0

Hi all, I have a friend who is having troubles with her computer. She has told me that it keeps shutting down for no reason and only started doing this recently everytime she opened MSN. She has done a registery clean, virus scan and defrag and the problem still persists. I have asked her to scan the computer with hijackthis and hoping that someone can have a look and see what may be happening.

I have attached the hijackthis scan in a txt file for your convenience.
Any help is much appreciated:)

Attachments
Scan results 
________________________________________
Scanning date:	Mon, May 18, 2009 - 06:18 PM 
Total problems found:	780
________________________________________	________________________________________
Scanning section:	Activex, OLE, COM sections
Entries found:	400
Entries:	
	Entry: HKEY_CLASSES_ROOT\CLSID\{007B0958-A3B9-4dfd-AFDD-BFC3FBE2CA09}\TypeLib 
	Valuename: 
	Value: {5E816635-6ECA-4685-A1DC-18827D9D4B38}
	Reason: ( The HKEY_CLASSES_ROOT\CLSID\{007B0958-A3B9-4dfd-AFDD-BFC3FBE2CA09}\TypeLib key points to the missing Type Library {5E816635-6ECA-4685-A1DC-18827D9D4B38} ) 
	
	Entry: HKEY_CLASSES_ROOT\CLSID\{0331F564-937E-4457-BD3F-7CACA05EA374}\TypeLib 
	Valuename: 
	Value: {65AF9433-8924-4435-9A88-47CDC9E9CFBF}
	Reason: ( The HKEY_CLASSES_ROOT\CLSID\{0331F564-937E-4457-BD3F-7CACA05EA374}\TypeLib key points to the missing Type Library {65AF9433-8924-4435-9A88-47CDC9E9CFBF} ) 
	
	Entry: HKEY_CLASSES_ROOT\CLSID\{03A7F5FF-B6BF-4367-8B6D-A507B3F7CDD7}\TypeLib 
	Valuename: 
	Value: {69CF446F-1D95-4C85-986B-99279AE0B035}
	Reason: ( The HKEY_CLASSES_ROOT\CLSID\{03A7F5FF-B6BF-4367-8B6D-A507B3F7CDD7}\TypeLib key points to the missing Type Library {69CF446F-1D95-4C85-986B-99279AE0B035} ) 
	
	Entry: HKEY_CLASSES_ROOT\CLSID\{03DC5606-EA66-4f02-AB52-2065524B0382}\TypeLib 
	Valuename: 
	Value: {5E816635-6ECA-4685-A1DC-18827D9D4B38}
	Reason: ( The HKEY_CLASSES_ROOT\CLSID\{03DC5606-EA66-4f02-AB52-2065524B0382}\TypeLib key points to the missing Type Library {5E816635-6ECA-4685-A1DC-18827D9D4B38} ) 
	
	Entry: HKEY_CLASSES_ROOT\CLSID\{050911F7-C816-4287-B811-656D097461C1}\TypeLib 
	Valuename: 
	Value: {F5ECC90A-537F-42A0-AAE3-5C0A6F64B2DE}
	Reason: ( The HKEY_CLASSES_ROOT\CLSID\{050911F7-C816-4287-B811-656D097461C1}\TypeLib key points to the missing Type Library {F5ECC90A-537F-42A0-AAE3-5C0A6F64B2DE} ) 
	
	Entry: HKEY_CLASSES_ROOT\CLSID\{0706F2B9-EFEC-4e4a-B0F1-0576E8317CFA}\TypeLib 
	Valuename: 
	Value: {5D2C86FA-E4D4-450B-894F-E7CD80A0065E}
	Reason: ( The HKEY_CLASSES_ROOT\CLSID\{0706F2B9-EFEC-4e4a-B0F1-0576E8317CFA}\TypeLib key points to the missing Type Library {5D2C86FA-E4D4-450B-894F-E7CD80A0065E} ) 
	
	Entry: HKEY_CLASSES_ROOT\CLSID\{07AD8473-5D37-4076-AF40-44FE70B07CD9}\TypeLib 
	Valuename: 
	Value: {07AD8473-5D37-4076-AF40-44FE70B07CD9}
	Reason: ( The HKEY_CLASSES_ROOT\CLSID\{07AD8473-5D37-4076-AF40-44FE70B07CD9}\TypeLib key points to the missing Type Library {07AD8473-5D37-4076-AF40-44FE70B07CD9} ) 
	
	Entry: HKEY_CLASSES_ROOT\CLSID\{096023CB-A99A-4C98-A771-DDFCB85CD9C6}\TypeLib 
	Valuename: 
	Value: {F5ECC90A-537F-42A0-AAE3-5C0A6F64B2DE}
	Reason: ( The HKEY_CLASSES_ROOT\CLSID\{096023CB-A99A-4C98-A771-DDFCB85CD9C6}\TypeLib key points to the missing Type Library {F5ECC90A-537F-42A0-AAE3-5C0A6F64B2DE} ) 
	
	Entry: HKEY_CLASSES_ROOT\CLSID\{0b1511cd-37ee-4f0a-9647-cb2785b68a29}\TypeLib 
	Valuename: 
	Value: {b3267063-8ab4-464d-a13c-1517bd6dc6f4}
	Reason: ( The HKEY_CLASSES_ROOT\CLSID\{0b1511cd-37ee-4f0a-9647-cb2785b68a29}\TypeLib key points to the missing Type Library {b3267063-8ab4-464d-a13c-1517bd6dc6f4} ) 
	
	Entry: HKEY_CLASSES_ROOT\CLSID\{0C854385-D2EC-454B-B32C-4E55504104FD}\TypeLib 
	Valuename: 
	Value: {F25E39BA-8600-45B9-8A97-92A7CDD77DF1}
	Reason: ( The HKEY_CLASSES_ROOT\CLSID\{0C854385-D2EC-454B-B32C-4E55504104FD}\TypeLib key points to the missing Type Library {F25E39BA-8600-45B9-8A97-92A7CDD77DF1} ) 
	
	Entry: HKEY_CLASSES_ROOT\CLSID\{0DFBCC08-0220-4B92-BA68-3FF392F72CDB}\TypeLib 
	Valuename: 
	Value: {69CF446F-1D95-4C85-986B-99279AE0B035}
	Reason: ( The HKEY_CLASSES_ROOT\CLSID\{0DFBCC08-0220-4B92-BA68-3FF392F72CDB}\TypeLib key points to the missing Type Library {69CF446F-1D95-4C85-986B-99279AE0B035} ) 
	
	Entry: HKEY_CLASSES_ROOT\CLSID\{0edcdb7d-cd9e-44e6-9e9a-adbaa85540e8}\TypeLib 
	Valuename: 
	Value: {b3267063-8ab4-464d-a13c-1517bd6dc6f4}
	Reason: ( The HKEY_CLASSES_ROOT\CLSID\{0edcdb7d-cd9e-44e6-9e9a-adbaa85540e8}\TypeLib key points to the missing Type Library {b3267063-8ab4-464d-a13c-1517bd6dc6f4} ) 
	
	Entry: HKEY_CLASSES_ROOT\CLSID\{1284F472-B579-4db2-8A73-FF1F39FDB485}\TypeLib 
	Valuename: 
	Value: {15F4B0DF-B5CA-445D-8342-238B2A3D46E3}
	Reason: ( The HKEY_CLASSES_ROOT\CLSID\{1284F472-B579-4db2-8A73-FF1F39FDB485}\TypeLib key points to the missing Type Library {15F4B0DF-B5CA-445D-8342-238B2A3D46E3} ) 
	
	Entry: HKEY_CLASSES_ROOT\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\TypeLib 
	Valuename: 
	Value: {166B1BC7-3F9C-11CF-8075-444553540000}
	Reason: ( The HKEY_CLASSES_ROOT\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\TypeLib key points to the missing Type Library {166B1BC7-3F9C-11CF-8075-444553540000} ) 
	
	Entry: HKEY_CLASSES_ROOT\CLSID\{166DD445-B9F6-4670-B68C-566B5E86914E}\TypeLib 
	Valuename: 
	Value: {F5ECC90A-537F-42A0-AAE3-5C0A6F64B2DE}
	Reason: ( The HKEY_CLASSES_ROOT\CLSID\{166DD445-B9F6-4670-B68C-566B5E86914E}\TypeLib key points to the missing Type Library {F5ECC90A-537F-42A0-AAE3-5C0A6F64B2DE} ) 
	
	Entry: HKEY_CLASSES_ROOT\CLSID\{168E0FA8-FE2D-4ADA-BEC9-95F7BA231035}\TypeLib 
	Valuename: 
	Value: {217F034A-DE69-44E7-82F5-F4ECB1FC6296}
	Reason: ( The HKEY_CLASSES_ROOT\CLSID\{168E0FA8-FE2D-4ADA-BEC9-95F7BA231035}\TypeLib key points to the missing Type Library {217F034A-DE69-44E7-82F5-F4ECB1FC6296} ) 
	
	Entry: HKEY_CLASSES_ROOT\CLSID\{16E79F56-23B3-4432-AFF0-29313E602728}\TypeLib 
	Valuename: 
	Value: {8E1DEC64-82C0-4BF4-B10B-D7BD565DF97E}
	Reason: ( The HKEY_CLASSES_ROOT\CLSID\{16E79F56-23B3-4432-AFF0-29313E602728}\TypeLib key points to the missing Type Library {8E1DEC64-82C0-4BF4-B10B-D7BD565DF97E} ) 
	
	Entry: HKEY_CLASSES_ROOT\CLSID\{173A0F02-694F-486A-967A-2F925EA2E8FA}\TypeLib 
	Valuename: 
	Value: {76465B51-FF5A-4EC8-8806-A611A50D8199}
	Reason: ( The HKEY_CLASSES_ROOT\CLSID\{173A0F02-694F-486A-967A-2F925EA2E8FA}\TypeLib key points to the missing Type Library {76465B51-FF5A-4EC8-8806-A611A50D8199} ) 
	
	Entry: HKEY_CLASSES_ROOT\CLSID\{17BA72BD-5C8A-40b6-B0F5-42DF7619175B}\TypeLib 
	Valuename: 
	Value: {69CF446F-1D95-4C85-986B-99279AE0B035}
	Reason: ( The HKEY_CLASSES_ROOT\CLSID\{17BA72BD-5C8A-40b6-B0F5-42DF7619175B}\TypeLib key points to the missing Type Library {69CF446F-1D95-4C85-986B-99279AE0B035} ) 
	
	Entry: HKEY_CLASSES_ROOT\CLSID\{18B30EBF-6B58-425E-AC54-831C05D91B5A}\LocalServer32 
	Valuename: 
	Value: C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
	Reason: ( The LocalServer32 points to the missing program C:\PROGRA~1\AVG\AVG8\aAvgApi.exe in the HKEY_CLASSES_ROOT\CLSID\{18B30EBF-6B58-425E-AC54-831C05D91B5A} key ) 
	
	Entry: HKEY_CLASSES_ROOT\CLSID\{1A40831B-6EF9-4D77-A4DE-95870BACC71F}\TypeLib 
	Valuename: 
	Value: {69CF446F-1D95-4C85-986B-99279AE0B035}
	Reason: ( The HKEY_CLASSES_ROOT\CLSID\{1A40831B-6EF9-4D77-A4DE-95870BACC71F}\TypeLib key points to the missing Type Library {69CF446F-1D95-4C85-986B-99279AE0B035} ) 
	
	Entry: HKEY_CLASSES_ROOT\CLSID\{1A9BB4B6-1F72-4C40-A9AC-762A486EC368}\TypeLib 
	Valuename: 
	Value: {69CF446F-1D95-4C85-986B-99279AE0B035}
	Reason: ( The HKEY_CLASSES_ROOT\CLSID\{1A9BB4B6-1F72-4C40-A9AC-762A486EC368}\TypeLib key points to the missing Type Library {69CF446F-1D95-4C85-986B-99279AE0B035} ) 
	
	Entry: HKEY_CLASSES_ROOT\CLSID\{1AB4919A-DDAE-470D-BAE2-9D846EB13559}\TypeLib 
	Valuename: 
	Value: {B6ACCE19-007D-4B3C-A966-7AB8001853AD}
	Reason: ( The HKEY_CLASSES_ROOT\CLSID\{1AB4919A-DDAE-470D-BAE2-9D846EB13559}\TypeLib key points to the missing Type Library {B6ACCE19-007D-4B3C-A966-7AB8001853AD} ) 
	
	Entry: HKEY_CLASSES_ROOT\CLSID\{1BE6D805-9B0C-4BC0-AB02-308484A62A93}\TypeLib 
	Valuename: 
	Value: {69CF446F-1D95-4C85-986B-99279AE0B035}
	Reason: ( The HKEY_CLASSES_ROOT\CLSID\{1BE6D805-9B0C-4BC0-AB02-308484A62A93}\TypeLib key points to the missing Type Library {69CF446F-1D95-4C85-986B-99279AE0B035} ) 
	
	Entry: HKEY_CLASSES_ROOT\CLSID\{1c613f47-70c5-4551-a264-f7254139854c}\TypeLib 
	Valuename: 
	Value: {b3267063-8ab4-464d-a13c-1517bd6dc6f4}
	Reason: ( The HKEY_CLASSES_ROOT\CLSID\{1c613f47-70c5-4551-a264-f7254139854c}\TypeLib key points to the missing Type Library {b3267063-8ab4-464d-a13c-1517bd6dc6f4} ) 
	
	Entry: HKEY_CLASSES_ROOT\CLSID\{1C96B4A4-4E20-4B03-BF40-F7B7CF4AE8F6}\TypeLib 
	Valuename: 
	Value: {05F6B36C-7630-4A4D-945E-80C59DC2C832}
	Reason: ( The HKEY_CLASSES_ROOT\CLSID\{1C96B4A4-4E20-4B03-BF40-F7B7CF4AE8F6}\TypeLib key points to the missing Type Library {05F6B36C-7630-4A4D-945E-80C59DC2C832} ) 
	
	Entry: HKEY_CLASSES_ROOT\CLSID\{1D3E45E9-26CF-4A1A-8764-F5D037397E4B}\TypeLib 
	Valuename: 
	Value: {69CF446F-1D95-4C85-986B-99279AE0B035}
	Reason: ( The HKEY_CLASSES_ROOT\CLSID\{1D3E45E9-26CF-4A1A-8764-F5D037397E4B}\TypeLib key points to the missing Type Library {69CF446F-1D95-4C85-986B-99279AE0B035} ) 
	
	Entry: HKEY_CLASSES_ROOT\CLSID\{1D845441-AF08-44FD-AAD0-8A52A1FC156F}\TypeLib 
	Valuename: 
	Value: {DCD9C326-1840-4810-BA2E-0A37536E9299}
	Reason: ( The HKEY_CLASSES_ROOT\CLSID\{1D845441-AF08-44FD-AAD0-8A52A1FC156F}\TypeLib key points to the missing Type Library {DCD9C326-1840-4810-BA2E-0A37536E9299} ) 
	
	Entry: HKEY_CLASSES_ROOT\CLSID\{1DCECFF1-8AAF-4FF7-A215-38B139780BB6}\TypeLib 
	Valuename: 
	Value: {15991B03-A472-446D-817D-666EBC876D6F}
	Reason: ( The HKEY_CLASSES_ROOT\CLSID\{1DCECFF1-8AAF-4FF7-A215-38B139780BB6}\TypeLib key points to the missing Type Library {15991B03-A472-446D-817D-666EBC876D6F} ) 
	
	Entry: HKEY_CLASSES_ROOT\CLSID\{1E90E4FA-61B3-4fe2-BBDF-DCD6BA24C1DB}\TypeLib 
	Valuename: 
	Value: {13588D33-C949-4D27-B43A-66DA4B96E1FA}
	Reason: ( The HKEY_CLASSES_ROOT\CLSID\{1E90E4FA-61B3-4fe2-BBDF-DCD6BA24C1DB}\TypeLib key points to the missing Type Library {13588D33-C949-4D27-B43A-66DA4B96E1FA} ) 
	
	Entry: HKEY_CLASSES_ROOT\CLSID\{1F602FC8-A070-42E8-BEB3-0AD207182DD4}\TypeLib 
	Valuename: 
	Value: {99EEB98E-C1CF-423c-B2ED-133E8B760EC1}
	Reason: ( The HKEY_CLASSES_ROOT\CLSID\{1F602FC8-A070-42E8-BEB3-0AD207182DD4}\TypeLib key points to the missing Type Library {99EEB98E-C1CF-423c-B2ED-133E8B760EC1} ) 
	
	Entry: HKEY_CLASSES_ROOT\CLSID\{1FBCF2DC-BCC3-48FE-8233-1B79F3F8655F}\TypeLib 
	Valuename: 
	Value: {4DAFD8B2-DE42-45ba-A52E-CFB7060B83FD}
	Reason: ( The HKEY_CLASSES_ROOT\CLSID\{1FBCF2DC-BCC3-48FE-8233-1B79F3F
2
Contributors
5
Replies
6
Views
8 Years
Discussion Span
Last Post by jholland1964
0

What you have attached is NOT an HJT scan, frankly I have no idea what it is.
Take a look at other posts to see what an HJT scan log should look like.
Be sure she has a copy of the correct program from HERE
She should do a Full System Scan and save the log. That is the first button when the program opens. The log will open in a Notepad. Save it and copy/paste it back here, do NOT attach it. We prefer not to open attached files from possibly infected computers.

0

Hi jholland,

Thanks for the reply and sorry about that, I've asked her to download from the link you gave me and also gave her the instructions, I now have the actual HJT scan and copy and pasted it here for you.
Any help would be much appreciated:)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:37:35 PM, on 19/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Kiwee Toolbar\2.8.167\kwtbaim.exe
C:\Program Files\MyWebSearch\bar\4.bin\MWSOEMON.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\MyWebSearch\bar\4.bin\M3SRCHMN.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\ArcSoft\MediaConverter 3\Monitor.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ninemsn.com.au
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\AGI\common\agcutils.dll
O1 - Hosts: ::1 localhost
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL
O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~1\ArcSoft\VIDEOD~1\ARCURL~1.DLL
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Fupa Toolbar - {956224ed-9599-4168-ab68-b728dd3b4b0c} - C:\Program Files\Fupa\tbFupa.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client for Internet Explorer\YontooIEClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL
O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Fupa Toolbar - {956224ed-9599-4168-ab68-b728dd3b4b0c} - C:\Program Files\Fupa\tbFupa.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [KiweeHook] C:\Program Files\Kiwee Toolbar\2.8.167\kwtbaim.exe
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\4.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\4.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Adam Cowell\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe /H
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Device Monitor.lnk = C:\Program Files\ArcSoft\MediaConverter 3\Monitor.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJxdm037MXAU
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/WebfettiInitialSetup1.0.1.1.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www4.snapfish.com.au/SnapfishActivia.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATK Fast User Switch Service (ATKFUSService) - ASUSTeK COMPUTER INC. - C:\Windows\system32\ATKFUSService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c98c27ce6903b0) (gupdate1c98c27ce6903b0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwssvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 16592 bytes

0

Whew! For one thing this computer has so many toolbars installed I don't know how the user even sees the webpages she visits! I see at least 15 toolbars, though I lost count several times, and as near as I can tell only 3 of them are NOT malware related, all the rest are. This doesn't count the various "browser helpers" which are meant to increase the functionality of the browser. Most of those on this computer are also malware related. No wonder MSN shuts down, it is being choked to death!

Is there a way we can work with the owner directly in this thread? It makes the work more difficult trying to work "second hand". If you can give her the address here, have her register and post directly in this thread, just have her identify herself as the owner of this infected computer.

Here are the first steps she should take if that isn't possible, though I do hope it is;

First, uninstall the My Web Search option from Add/Remove Programs

Find "My Web Search" in the list of installed programs and click on Change/Remove to uninstall it. You may also want to uninstall any of the following items associated with FunWebProducts.

* My Web Search (Smiley Central or FWP product as applicable)
* My Way Speedbar (Smiley Central or other FWP as applicable)
* My Way Speedbar (AOL and Yahoo Messengers) (beta users only)
* My Way Speedbar (for Outlook, Outlook Express, and IncrediMail)
* Search Assistant - My Way
Also have her look for the following, though some of them may not be listed, if they aren't listed in Add/Remove we will look for them later:
Fupa Toolbar
Fast Browser Search
Kiwee Toolbar
AskBar
ALOT Toolbar
Yontoo Layers Client for Internet Explorer
RegistryMechanic
Uniblue RegistryBooster 2009

Any of the above found should also be Uninstalled.

Reboot the Computer and run HijackThis again and place check marks next to the following entries if they remain:

R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\AGI\common\agcutils.dll

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll
O2 - BHO: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll
O2 - BHO: Fupa Toolbar - {956224ed-9599-4168-ab68-b728dd3b4b0c} - C:\Program Files\Fupa\tbFupa.dll
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client for Internet Explorer\YontooIEClient.dll

O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL
O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll
O3 - Toolbar: Fupa Toolbar - {956224ed-9599-4168-ab68-b728dd3b4b0c} - C:\Program Files\Fupa\tbFupa.dll
O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll

O4 - HKLM\..\Run: [KiweeHook] C:\Program Files\Kiwee Toolbar\2.8.167\kwtbaim.exe
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\4.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\4.bin\m3SrchMn.exe" /m=2 /w
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe /H
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZJxdm037MXAU

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - http://ak.exe.imgfarm.com/images/noc...tup1.0.1.1.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwssvc.exe

Once the check marks are placed then click the Fix Checked button

Reboot the computer

Run HJT again, save the log and post back here for further instructions. There very likely WILL be other uninstalls needed and at least two more programs which will need to be downloaded and run as this computer is likely loaded with malware but I need to see the HJT log done AFTER all these uninstalls and fixes.
Judy

0

Thank you for all the help so far, I have ask her if she would like to work with you directly and she replied that it is not possible at this stage and she was happy to just have me refer the instructions from you to her through email and she can work on it when she gets spare time. I have also sent your instructions to her but she won't be able to get a chance to have a look until she gets home tonight as she is out for the most part of the day. I should here back from her within the next 24 hours and then I can post the new HJT scan back here for you.

Once again thank you for all your help in this matter:)
Richard

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.