# confused??



## ixiboneheadixi

my computer was being the typical piece of shit that it is then my browser kept bringing me to different pages, so i ran malwarebytes, it said it didnt find anything, but after i ran it everything was working again, im so confused?? lol


----------



## johnb35

Are you running the latest version of malwarebytes?  Post a hijackthis log for me.

Download the *HijackThis* installer from *here*.  
Run the installer and choose *Install*, indicating that you accept the licence agreement.  The installer will place a shortcut on your desktop and launch HijackThis.

Click *Do a system scan and save a logfile*

_Most of what HijackThis lists will be harmless or even essential, don't fix anything yet._

When the hijackthis log appears in a notepad file, click on the edit menu, click select all, then click on the edit menu again and click on copy.  Come back to your reply and right click on your mouse and click on paste.

Post the logfile that HijackThis produces


----------



## ixiboneheadixi

some thing came up saying my system is denying it access, and when it finished the log came up blank


----------



## johnb35

Right click on the hijackthis icon and click on "run as".  If the run as option doesn't appear then press and hold the shift key while right clicking on hijackthis to get the option to appear.


----------



## ixiboneheadixi

it opens and runs just fine, during the middle of the scan thats when it says this 'for some reason your system denied write acces to the host file, if any hijacked domains are in this file hijackthis may not be able to fix this'


----------



## johnb35

You need to run it as admin.  PLease do what I suggested and it will work just fine and create the log.  You are either running vista or windows 7 and it needs admin privileges to run.


----------



## ixiboneheadixi

johnb35 said:


> You need to run it as admin.  PLease do what I suggested and it will work just fine and create the log.  You are either running vista or windows 7 and it needs admin privileges to run.



i am running it as an admin


----------



## ixiboneheadixi

ok after multiple times clicking on it it finally worked, and also keep in mind im not the only oen who used this computer and my family ****ed it right up some how so now only i use it. so idk what they did to it.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:55:17 PM, on 14/09/2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16839)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\AIM\aim.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Users\Patrick\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Freecorder\FLVSrvc.exe
C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\4.4\iobitToolbarIE.dll (file missing)
R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\4.4\iobitToolbarIE.dll (file missing)
O2 - BHO: Freecorder - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\4.4\iobitToolbarIE.dll (file missing)
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
O4 - HKCU\..\Run: [Google Update] "C:\Users\Patrick\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [conhost] C:\Users\Patrick\AppData\Roaming\Microsoft\conhost.exe
O4 - HKCU\..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\ooVoo.exe /minimized
O4 - HKCU\..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
O4 - HKCU\..\Run: [Easy-Hide-IP] C:\Program Files (x86)\Easy-Hide-IP\easy-hide-ip.exe
O4 - HKCU\..\Run: [googletalk] C:\Users\Patrick\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe
O4 - Global Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\easyredirect.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\easyredirect.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\easyredirect.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\easyredirect.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\easyredirect.dll
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/m3/photouploadcontrol/VistaMSNPUplden-ca.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O20 - AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~3\GO36F4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Application Updater - Unknown owner - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (file missing)
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: EasyRedirect - EasyTech - C:\Program Files (x86)\Easy-Hide-IP\rdr\EasyRedirect.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 17931 bytes


----------



## johnb35

Ok, I see you have some issues we need to deal with, and can tell where your redirect issues is coming from.  Please do the following things in order.  I see that you have 2 antivirus programs running right now, AVG and Nortons... thats a no no.  Please uninstall both temporarily until we get this cleaned up.  You can reinstall either one or either AVAST or Microsoft Security Essentials AFTER we are done.

1.

  Please download and run TDSSkiller

When the program opens, click on the start scan button.

TDSSKiller will now scan your computer for the TDSS infection. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.






To remove the infection simply click on the Continue button and TDSSKiller will attempt to clean the infection.

When it has finished cleaning the infection you will see a report stating whether or not it was successful as shown below.






If the log says will be cured after reboot, please reboot the system by pressing the reboot now button.

After running there will be a log that will be located at the root of your c:\ drive labeled tdsskiller with a series of numbers after it.  Please open the log and copy and paste it back here.

2. 

*Download and Run ComboFix*
*If you already have Combofix, please delete this copy and download it again as it's being updated regularly.*

*Download this file* here :

*Combofix*


When the page loads click on the blue combofix download link next to the BleepingComputer Mirror.
Save the file to your windows desktop.  The combofix icon will look like this when it has downloaded to your desktop.




We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:


Close all open Windows including this one. 

Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found *here*.
Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.

Please click on I agree on the disclaimer window.
ComboFix will now install itself on to your computer. When it is done, a blue screen will appear as shown below.





ComboFix is now preparing to run. When it has finished ComboFix will automatically attempt to create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.





Once the Windows Registry has finished being backed up, ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading. Otherwise you will see the following message as shown below:





At the above message box, please click on the Yes button in order for ComboFix to continue. Please follow the steps and instructions given by ComboFix in order to finish the installation of the Recovery Console.

Please click on yes in the next window to continue scanning for malware.

ComboFix will now disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.

ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.

While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan. An example of this can be seen below.





When ComboFix has finished running, you will see a screen stating that it is preparing the log report.

This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.

When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you.  

Now you just click on the edit menu and click on select all, then click on the edit menu again and click on copy.  Then come to the forum in your reply and right click on your mouse and click on paste.  



In your next reply please post:

The ComboFix log
A fresh HiJackThis log
An update on how your computer is running

3.

After you run combofix, please navigate to C:\qoobox and in that folder will be a file named add-remove programs.txt.  Please open that file and copy and paste the contents back here.


----------



## ixiboneheadixi

TDSSKiller did not find anything


----------



## ixiboneheadixi

shall i just continue with the rest of what you told me?


----------



## johnb35

ok, continue on with the other procedures.


----------



## ixiboneheadixi

ok my computer is being so gaay, and i have way too much shit on here, is there anyway i can just wipe everything and be done with it?


----------



## johnb35

What is it doing?  Its much easier to clean an infection then to reinstall windows.


----------



## ixiboneheadixi

johnb35 said:


> What is it doing?  Its much easier to clean an infection then to reinstall windows.



ok im back, im slowly getting through it, it just completely froze up for about 5 min it black screened i coudlnt see my mouse or anything


----------



## ixiboneheadixi

ComboFix 11-09-14.02 - Patrick 14/09/2011  20:02:23.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.2.1033.18.3839.2656 [GMT -4:00]
Running from: c:\users\Patrick\Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Norton Internet Security *Enabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Blinkx
c:\program files (x86)\Blinkx\blinkx.ico
c:\program files (x86)\Blinkx\blinkxss.exe
c:\program files (x86)\Blinkx\blinkxstop.exe
c:\program files (x86)\Blinkx\lang.dll
c:\program files (x86)\Blinkx\templates\beat.ico
c:\program files (x86)\Blinkx\templates\index.html
c:\program files (x86)\Blinkx\templates\noflash.html
c:\program files (x86)\Blinkx\templates\offline.html
c:\program files (x86)\Blinkx\templates\offline.swf
c:\program files (x86)\Blinkx\templates\uninstall.exe
c:\users\Patrick\AppData\Roaming\8F9E.165
c:\users\Patrick\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
c:\users\Patrick\AppData\Roaming\Microsoft\conhost.exe
.
.
(((((((((((((((((((((((((   Files Created from 2011-08-15 to 2011-09-15  )))))))))))))))))))))))))))))))
.
.
2011-09-15 00:07 . 2011-09-15 00:07	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-09-14 21:55 . 2011-09-14 21:55	388096	----a-r-	c:\users\Patrick\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-14 21:55 . 2011-09-14 21:55	--------	d-----w-	c:\program files (x86)\Trend Micro
2011-09-14 00:56 . 2011-09-14 00:56	--------	d-----w-	c:\program files (x86)\EasyMP3Recorder
2011-09-14 00:49 . 2011-09-14 00:49	--------	d-----w-	c:\users\Patrick\AppData\Local\Jaksta_Technologies_Pty_L
2011-09-14 00:48 . 2011-06-26 00:56	33888	----a-w-	c:\windows\system32\drivers\appliand.sys
2011-09-14 00:48 . 2011-09-14 00:48	--------	d-----w-	c:\program files (x86)\Applian Technologies
2011-09-14 00:47 . 2011-09-14 00:49	--------	d-----w-	c:\users\Patrick\AppData\Roaming\Replay Media Catcher 4
2011-09-14 00:47 . 2011-09-14 00:47	--------	d-----w-	c:\programdata\Applian
2011-09-14 00:41 . 2011-09-14 01:09	--------	d-----w-	c:\users\Patrick\AppData\Local\Conduit
2011-08-30 18:39 . 2011-08-30 18:39	18328	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-08-26 18:38 . 2011-08-26 18:38	--------	d-----w-	c:\program files (x86)\RocketDock
2011-08-26 17:44 . 2011-08-26 17:44	--------	dc-h--w-	c:\programdata\{1C533CDB-BAC7-4600-B3DE-0B628D9AC643}
2011-08-26 17:44 . 2011-08-26 17:44	--------	d-----w-	c:\program files (x86)\Stardock
2011-08-26 09:24 . 2011-08-26 09:24	--------	d-----w-	c:\users\Patrick\AppData\Local\ODUI
2011-08-26 09:24 . 2011-08-26 09:24	--------	d-----w-	c:\users\Patrick\AppData\Roaming\Stardock
2011-08-26 09:24 . 2011-08-26 09:24	--------	d-----w-	c:\users\Patrick\AppData\Local\Stardock
2011-08-26 09:23 . 2011-08-26 09:23	--------	d-----w-	c:\users\Patrick\AppData\Local\PackageAware
2011-08-26 08:17 . 2011-08-26 08:46	--------	d-----w-	c:\program files (x86)\SpeedFan
2011-08-26 08:01 . 2011-08-26 08:01	--------	d-----w-	c:\users\Patrick\AppData\Roaming\Rainmeter
2011-08-26 08:01 . 2011-08-26 08:01	--------	d-----w-	c:\program files\Rainmeter
2011-08-25 01:10 . 2011-07-09 05:14	2048	----a-w-	c:\windows\system32\tzres.dll
2011-08-25 01:10 . 2011-07-09 04:30	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2011-08-16 21:29 . 2011-08-29 04:14	--------	d-----w-	c:\users\Patrick\ipod
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-31 21:00 . 2011-07-22 21:32	25416	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-08-26 17:54 . 2009-07-13 23:57	21986304	----a-w-	c:\windows\system32\imageres.dll
2011-07-22 05:35 . 2011-08-10 16:38	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2011-07-22 04:56 . 2011-08-10 16:38	1638912	----a-w-	c:\windows\SysWow64\mshtml.tlb
2011-07-16 05:26 . 2011-08-10 16:39	362496	----a-w-	c:\windows\system32\wow64win.dll
2011-07-16 05:26 . 2011-08-10 16:39	243200	----a-w-	c:\windows\system32\wow64.dll
2011-07-16 05:26 . 2011-08-10 16:39	13312	----a-w-	c:\windows\system32\wow64cpu.dll
2011-07-16 05:26 . 2011-08-10 16:39	214528	----a-w-	c:\windows\system32\winsrv.dll
2011-07-16 05:24 . 2011-08-10 16:39	16384	----a-w-	c:\windows\system32\ntvdm64.dll
2011-07-16 05:21 . 2011-08-10 16:39	422400	----a-w-	c:\windows\system32\KernelBase.dll
2011-07-16 05:17 . 2011-08-10 16:39	338432	----a-w-	c:\windows\system32\conhost.exe
2011-07-16 05:04 . 2011-08-10 16:39	3072	---ha-w-	c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 16:39	3072	---ha-w-	c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 16:39	4608	---ha-w-	c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 16:39	4096	---ha-w-	c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 16:39	4096	---ha-w-	c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 16:39	3072	---ha-w-	c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 16:39	3072	---ha-w-	c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 16:39	3072	---ha-w-	c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 16:39	3072	---ha-w-	c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 16:39	6144	---ha-w-	c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 16:39	5120	---ha-w-	c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 16:39	4608	---ha-w-	c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 16:39	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 16:39	3584	---ha-w-	c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 16:39	3584	---ha-w-	c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 16:39	3584	---ha-w-	c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 16:39	3584	---ha-w-	c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 16:39	3584	---ha-w-	c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 16:39	3584	---ha-w-	c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 16:39	3584	---ha-w-	c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 16:39	3072	---ha-w-	c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 16:39	3072	---ha-w-	c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 16:39	3072	---ha-w-	c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 16:39	3072	---ha-w-	c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 16:39	3072	---ha-w-	c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 16:39	3072	---ha-w-	c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 16:39	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 16:39	3072	---ha-w-	c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 04:36 . 2011-08-10 16:39	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2011-07-16 04:32 . 2011-08-10 16:39	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2011-07-16 04:31 . 2011-08-10 16:39	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2011-07-16 04:30 . 2011-08-10 16:39	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2011-07-16 04:30 . 2011-08-10 16:39	272384	----a-w-	c:\windows\SysWow64\KernelBase.dll
2011-07-16 04:19 . 2011-08-10 16:39	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 16:39	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 16:39	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 16:39	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 16:39	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 16:39	4608	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 16:39	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 16:39	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 16:39	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 16:39	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 16:39	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 16:39	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 16:39	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 16:39	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 16:39	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 16:39	5120	---ha-w-	c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 16:39	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 16:39	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 16:39	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 16:39	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 16:39	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 16:39	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 16:39	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 16:39	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:26 . 2011-08-10 16:39	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2011-07-16 02:26 . 2011-08-10 16:39	2048	----a-w-	c:\windows\SysWow64\user.exe
2011-07-16 02:21 . 2011-08-10 16:39	6144	---ha-w-	c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21 . 2011-08-10 16:39	4608	---ha-w-	c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21 . 2011-08-10 16:39	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21 . 2011-08-10 16:39	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 02:44 . 2011-08-10 16:39	287744	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2011-06-23 05:29 . 2011-08-10 16:38	5507968	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-06-23 04:38 . 2011-08-10 16:38	3957120	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2011-06-23 04:38 . 2011-08-10 16:38	3902336	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2011-06-21 06:27 . 2011-08-10 16:39	1896832	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-06-21 06:20 . 2011-08-10 16:38	1197056	----a-w-	c:\windows\system32\wininet.dll
2011-06-21 06:20 . 2011-08-10 16:38	57856	----a-w-	c:\windows\system32\licmgr10.dll
2011-06-21 05:36 . 2011-08-10 16:38	981504	----a-w-	c:\windows\SysWow64\wininet.dll
2011-06-21 05:35 . 2011-08-10 16:38	44544	----a-w-	c:\windows\SysWow64\licmgr10.dll
2011-06-21 05:05 . 2011-08-10 16:38	482816	----a-w-	c:\windows\system32\html.iec
2011-06-21 04:26 . 2011-08-10 16:38	386048	----a-w-	c:\windows\SysWow64\html.iec
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files (x86)\Freecorder\prxtbFre0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2011-01-17 20:54	175912	----a-w-	c:\program files (x86)\Freecorder\prxtbFre0.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 17:51	3911776	----a-w-	c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files (x86)\Freecorder\prxtbFre0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-01-04 396152]
"Aim"="c:\program files (x86)\AIM\aim.exe" [2011-01-05 4321112]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"ooVoo.exe"="c:\program files (x86)\ooVoo\ooVoo.exe" [2011-05-18 22631608]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"Easy-Hide-IP"="c:\program files (x86)\Easy-Hide-IP\easy-hide-ip.exe" [2011-07-11 4569600]
"googletalk"="c:\users\Patrick\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Google Desktop Search"="c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" [2011-08-26 30192]
"Freecorder FLV Service"="c:\program files (x86)\Freecorder\FLVSrvc.exe" [2011-03-24 167936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA&inst=NwA3AC0AMwA4ADYANQA2ADcANwAzADQALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQAxADAAQgArADIALQBYAE8AOQArADEALQBGADkATQAyACsAMQAtAEQARABUACsANAAwADkANgAzAC0ARABEADkAMABGACsAMQAtAFMAVAA5ADAARgBBAFAAUAArADEA&prod=90&ver=9.0.894" [?]
.
c:\users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDockFree\ObjectDock.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-2-6 100352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-28 136176]
R3 appliand;Applian Network Service;c:\windows\system32\DRIVERS\appliand.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2011-08-26 30192]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-28 136176]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 EasyRedirect;EasyRedirect;c:\program files (x86)\Easy-Hide-IP\rdr\EasyRedirect.exe [2011-05-03 3092480]
S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [x]
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-28 00:56]
.
2011-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-28 00:56]
.
2011-09-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2543763744-3819054908-2750359548-1000Core.job
- c:\users\Patrick\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-01 00:56]
.
2011-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2543763744-3819054908-2750359548-1000UA.job
- c:\users\Patrick\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-01 00:56]
.
2011-08-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-29 16333856]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-15 610360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\EasyRedirect.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 24.226.1.93 24.226.10.193 24.226.10.194
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Wow6432Node-HKCU-Run-conhost - c:\users\Patrick\AppData\Roaming\Microsoft\conhost.exe
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{5B291E6C-9A74-4034-971B-A4B007A0B315} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-All Sound Recorder_is1 - c:\program files (x86)\All Sound Recorder\unins000.exe
AddRemove-blinkx beat - c:\program files (x86)\Blinkx\templates\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-09-14  20:09:02
ComboFix-quarantined-files.txt  2011-09-15 00:09
.
Pre-Run: 428,985,864,192 bytes free
Post-Run: 431,665,844,224 bytes free
.
- - End Of File - - F4D609FCEFB2A162AC8BE83F3E49E08A





Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:11:49 PM, on 14/09/2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16839)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Freecorder\FLVSrvc.exe
C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Patrick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Freecorder - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA"&"inst=NwA3AC0AMwA4ADYANQA2ADcANwAzADQALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQAxADAAQgArADIALQBYAE8AOQArADEALQBGADkATQAyACsAMQAtAEQARABUACsANAAwADkANgAzAC0ARABEADkAMABGACsAMQAtAFMAVAA5ADAARgBBAFAAUAArADEA"&"prod=90"&"ver=9.0.894
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\ooVoo.exe /minimized
O4 - HKCU\..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
O4 - HKCU\..\Run: [Easy-Hide-IP] C:\Program Files (x86)\Easy-Hide-IP\easy-hide-ip.exe
O4 - HKCU\..\Run: [googletalk] C:\Users\Patrick\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe
O4 - Global Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\easyredirect.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\easyredirect.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\easyredirect.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\easyredirect.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\easyredirect.dll
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/m3/photouploadcontrol/VistaMSNPUplden-ca.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Application Updater - Unknown owner - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: EasyRedirect - EasyTech - C:\Program Files (x86)\Easy-Hide-IP\rdr\EasyRedirect.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 14653 bytes


add remove programs thing


 Update for Microsoft Office 2007 (KB2508958)
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Shockwave Player 11.5
AIM 7
Akamai NetSession Interface
Apple Application Support
Apple Software Update
ASIO4ALL
µTorrent
AV Voice Changer Software DIAMOND 6.0
AV Voice Changer Software DIAMOND 7.0
AVS Update Manager 1.0
AVS Video Converter 7
AVS4YOU Software Navigator 1.4
Barbarian Invasion
blinkx beat
Click to Call with Skype
Compatibility Pack for the 2007 Office system
Conduit Engine
CyberLink DVD Suite Deluxe
D3DX10
DAEMON Tools Lite
DirectX for Managed Code Update (Summer 2004)
DivX Setup
Download Updater (AOL LLC)
Driver Detective
Drumaxx
DVD Menu Pack for HP MediaSmart Video
Easy-Hide-IP 4.1.1.0
Easy MP3 Recorder v3.00
EasyBits GO
Emicsoft Video Converter
FitLive 1.1.22
Freecorder 4
Freecorder 5
Freecorder Toolbar
GameSpy Arcade
GIMP 2.6.11
Google Chrome
Google Desktop
Google Earth
Google SketchUp 7
Google Talk (remove only)
Google Update Helper
HiJackThis
HP Advisor
HP Customer Experience Enhancements
HP Games
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP Odometer
HP Remote Solution
HP Setup
HP Support Assistant
HP Support Information
HP Update
HPAsset component for HP Active Support Library
IconPackager
IMCapture for Skype
IObit Toolbar v4.4
Java Auto Updater
Java(TM) 6 Update 26
LabelPrint
LightScribe System Software
Malwarebytes' Anti-Malware version 1.51.2.1300
ManyCam 2.6.55 (remove only)
Microsoft Live Search Toolbar
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mount&Blade
Mount&Blade Warband
Movie Theme Pack for HP MediaSmart Video
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mumble and Murmur
My Program 1.20
NVIDIA PhysX
ooVoo
OpenAL
Pirates of the Burning Sea
Power2Go
PowerDirector
PowerISO
QuickTime
Rainmeter
Realtek High Definition Audio Driver
Recovery Manager
Replay Media Catcher 4 (4.3.0)
RocketDock 1.3.5
Rome - Total War - Alexander
Rome - Total War(TM)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype™ 5.3
Smart Defrag 2
Speak Aloud 2.0
SpeedFan (remove only)
System Requirements Lab
System Requirements Lab CYRI
Tansee iPod Copy v5.0
Unity Web Player
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Installer for WildTangent Games App
VC80CRTRedist - 8.0.50727.4053
Visual C++ 8.0 Runtime Setup Package (x64)
VLC media player 1.1.11
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinZip 14.5
World of Tanks v.0.6.5
Xvid Video Codec
Yahoo! Messenger
Yahoo! Software Update


----------



## johnb35

The first thing I saw right off the bat, was utorrent.  I highly recommend if you have any illegal or pirated software installed to uninstall it.  Utorrent is p2p software which is the number one reason why people get infected.  Please uninstall the following along with any software that I just mentioned.

Conduit Engine
utorrent - highly advise to uninstall
freecorder toolbar 


PLease download and run the nortons and avg removal tools.

nortons - ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe

AVG - http://download.avg.com/filedir/util/avgrem/avg_remover_stf_x86_2012_1796.exe

Rerun hijackthis and place checks next to the following entries.

R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Freecorder - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (file missing)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-unins...ic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMw BMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBL ADMAWAA"&"inst=NwA3AC0AMwA4ADYANQA2ADcANwAzADQALQB UAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGA DkATQAxADAAQgArADIALQBYAE8AOQArADEALQBGADkATQAyACs AMQAtAEQARABUACsANAAwADkANgAzAC0ARABEADkAMABGACsAM QAtAFMAVAA5ADAARgBBAFAAUAArADEA"&"prod=90"&"ver=9. 0.894
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com

Then click on fix checked at the bottom.  Some of those may not be there after you run the removal tools.

Download and run ccleaner

http://download.cnet.com/ccleaner/

Download, install, open the program and click on run cleaner.  This may take a few minutes if your temp files have never been deleted.

The final thing I need you to do is run an online virus scan using the Eset online scanner.

Please download and run the ESET Online Scanner
Disable any antivirus/security programs.
IMPORTANT! UN-check Remove found threats 
Accept any security warnings from your browser. 
Check Scan archives 
Click Start 
ESET will then download updates, install and then start scanning your system. 
When the scan is done, push list of found threats 
Click on Export to text file , and save the file to your desktop using a file name, such as ESETlog. Include the contents of this report in your next reply. 
If no threats are found then it won't produce a log.


----------



## ixiboneheadixi

my computer is now refusing to download anything so it wont let me get those remover things


----------



## johnb35

Reboot the system and try again.


----------



## ixiboneheadixi

i did 3 times, still nothing, and i keep getting frozen up


----------



## johnb35

Boot to safe mode with networking and try.


----------



## ixiboneheadixi

well it seems to be working better, should i still continue with those few last instuctions you gave me htough


----------



## johnb35

You can try.  If things don't get better, you may as well format and reinstall windows.


----------



## ixiboneheadixi

johnb35 said:


> You can try.  If things don't get better, you may as well format and reinstall windows.



how would i do that? cause i have no disk or anything or no way to put anything on to a disk or another drive or anything


----------



## ixiboneheadixi

ok i did everything and now i cant even watch a youtube video or anything this is retarded


----------



## johnb35

What happens when try to watch a youtube video?


----------



## ixiboneheadixi

does to some google page saying its its geting too may requests from me or something like that idk im not looking at it right now im in the middle of cooking lol


----------



## johnb35

Try this as well.

Please download Gooredfix to your desktop from *here* or *here*


Ensure all Firefox windows are closed. 
To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista/Win 7). 
When prompted to run the scan, click Yes. 
GooredFix will check for infections, and then a log will appear. 
Please copy and paste  the Goored.txt log in your next reply (it can be found on your desktop).


----------



## ixiboneheadixi

GooredFix by jpshortstuff (03.07.10.1)
Log created at 17:39 on 15/09/2011 (Patrick)
Firefox version [Unable to determine]

========== GooredScan ==========


thats all that comes up cause every time i try to run it it stops working, also that eset online scanner thing doesnt run properly either it froze at 94% like a couple hours ago, why is my computer so ****ed up? and sorry for the swearing but i can not think of any other word to describe my computer right now


----------



## johnb35

I would suggest to reinstall windows.  If this is a store bought pc then it should have a recovery partition on the hard drive and you just boot into it.  What make and model of system do you have?


----------



## ixiboneheadixi

hp pavilion


----------



## johnb35

I believe you boot the computer and press the F10 button to boot into system recovery.


----------



## ixiboneheadixi

alright i will try it soon, and re installing windows will delete like all my stuff right?


----------



## ixiboneheadixi

C:\Users\Patrick\Documents\Downloads\cnet_iconpackager_public_exe.exe	a variant of Win32/InstallCore.C application
C:\Users\Patrick\Documents\Downloads\cnet_installspeedfan444_exe.exe	a variant of Win32/InstallCore.C application
C:\Users\Patrick\Documents\Downloads\cnet_ObjectDock_free_exe.exe	a variant of Win32/InstallCore.C application

thats what came upin the eset scanner it finally worked


----------



## johnb35

ixiboneheadixi said:


> alright i will try it soon, and re installing windows will delete like all my stuff right?



yes, it will delete your stuff.  Also, see if there is an advanced options button to see if there is an option for a non destructive restore.  However, I feel a destructive restore would be better to do so you start out fresh.  back up any data you don't want deleted.


----------



## ixiboneheadixi

johnb35 said:


> yes, it will delete your stuff.  Also, see if there is an advanced options button to see if there is an option for a non destructive restore.  However, I feel a destructive restore would be better to do so you start out fresh.  back up any data you don't want deleted.



back it up on to what? i have no extra drives and no discs or anything lol


----------



## johnb35

Do you have another pc in the house?  You can take the hard drive out and attach it to the other system and copy data over.  If not, then you'll have buy another drive.


----------



## ixiboneheadixi

i just put all my pics up onto photobucket and found a couple of those little usb drives i had laying around for music and such, now im back up and running, and so far all i have done is open internet explorer and use that POS for the only thing its good for which is downloading chrome, and then opened chrome, and came here, now is there any thing i should go ahead and download right away that i need or would want, and anything i should get rid of? cause HP puts a ton of shit up on here i got norton and some ebay thing on my desktop and microsoft office which sucks and all these HP games and some HP computer dock thing


----------



## johnb35

Nortons is only a trial offer so you can uninstall it and download an antivirus program of your choosing, I recommend either AVAST or Microsoft Security Essentials.  Uninstall any games or apps that you don't use.  Office is also the trial version so you can uninstall that as well.

PLease don't IE.  I use IE8 and don't have any issues.  Yeah, its more of a malware magnet then the other broswers but as long as you know how to surf you can significantly reduce your chances of getting infected.  And if you download avast, it will usually stop you from visiting bad websites.


----------



## ixiboneheadixi

ok so should i go to add remove programs and do it from there?


----------



## johnb35

yes


----------



## ixiboneheadixi

is there a way to post a list of what i have on there so you could tell me all the useless crap thats on there? i have no clue what some of it is


----------



## ixiboneheadixi

and should i download all those thing you go me to get before i reinstalled windows that way i have them for future use


----------



## johnb35

Either Hijackthis or I believe ccleaner can export the list to a file.  Do you have either installed at this time?  I'll give you directions for both programs.

Hijackthis - Open hijackthis, click on open misc tools section, open uninstall manager, click on save list and save it.  Then copy and paste the contents of the log back here.

Ccleaner -  open Ccleaner, click on the tools tab on the left and then on the bottom right corner you will see a box that says save to text file, click on that and save it and copy and paste it back here.

I gave you links to download both programs in earlier posts.


----------



## ixiboneheadixi

ActiveCheck component for HP Active Support Library
Adobe Flash Player 10 ActiveX
AIM 7
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite Deluxe
CyberLink DVD Suite Deluxe
Download Updater (AOL LLC)
DVD Menu Pack for HP MediaSmart Video
DVD Menu Pack for HP MediaSmart Video
HiJackThis
HP Advisor
HP Customer Experience Enhancements
HP Games
HP MediaSmart DVD
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart Music/Photo/Video
HP Remote Solution
HP Remote Solution
HP Setup
HP Support Assistant
HP Update
HPAsset component for HP Active Support Library
LabelPrint
LabelPrint
LightScribe System Software
Microsoft Live Search Toolbar
Microsoft Live Search Toolbar
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Movie Theme Pack for HP MediaSmart Video
Movie Theme Pack for HP MediaSmart Video
Norton Online Backup
Power2Go
Power2Go
PowerDirector
PowerDirector
Realtek High Definition Audio Driver
Recovery Manager

thats what i got, and also do these forums have a rep thing like a lot do, becuase you would for sure get like +10 lol


----------



## johnb35

Nope, no rep system.  If we had it, it would be abused by a lot of users.  

I would uninstall the following.

HP Advisor
HP Customer Experience Enhancements
HP Games
HP MediaSmart DVD
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart Music/Photo/Video
HP Remote Solution
HP Remote Solution
HP Setup
HP Support Assistant
HP Update
HPAsset component for HP Active Support Library
Norton Online Backup

If you don't use aol or aim uninstall those as well.  Only you know what you use or not.  You have microsoft works, uninstall it if you don't need a spreadsheet or word processor.  

Look in your start menu to see if there is a program listed as hp recovery manager.  See if you can create restore cd's in case your hard drive fails on you.


----------



## ixiboneheadixi

alright thanks, and i just got aim lol so i will be using that, and i will be getting utorrent again even though you hate it lol, im careful with what i download with it


----------



## johnb35

ixiboneheadixi said:


> and i will be getting utorrent again even though you hate it lol, im careful with what i download with it



OK, we'll see.  Those are everyone's famous last words until the unthinkable happens.


----------



## ixiboneheadixi

oh well i will be building my overkill computer soon enough, i prob wont get it on there just incase but then i could use this one as just a download computer. love you john <3 lol


----------



## ixiboneheadixi

also this may be a reason why my computer was messed up too, i didnt turn it off for a few months and i never updated it or anything since i got it until today


----------



## SoMeAm

Dear ixiboneheadixi,

Hope your computer issue is now resolved. Thanks always to johnb23 who advised,  "See if you can create restore cd's in case your hard drive fails on you." You indicated that you did not have the disks in case you need to reformat your computer.  I'll be happy to get a copy of the disks to you.  You can contact me at PSGSocialMedia@HP.com with your contact and product information.

Regards,

Priscilla
HP Social Media Ambassador


----------



## ixiboneheadixi

SoMeAm said:


> Dear ixiboneheadixi,
> 
> Hope your computer issue is now resolved. Thanks always to johnb23 who advised,  "See if you can create restore cd's in case your hard drive fails on you." You indicated that you did not have the disks in case you need to reformat your computer.  I'll be happy to get a copy of the disks to you.  You can contact me at PSGSocialMedia@HP.com with your contact and product information.
> 
> Regards,
> 
> Priscilla
> HP Social Media Ambassador



well i can tell you this, i wont ever be buying HP again in my life, and also just wondering, i burnt every one of my fingers picking up my HP laptop that overheated, can i like sue HP or something?


----------

