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\HJT\HijackThis.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher\SCActiveBlock.dll (file missing) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42" O4 - HKLM\..\Run: [PCguardadvisor.exe] "C:\Program Files\blueyonder\PCguard advisor\PCguardadvisor.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\antivirus\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MagicHoldem] C:\Program Files\Magic Holdem\SuMagic.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Scheduler.lnk = C:\Program Files\antivirus\SpyCatcher\Scheduler daemon.exe O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\antivirus\SpyCatcher\Protector.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145374730562 O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - file://C:\Documents and Settings\wee manny\Local Settings\Temp\ckz.tmp17828e\motive\files\MotivePreQual.cab O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flashpoker.ladbrokes.com/Ladbrokes/FlashAX.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{3A7E73B0-E3F0-485D-A2B3-A38616C3EF80}: NameServer = 85.255.113.93,85.255.112.210 O17 - HKLM\System\CCS\Services\Tcpip\..\{6DE70250-FD7B-479A-A69A-BAD04FF25B56}: NameServer = 85.255.113.93,85.255.112.210 O17 - HKLM\System\CCS\Services\Tcpip\..\{D74D44D5-9DEB-44F7-8013-C61FDDB74FCB}: NameServer = 85.255.113.93,85.255.112.210 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.93 85.255.112.210 O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.113.93 85.255.112.210 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.93 85.255.112.210 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: secuload.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: Windows Defender (WinDefend) - Unknown owner - C:\Program Files\Windows Defender\MsMpEng.exe (file missing)
i have ran the following programs before performing hijackthis scan: spycatcher, spyware terminator, spyware blaster, rogueremover & adaware se. i still get my google search results hijacked and have issues with the general running of my computer. I dont know what else to do.
Hi mtlaw01! You have nasty thing called WareOut.(See those O17-lines in HJT logfile) With these instructions we can clean your computer. Download and Run FixWarout Please download FixWareout from one of these sites: http://downloads.subratam.org/Fixwareout.exe http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal. At the end of the fix, you may need to restart your computer again. Remove bad HijackThis entries * Run HijackThis * Click on the Scan button * Put a check beside all of the items listed below (if present): O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher\SCActiveBlock.dll (file missing) O17 - HKLM\System\CCS\Services\Tcpip\..\{3A7E73B0-E3F0-485D-A2B3-A38616C3EF80}: NameServer = 85.255.113.93,85.255.112.210 O17 - HKLM\System\CCS\Services\Tcpip\..\{6DE70250-FD7B-479A-A69A-BAD04FF25B56}: NameServer = 85.255.113.93,85.255.112.210 O17 - HKLM\System\CCS\Services\Tcpip\..\{D74D44D5-9DEB-44F7-8013-C61FDDB74FCB}: NameServer = 85.255.113.93,85.255.112.210 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.93 85.255.112.210 O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.113.93 85.255.112.210 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.93 85.255.112.210 * Close all open windows and browsers/email, etc... * Click on the "Fix Checked" button * When completed, close the application. Now lets check some settings on your system. (2000/XP) Only In the windows control panel. If you are using Windows XP's Category View, select the Network and Internet Connections category otherwise double click on Network Connections. Then right click on your default connection, usually local area connection for cable and dsl, and left click on properties. Click the Networking tab. Double-click on the Internet Protocol (TCP/IP) item and select the radio dial that says Obtain DNS servers automatically Press OK twice to get out of the properties screen and reboot if it asks. That option might not be avaiable on some systems Next Go start run type cmd and hit OK type ipconfig /flushdns then hit enter, type exit hit enter (that space between g and / is needed) Finally, please post a fresh HijackThis log, along with the contents of the logfile C:\fixwareout\report.txt
xwareout Last edited 5/15/2007 Post this report in the forums please ... »»»»»Prerun check »»»»» »»»»» Postrun check HKLM\SOFTWARE\~\Winlogon\ "system"="" .... .... »»»»» Misc files. .... »»»»» Checking for older varients. .... Search five digit cs, dm, kd, jb, other, files. The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection. Click browse, find the file then click submit. http://www.virustotal.com/flash/index_en.html Or http://virusscan.jotti.org/ »»»»» Other C:\WINDOWS\Temp\kdxdt.ren 66498 08/04/2004 »»»»» Current runs [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SiSUSBRG"="C:\\WINDOWS\\SiSUSBrg.exe" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "EPSON Stylus C42 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S10IC2.EXE /P23 \"EPSON Stylus C42 Series\" /O6 \"USB001\" /M \"Stylus C42\"" "PCguardadvisor.exe"="\"C:\\Program Files\\blueyonder\\PCguard advisor\\PCguardadvisor.exe\"" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\"" "PCSuiteTrayApplication"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\LAUNCH~1.EXE -startup" "SpywareTerminator"="\"C:\\Program Files\\antivirus\\Spyware Terminator\\SpywareTerminatorShield.exe\"" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "MagicHoldem"="C:\\Program Files\\Magic Holdem\\SuMagic.exe" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" .... Hosts file was reset, If you use a custom hosts file please replace it »»»»» End report »»»»»
Logfile of HijackThis v1.99.1 Scan saved at 10:28:33 PM, on 6/7/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE C:\Program Files\blueyonder\PCguard advisor\PCguardadvisor.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE C:\Program Files\antivirus\Spyware Terminator\SpywareTerminatorShield.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Program Files\antivirus\SpyCatcher\Protector.exe C:\Program Files\blueyonder IST\bin\mpbtn.exe C:\Program Files\antivirus\Spyware Terminator\SpywareTerminator.exe C:\Program Files\antivirus\SpyCatcher\Scheduler daemon.exe C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Magic Holdem\magic.exe C:\Program Files\Magic Holdem\MagicMenu.exe C:\HJT\HijackThis.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42" O4 - HKLM\..\Run: [PCguardadvisor.exe] "C:\Program Files\blueyonder\PCguard advisor\PCguardadvisor.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\antivirus\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MagicHoldem] C:\Program Files\Magic Holdem\SuMagic.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Scheduler.lnk = C:\Program Files\antivirus\SpyCatcher\Scheduler daemon.exe O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\antivirus\SpyCatcher\Protector.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145374730562 O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - file://C:\Documents and Settings\wee manny\Local Settings\Temp\ckz.tmp17828e\motive\files\MotivePreQual.cab O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flashpoker.ladbrokes.com/Ladbrokes/FlashAX.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: secuload.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: Windows Defender (WinDefend) - Unknown owner - C:\Program Files\Windows Defender\MsMpEng.exe (file missing)
Seems to me that you don't have either firewall or anti-virus on your computer. Windows Defender doesn't help much. Use an Anti Virus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See this link for a listing of some on line & their stand-alone anti virus programs: Computer Safety On line - Anti-Virus I use AVG Anti-Virus (Free Edition) but you might just prefer something different! Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out. As you did this, we can begin with the fix. ============ I don't see any firewall running on your computer? Please download one from here After Downloading & Installing firewall we can continue ============ After you have downloaded, installed and updated your firewall & anti-virus, you can help me by doing some research. ============ Run HijackThis Click on do a system scan only Place a checkmark next to these lines(if still present) O2 - BHO: (no name) - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file) Then close all windows except Hijackthis and click Fix Checked ============ And here is the research. I'm not sure if this file is OK, but if you could send it to Virustotal we can be sure Upload a File to Virustotal Please visit Virustotal * Click the Browse... button * Navigate to the file C:\WINDOWS\system32\secuload.dll * Click the Open button * Click the Send button * Copy and paste the results back here please. Please post fresh HijackThis log and Virustotal results.
i am currently downloading firewall and antivirus, i already have spycatcher and spyware terminator-what role do they play? i cannot find a way to uninstall these programs either. thanks very much for your time!
I cannot find C:/windows/system32 the closest I can find is C:/windows/system i do not know where system32 has gone.
[*]Go to Start > My Computer [*]Go to Tools > Folder Options [*]Click on the View tab [*]Untick the following: [*]Hide extensions for known file types [*]Hide protected operating system files (Recommended) [*]You will get a message warning you about showing protected operating system files, click Yes [*]Make sure this option is selected: [*]Show hidden files and folders [*]Click Apply and then click OK Then go on with my previous instructions.
