[Active] Help - Website addresses being corrupted

**broni** · 19-08-2009

It's not you. It's the infection doing it.

Delete any Combofix files, if any got downloaded.
Download fresh copy from here: ADrive.com – 50GB of Free Online Storage & Backup

**whyohwhyohwhy** · 19-08-2009

I'm not quite sure about that (me being stupid I mean!). I was talking to my sister and telling her about what I was doing and she said I should be clicking on save the application whereas I have always clicked on run. She said you should always save rather than run thngs. I didn't know that. So I tried again by saving it then running it and something started happening. Don't quite know what, everything went a bit weird (blank notebook opened, then a black screen). Eventually I switched off but on starting up again, my screensaver has reverted to the default one (I had a picture of my cats before) so I looked on the C: drive and there was a Combofix log. So it looks like it might have worked afterall?

Here is the log:

ComboFix 09-08-10.06 - Lyn 18/08/2009 20:18.1.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.44.1033.18.1014.316 [GMT 1:00]
Running from: c:\users\Lyn\Downloads\ComboFix.exe
AV: TalkTalk Online Security 7.00 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: TalkTalk Online Security 7.00 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: TalkTalk Online Security 7.00 *disabled* (Updated) {0651C4B0-1D7E-4682-B965-2E9523C483A5}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
The following files were disabled during the run:
c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2365545147-1999384947-2466353664-500
c:\$recycle.bin\S-1-5-21-3920934828-1280749352-3373662406-500
c:\windows\Installer\10579db.msi

.
((((((((((((((((((((((((( Files Created from 2009-07-18 to 2009-08-18 )))))))))))))))))))))))))))))))
.

2009-08-18 19:25 . 2009-08-18 19:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-16 08:15 . 2004-08-04 06:00 506368 ----a-w- c:\windows\system32\msxml.dll
2009-08-16 07:53 . 2009-06-15 15:23 494592 ----a-w- c:\windows\system32\kerberos.dll
2009-08-16 07:53 . 2009-06-15 15:25 216576 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-16 07:53 . 2009-06-15 15:29 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-16 07:53 . 2009-06-15 15:23 1233920 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-16 07:53 . 2009-06-15 18:12 408136 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-16 07:53 . 2009-06-15 15:28 272384 ----a-w- c:\windows\system32\schannel.dll
2009-08-16 07:53 . 2009-06-15 13:10 7680 ----a-w- c:\windows\system32\lsass.exe
2009-08-16 07:53 . 2009-06-15 15:28 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-15 16:25 . 2009-08-15 16:25 -------- d-----w- c:\users\Lyn\AppData\Roaming\Malwarebytes
2009-08-15 16:25 . 2009-08-03 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-15 16:25 . 2009-08-15 16:25 -------- d-----w- c:\programdata\Malwarebytes
2009-08-15 16:25 . 2009-08-03 12:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-15 16:25 . 2009-08-15 16:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-15 11:42 . 2009-08-15 16:05 117760 ----a-w- c:\users\Lyn\AppData\Roaming\SUPERAntiSpyware.com\ SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-15 11:40 . 2009-08-15 11:40 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-08-15 11:39 . 2009-08-15 11:39 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-15 11:39 . 2009-08-15 11:39 -------- d-----w- c:\users\Lyn\AppData\Roaming\SUPERAntiSpyware.com
2009-08-12 21:01 . 2009-08-12 21:01 -------- d-----w- c:\program files\Trend Micro
2009-08-12 19:00 . 2009-08-12 19:00 -------- d-----w- c:\programdata\Yahoo! Companion
2009-08-12 19:00 . 2009-08-12 19:00 -------- d-----w- c:\users\Lyn\AppData\Roaming\Yahoo!
2009-08-12 19:00 . 2009-08-12 19:00 -------- d-----w- c:\program files\Yahoo!
2009-08-12 18:59 . 2009-08-12 18:59 -------- d-----w- c:\users\Lyn\AppData\Roaming\IObit
2009-08-12 18:59 . 2009-08-12 18:59 -------- d-----w- c:\program files\IObit
2009-08-11 20:43 . 2009-07-14 11:11 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-10 18:56 . 2009-08-10 18:57 -------- d-----w- c:\programdata\PopCap Games
2009-08-10 18:56 . 2009-08-10 18:56 -------- d-----w- c:\program files\PopCap Games
2009-08-06 17:36 . 2009-08-06 17:36 -------- d-----w- c:\program files\Enigma Software Group
2009-07-24 20:58 . 2009-07-24 20:58 471664 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbD89.tmp.exe
2009-07-23 19:24 . 2008-06-20 01:17 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-07-23 19:24 . 2008-06-20 01:18 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNativ e_v0300.dll
2009-07-23 19:24 . 2008-06-20 01:17 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-07-23 19:24 . 2008-06-20 01:18 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-07-23 19:24 . 2008-06-20 01:17 11264 ----a-w- c:\windows\system32\icardres.dll
2009-07-23 19:24 . 2008-06-20 01:18 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-07-23 19:22 . 2008-06-20 01:18 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-07-23 19:08 . 2008-07-27 18:00 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-07-23 19:08 . 2008-07-27 18:00 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-07-23 19:08 . 2008-07-27 18:00 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-07-23 19:08 . 2008-07-27 18:00 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-07-23 19:08 . 2008-07-27 18:00 83968 ----a-w- c:\windows\system32\mscories.dll
2009-07-23 19:04 . 2009-03-08 11:32 169472 ----a-w- c:\windows\system32\iexpress.exe
2009-07-23 19:04 . 2009-03-08 11:31 45568 ----a-w- c:\windows\system32\mshta.exe
2009-07-23 19:04 . 2009-03-08 11:33 107520 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2009-07-23 19:04 . 2009-03-08 11:33 107008 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2009-07-23 19:04 . 2009-03-08 11:33 109568 ----a-w- c:\windows\system32\PDMSetup.exe
2009-07-22 19:02 . 2009-07-22 19:02 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-07-20 20:18 . 2009-08-18 19:24 -------- d-----w- c:\programdata\Kontiki
2009-07-20 20:17 . 2009-08-06 18:57 -------- d-----w- c:\program files\Kontiki
2009-07-20 20:17 . 2009-07-20 20:17 -------- d-----w- c:\programdata\Sky
2009-07-20 20:17 . 2009-07-20 20:17 -------- d-----w- c:\program files\Sky
2009-07-20 20:13 . 2009-08-02 10:38 -------- d-----w- c:\program files\Microsoft Silverlight

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-08-15 11:38 . 2008-06-03 20:35 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-12 18:34 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-21 21:52 . 2009-07-29 10:17 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 10:17 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 10:17 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 10:17 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-18 12:36 . 2009-07-18 12:36 -------- d-----w- c:\program files\Samsung
2009-07-18 12:36 . 2008-03-04 18:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-18 12:34 . 2009-07-18 12:34 -------- d-----w- c:\users\Lyn\AppData\Roaming\InstallShield
2009-07-17 14:52 . 2009-08-11 20:44 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-14 13:02 . 2009-08-11 20:44 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-14 13:01 . 2009-08-11 20:44 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-14 13:00 . 2009-08-11 20:44 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-06-29 09:21 . 2009-06-29 09:21 -------- d-----w- c:\program files\MSECache
2009-06-26 15:06 . 2008-06-03 20:25 -------- d-----w- c:\program files\TalkTalk Online Security
2009-06-15 15:29 . 2009-07-14 19:19 156160 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:23 . 2009-07-14 19:19 24064 ----a-w- c:\windows\system32\lpk.dll
2009-06-15 15:22 . 2009-07-14 19:19 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:21 . 2009-07-14 19:19 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 15:20 . 2009-07-14 19:19 34304 ----a-w- c:\windows\system32\atmlib.dll
2009-06-15 13:03 . 2009-07-14 19:19 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-06-10 12:16 . 2009-08-11 20:44 156160 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-10 12:10 . 2009-08-11 20:44 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-06-10 12:10 . 2009-08-11 20:44 31232 ----a-w- c:\windows\system32\msvidc32.dll
2009-06-10 12:09 . 2009-08-11 20:44 12800 ----a-w- c:\windows\system32\msrle32.dll
2009-06-10 12:07 . 2009-08-11 20:44 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-06-10 12:04 . 2009-08-11 20:44 88576 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 12:04 . 2009-08-11 20:44 65024 ----a-w- c:\windows\system32\avicap32.dll
2009-06-10 09:10 . 2009-06-10 09:10 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbBA7A.tmp.exe
2009-06-04 19:16 . 2009-05-24 13:25 88 ----a-w- c:\users\Lyn\AppData\Local\ogsioay.bat
2009-06-04 12:47 . 2009-08-11 20:44 36352 ----a-w- c:\windows\system32\tsgqec.dll
2009-06-04 12:43 . 2009-08-11 20:44 1871872 ----a-w- c:\windows\system32\mstscax.dll
2009-06-04 12:36 . 2009-08-11 20:44 116736 ----a-w- c:\windows\system32\aaclient.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-03-04 1232896]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2009-02-23 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"RegistryMechanic"="c:\program files\Registry Mechanic\RMTray.exe" [2008-07-03 812952]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2006-11-02 2159104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-03-04 1006264]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-06 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-06 154392]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2007-06-06 138008]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2007-07-26 192512]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-17 102400]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-04 1831936]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-05-02 366400]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-02-27 153136]
"recinfo966"="c:\recinfo\RecInfo.exe" [2007-06-06 2768896]
"F-Secure Manager"="c:\program files\TalkTalk Online Security\Common\FSM32.EXE" [2007-04-26 183208]
"F-Secure TNB"="c:\program files\TalkTalk Online Security\FSGUI\TNBUtil.exe" [2007-04-26 740208]
"TalkTalk"="c:\program files\TalkTalk\bin\sprtcmd.exe" [2007-10-12 202016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-07-06 4669440]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleD esktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{6969E3DB-77EF-45C3-B47E-80BB3B4EACA0}"= UDP:c:\program files\TalkTalk\agent\bin\bcont.exe:bcont.exe
"{52B94CB7-FD44-4180-AD53-C9A120EF9BC3}"= TCP:c:\program files\TalkTalk\agent\bin\bcont.exe:bcont.exe
"{778EDDEE-B58C-4A13-BAE7-17BC6FAEDFC4}"= UDP:c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe:tgsrvc.exe
"{4BEC7C3D-1FA8-4A14-B78B-B1E0A0FBA7F0}"= TCP:c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe:tgsrvc.exe
"{7EA0D4FD-2F89-4785-A640-82220C4742B6}"= UDP:c:\program files\TalkTalk\agent\bin\bcont_nm.exe:bcont_nm.exe
"{1DDF57BB-AC61-4712-BDBD-1EFECFB4F11A}"= TCP:c:\program files\TalkTalk\agent\bin\bcont_nm.exe:bcont_nm.exe
"{693B1B77-C982-4EA9-B8ED-33D8FE9966D3}"= UDP:c:\program files\TalkTalk\bin\sprtcmd.exe:sprtcmd.exe
"{5E1143E9-B213-49B9-B46B-9A80F8008AD1}"= TCP:c:\program files\TalkTalk\bin\sprtcmd.exe:sprtcmd.exe
"{661C1ECA-47C3-48E6-B32B-7A19F135A95E}"= UDP:c:\program files\Kontiki\KService.exe

elivery Manager Service
"{9E903823-6EC7-432B-9849-8DB9359F1A14}"= TCP:c:\program files\Kontiki\KService.exe

elivery Manager Service
"{884FB1DA-DA7A-42F9-9777-4B53D79148D0}"= UDP:c:\program files\Kontiki\KService.exe

elivery Manager Service
"{E02C9BB7-FB97-4CEA-B36E-EEBFC342806B}"= TCP:c:\program files\Kontiki\KService.exe

elivery Manager Service

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|S vc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 F-Secure HIPS;F-Secure HIPS;c:\program files\TalkTalk Online Security\HIPS\fshs.sys [03/06/2008 21:25 41184]
R1 FSES;F-Secure Email Scanning Driver;c:\windows\System32\drivers\fses.sys [03/06/2008 21:26 35024]
R1 FSFW;F-Secure Firewall Driver;c:\windows\System32\drivers\fsdfw.sys [03/06/2008 21:26 60064]
R1 fsvista;F-Secure Vista Support Driver;c:\program files\TalkTalk Online Security\Anti-Virus\minifilter\fsvista.sys [03/06/2008 21:25 13168]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [05/08/2009 16:06 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05/08/2009 16:06 74480]
R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\TalkTalk\bin\sprtsvc.exe [12/10/2007 08:33 202016]
R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe [02/08/2007 13:42 148768]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\TalkTalk Online Security\Anti-Virus\minifilter\fsgk.sys [03/06/2008 21:25 77824]
R3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [04/03/2008 19:56 118784]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05/08/2009 16:06 7408]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\TalkTalk Online Security\Anti-Virus\win2k\fsfilter.sys [03/06/2008 21:25 40048]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\TalkTalk Online Security\Anti-Virus\win2k\fsrec.sys [03/06/2008 21:25 25456]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSe tup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-18 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2009-08-12 08:48]

2009-08-17 c:\windows\Tasks\User_Feed_Synchronization-{B7636C6C-FED7-467D-A6A2-E0A892CDF2D8}.job
- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]
.
.
------- Supplementary Scan -------
.
uStart Page = go.microsoft.com/fwlink/?LinkId=69157
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
LSP: c:\program files\TalkTalk Online Security\FSPS\program\fslsp.dll
Trusted Zone: liverpoolfc.tv\forums
.
.
------- File Associations -------
.
vbefile\shell\open2\command="%SystemRoot%\System32 \CScript.exe" "%1" %*
vbsfile\shell\open2\command="%SystemRoot%\System32 \CScript.exe" "%1" %*
jsefile\shell\open2\command=c:\windows\System32\CS cript.exe "%1" %*
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-08-18 20:25
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(648)
c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll

- - - - - - - > 'lsass.exe'(612)
c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
.
Completion time: 2009-08-18 20:27
ComboFix-quarantined-files.txt 2009-08-18 19:27

Pre-Run: 42,018,869,248 bytes free
Post-Run: 42,045,140,992 bytes free

237 --- E O F --- 2009-08-17 02:04

FYI, the SpyHunter programme is one that I recently purchased before I registered here to try and fix things before I realised that was way beyond my capabilities.

If I need to do this again and need to delete all things Combofix, what do I need to do to do that?

Thanks broni!

**broni** · 20-08-2009

She said you should always save rather than run thngs.

Your sister is computer smart

, and....the instructions clearly say "download", not "run".

SpyHunter credibility is at least questionable. I suggest, you uninstall it.

Uninstall Combofix:
Go Start > Run
Type in:
combofix /u
Note the space between the "combofix" and the "/u"
Restart computer.

Post fresh HJT log.

**whyohwhyohwhy** · 20-08-2009

Hi broni,

I've not had a chance to do anything tonight and now it's bedtime so I'll try this tomorrow, unless you want me to restart the whole procedure, clicking on save this time instead of run? Would that make any difference? I have next week booked as holiday so will have plenty of time to do everything rather than rushing it in a couple of hours every night. If you think think that is a better option I am more than willing to give it a go. If so, I assume I will have to uninstall all the software I have installed so far? Should I try the GMER download as well this time? Or just stick with Combofix? I have clicked on run for everything you have suggested so far.

If not, I'll get rid of spyhunter (I'll do that anyway). It's annoying that it's not very good, I paid for that

(any excuse to use that smiley!) I'll do what you suggest in your last post. I'll post the results up if this is what you advise.

Thanks again!

**broni** · 21-08-2009

For now, fresh HJT log will do.

**whyohwhyohwhy** · 24-08-2009

Hi broni,

I have uninstalled Spyhunter and combofix (I hope).

Here is my latest HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:30:32, on 17/08/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\TalkTalk Online Security\Anti-Virus\fsgk32st.exe
C:\Program Files\TalkTalk Online Security\Common\FSMA32.EXE
C:\Program Files\TalkTalk Online Security\Anti-Virus\FSGK32.EXE
C:\Program Files\Kontiki\KService.exe
C:\Program Files\TalkTalk Online Security\Common\FSMB32.EXE
C:\Windows\system32\svchost.exe
C:\Program Files\TalkTalk\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe
C:\firststeps\OnlineDiagnostic\TestManager\TestHan dler.exe
C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\TalkTalk Online Security\Common\FCH32.EXE
C:\Program Files\TalkTalk Online Security\Common\FAMEH32.EXE
C:\Program Files\TalkTalk Online Security\Anti-Virus\fsqh.exe
C:\Program Files\TalkTalk Online Security\FSAUA\program\fsaua.exe
C:\Program Files\TalkTalk Online Security\Anti-Virus\fssm32.exe
C:\Program Files\TalkTalk Online Security\FWES\Program\fsdfwd.exe
C:\Program Files\TalkTalk Online Security\FSAUA\program\fsus.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter3.exe
C:\Program Files\TalkTalk Online Security\Anti-Virus\fsav32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\TalkTalk Online Security\Common\FSM32.EXE
C:\Program Files\TalkTalk\bin\sprtcmd.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Registry Mechanic\RMTray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\WisLMSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\TalkTalk Online Security\FSGUI\fsguidll.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\s wg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [recinfo966] c:\RecInfo\RecInfo.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\TalkTalk Online Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\TalkTalk Online Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe /H
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O13 - Gopher Prefix:
O15 - Trusted Zone: Liverpoolfc.tv : Login Error
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\TalkTalk Online Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\TalkTalk Online Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\TalkTalk Online Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\TalkTalk Online Security\Common\FSMA32.EXE
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SupportSoft Sprocket Service (TalkTalk) (sprtsvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\TalkTalk\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHan dler.exe
O23 - Service: SupportSoft Repair Service (TalkTalk) (tgsrvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe

--
End of file - 9590 bytes

A message came up that said:

For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, HJT may NOT be able to fix this.
...
For Vista: simply exit HJT, right click on HJT icon, chose "Run as administrator".

I have done this and here is the resulting log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:58:21, on 24/08/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\TalkTalk Online Security\Common\FSM32.EXE
C:\Program Files\TalkTalk\bin\sprtcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Registry Mechanic\RMTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TalkTalk Online Security\FSGUI\fsguidll.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.ex e
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\s wg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [recinfo966] c:\RecInfo\RecInfo.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\TalkTalk Online Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\TalkTalk Online Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe /H
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O13 - Gopher Prefix:
O15 - Trusted Zone: http://forums.liverpoolfc.tv
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3. dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\TalkTalk Online Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\TalkTalk Online Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\TalkTalk Online Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\TalkTalk Online Security\Common\FSMA32.EXE
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SupportSoft Sprocket Service (TalkTalk) (sprtsvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\TalkTalk\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHan dler.exe
O23 - Service: SupportSoft Repair Service (TalkTalk) (tgsrvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe

--
End of file - 7018 bytes

**broni** · 24-08-2009

Please download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Open JavaRa.exe again and select Search For Updates.
Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

================================================== =============

Uninstall Registry Mechanic. Playing with registry is a dangerous and unnecessary game.

================================================== =============

Unless you willingly installed Kontiki Player....
Go Start>Control Panel>Add\Remove ("Programs and Features" in Vista), and uninstall Sky Anytime (if present).
Download, and run KClean.exe: http://static.sky.com/kclean/KClean.exe to remove Kontiki from your computer.
NOTE: Kontiki is know resource hog.

================================================== ============

Disable Windows Defender, as it'll interfere with cleaning process:
- Open Windows Defender by clicking the Start, clicking All Programs, and then clicking Windows Defender.
- Click Tools
then...

++ Windows XP:
- Click General Settings
- Scroll down to Real Time Protection Options
- Uncheck Turn on Real Time Protection
- After you uncheck this, click on the Save button
- Close Windows Defender

++ Windows Vista:
- Click Options
- Under Administrator options, clear the Use Windows Defender check box, and then click Save.

Enable Windows Defender, when all cleaning is done.

================================================== ============

Print this post out, since you won't have an access to it, at some point.

1. Open HijackThis.

2. Close all windows, except for HijackThis.

3. Put checkmarks next to the following HijackThis entries:

nothing malicious to remove

4. You should also checkmark following entries (these are unnecessary startups; no actual programs will be removed):

- O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
- O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
- O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
- O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
- O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
- O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
- O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

5. Click on Fix checked button.

6. Go Start>Run (Vista users - "Start search"), type in:
cmd
Click OK (Vista users - hold CTRL, and SHIFT keys, press Enter).

Command Prompt window will open.
Type in:
sc stop CLTNetCnService
Press Enter.
Wait for the service to be stopped.

Type in:
sc delete CLTNetCnService
Press Enter.
Wait for confirmation.

7. Restart computer.

8. Post new HijackThis log.

**whyohwhyohwhy** · 24-08-2009

[QUOTE=broni;195168]

Thanks broni, am working on your suggestions. Typically my printer isn't working and I am on holiday this week, so I will either have to write everything out or go into the office to print. Probably will do the latter so I'll reply in detail tomorrow. In the meantime:
Uninstall Registry Mechanic. Playing with registry is a dangerous and unnecessary game.

Done this, for the record I have ignored this everytime the prompt box popped up when I logged on.

Unless you willingly installed Kontiki Player....
Go Start>Control Panel>Add\Remove ("Programs and Features" in Vista), and uninstall Sky Anytime (if present).
Download, and run KClean.exe: http://static.sky.com/kclean/KClean.exe to remove Kontiki from your computer.
NOTE: Kontiki is know resource hog.

The only thing that I can think of is that I have downloaded Skyplayer. Sky is a satellite TV provider in the UK. The sky bit in the address makes me wonder if this is anything to do with that. Do you know how I could find out or should I just go ahead and remove anyway?

Thanks again!

**broni** · 25-08-2009

I'd simply uninstall it. If any program you use will need it, you can always reinstall.

[Active] Help - Website addresses being corrupted

Re: [Active] Help - Website addresses being corrupted

Similar Threads

ip addresses

tcp and ip addresses

IP addresses

invader mac addresses w/ IP of 0.0.0.0 ??

IE addresses