TheTechGuide Forum
General Category => Tech Clinic => Topic started by: Ificanspam on December 13, 2009, 06:21:32 AM
-
Unable to open task manager with ctr+alt+del.
computer is slowing down
and im getting an pop up from system defender wich i didn't download.
Plz help me!
(soz about my english)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:21:14, on 13-12-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Norman\Npm\Bin\Elogsvc.exe
C:\Program Files\Norman\Ngs\Bin\Nprosec.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norman\Npm\Bin\Zanda.exe
C:\Program Files\Norman\npm\bin\nvoy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Norman\Npm\Bin\ZLH.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Documents and Settings\All Users\Application Data\a2117b8\WSa211.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Ares\Ares.exe
C:\Documents and Settings\genevieve\Application Data\SystemProc\lsass.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Norman\Npm\Bin\Njeeves.exe
C:\Program Files\Norman\Npm\Bin\scheduler.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Norman\Nse\bin\NSESVC.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Norman\Nvc\bin\nvcoas.exe
C:\Program Files\Norman\Nvc\Bin\Nip.exe
C:\Program Files\Norman\Nvc\Bin\cclaw.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2233703 (http://\"http://search.conduit.com?SearchSource=10&ctid=CT2233703\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - (no file)
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 67.215.245.21 www.google-analytics.com
O1 - Hosts: 93.174.89.12 google.ae
O1 - Hosts: 93.174.89.12 google.as
O1 - Hosts: 93.174.89.12 google.at
O1 - Hosts: 93.174.89.12 google.az
O1 - Hosts: 93.174.89.12 google.ba
O1 - Hosts: 93.174.89.12 google.be
O1 - Hosts: 93.174.89.12 google.bg
O1 - Hosts: 93.174.89.12 google.bs
O1 - Hosts: 93.174.89.12 google.ca
O1 - Hosts: 93.174.89.12 google.cd
O1 - Hosts: 93.174.89.12 google.com.gh
O1 - Hosts: 93.174.89.12 google.com.hk
O1 - Hosts: 93.174.89.12 google.com.jm
O1 - Hosts: 93.174.89.12 google.com.mx
O1 - Hosts: 93.174.89.12 google.com.my
O1 - Hosts: 93.174.89.12 google.com.na
O1 - Hosts: 93.174.89.12 google.com.nf
O1 - Hosts: 93.174.89.12 google.com.ng
O1 - Hosts: 93.174.89.12 google.ch
O1 - Hosts: 93.174.89.12 google.com.np
O1 - Hosts: 93.174.89.12 google.com.pr
O1 - Hosts: 93.174.89.12 google.com.qa
O1 - Hosts: 93.174.89.12 google.com.sg
O1 - Hosts: 93.174.89.12 google.com.tj
O1 - Hosts: 93.174.89.12 google.com.tw
O1 - Hosts: 93.174.89.12 google.dj
O1 - Hosts: 93.174.89.12 google.de
O1 - Hosts: 93.174.89.12 google.dk
O1 - Hosts: 93.174.89.12 google.dm
O1 - Hosts: 93.174.89.12 google.ee
O1 - Hosts: 93.174.89.12 google.fi
O1 - Hosts: 93.174.89.12 google.fm
O1 - Hosts: 93.174.89.12 google.fr
O1 - Hosts: 93.174.89.12 google.ge
O1 - Hosts: 93.174.89.12 google.gg
O1 - Hosts: 93.174.89.12 google.gm
O1 - Hosts: 93.174.89.12 google.gr
O1 - Hosts: 93.174.89.12 google.ht
O1 - Hosts: 93.174.89.12 google.ie
O1 - Hosts: 93.174.89.12 google.im
O1 - Hosts: 93.174.89.12 google.in
O1 - Hosts: 93.174.89.12 google.it
O1 - Hosts: 93.174.89.12 google.ki
O1 - Hosts: 93.174.89.12 google.la
O1 - Hosts: 93.174.89.12 google.li
O1 - Hosts: 93.174.89.12 google.lv
O1 - Hosts: 93.174.89.12 google.ma
O1 - Hosts: 93.174.89.12 google.ms
O1 - Hosts: 93.174.89.12 google.mu
O1 - Hosts: 93.174.89.12 google.mw
O1 - Hosts: 93.174.89.12 google.nl
O1 - Hosts: 93.174.89.12 google.no
O1 - Hosts: 93.174.89.12 google.nr
O1 - Hosts: 93.174.89.12 google.nu
O1 - Hosts: 93.174.89.12 google.pl
O1 - Hosts: 93.174.89.12 google.pn
O1 - Hosts: 93.174.89.12 google.pt
O1 - Hosts: 93.174.89.12 google.ro
O1 - Hosts: 93.174.89.12 googleWebsite removed for spamming
O1 - Hosts: 93.174.89.12 google.rw
O1 - Hosts: 93.174.89.12 google.sc
O1 - Hosts: 93.174.89.12 google.se
O1 - Hosts: 93.174.89.12 google.sh
O1 - Hosts: 93.174.89.12 google.si
O1 - Hosts: 93.174.89.12 google.sm
O1 - Hosts: 93.174.89.12 google.sn
O1 - Hosts: 93.174.89.12 google.st
O1 - Hosts: 93.174.89.12 google.tl
O1 - Hosts: 93.174.89.12 google.tm
O1 - Hosts: 93.174.89.12 google.tt
O1 - Hosts: 93.174.89.12 google.us
O1 - Hosts: 93.174.89.12 google.vu
O1 - Hosts: 93.174.89.12 google.ws
O1 - Hosts: 93.174.89.12 google.co.ck
O1 - Hosts: 93.174.89.12 google.co.id
O1 - Hosts: 93.174.89.12 google.co.il
O1 - Hosts: 93.174.89.12 google.co.in
O1 - Hosts: 93.174.89.12 google.co.jp
O1 - Hosts: 93.174.89.12 google.co.kr
O1 - Hosts: 93.174.89.12 google.co.ls
O1 - Hosts: 93.174.89.12 google.co.ma
O1 - Hosts: 93.174.89.12 google.co.nz
O1 - Hosts: 93.174.89.12 google.co.tz
O1 - Hosts: 93.174.89.12 google.co.ug
O1 - Hosts: 93.174.89.12 google.co.uk
O1 - Hosts: 93.174.89.12 google.co.za
O1 - Hosts: 93.174.89.12 google.co.zm
O1 - Hosts: 93.174.89.12 google.com
O1 - Hosts: 93.174.89.12 google.com.af
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: gwprimawega - {2839f2e0-c2b3-0a40-818e-56a9505f758e} - C:\WINDOWS\system32\k1pJbO_qX_IK.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Program Files\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [lsdefrag] C:\DOCUME~1\GENEVI~1\LOCALS~1\Temp\osewxmarcn.tmp
O4 - HKLM\..\Run: [System Defender] "C:\Documents and Settings\All Users\Application Data\a2117b8\WSa211.exe" /s /d
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ZagrebLand] C:\DOCUME~1\GENEVI~1\LOCALS~1\Temp\c.exe
O4 - HKLM\..\Policies\Explorer\Run: [RTHDBPL] C:\Documents and Settings\genevieve\Application Data\SystemProc\lsass.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Download all 4shared files - C:\Program Files\4shared Desktop\down_all.htm
O8 - Extra context menu item: &Download using 4shared Desktop - C:\Program Files\4shared Desktop\down_link.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (http://\"http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1252513825562 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1252513825562\")
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/up...er_4.0.23.0.cab (http://\"https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.23.0.cab\")
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab\")
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (http://\"http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab\")
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\Bin\Elogsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Program Files\Norman\Npm\Bin\Njeeves.exe
O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Program Files\Norman\Ngs\Bin\Nprosec.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Program Files\Norman\Nse\bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE (file missing)
O23 - Service: Norman Resource Provider (NVOY) - Norman ASA - C:\Program Files\Norman\npm\bin\nvoy.exe
O23 - Service: Norman Scheduler Service (Scheduler) - Norman ASA - C:\Program Files\Norman\Npm\Bin\scheduler.exe
--
End of file - 14601 bytes
-
Hi Ificanspam
Your English is fine
Can you do the following please
Please disable SpybotSD TeaTimer, as it may hinder the removal of the infection. You can enable it after you're clean.
To disable SpybotSD TeaTimer:
Open Spybot and click on Mode and check Advanced Mode
Check yes to next window.
Click on Tools in bottom left hand corner.
Click on Resident icon.
Uncheck Teatimer box.
Click Allow Change box if prompted
Close Spybot
Download [color=\"#0000FF\"]TFC[/color] (http://\"http://oldtimer.geekstogo.com/TFC.exe\")[/b] by OldTimer to your desktop.
Don't run it yet
Do a "System scan only" with Hijackthis and put a check next to these entries:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2233703 (http://\"http://search.conduit.com?SearchSource=10&ctid=CT2233703\")
R3 - URLSearchHook: (no name) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - (no file)
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 67.215.245.21 www.google-analytics.com
O1 - Hosts: 93.174.89.12 google.ae
O1 - Hosts: 93.174.89.12 google.as
O1 - Hosts: 93.174.89.12 google.at
O1 - Hosts: 93.174.89.12 google.az
O1 - Hosts: 93.174.89.12 google.ba
O1 - Hosts: 93.174.89.12 google.be
O1 - Hosts: 93.174.89.12 google.bg
O1 - Hosts: 93.174.89.12 google.bs
O1 - Hosts: 93.174.89.12 google.ca
O1 - Hosts: 93.174.89.12 google.cd
O1 - Hosts: 93.174.89.12 google.com.gh
O1 - Hosts: 93.174.89.12 google.com.hk
O1 - Hosts: 93.174.89.12 google.com.jm
O1 - Hosts: 93.174.89.12 google.com.mx
O1 - Hosts: 93.174.89.12 google.com.my
O1 - Hosts: 93.174.89.12 google.com.na
O1 - Hosts: 93.174.89.12 google.com.nf
O1 - Hosts: 93.174.89.12 google.com.ng
O1 - Hosts: 93.174.89.12 google.ch
O1 - Hosts: 93.174.89.12 google.com.np
O1 - Hosts: 93.174.89.12 google.com.pr
O1 - Hosts: 93.174.89.12 google.com.qa
O1 - Hosts: 93.174.89.12 google.com.sg
O1 - Hosts: 93.174.89.12 google.com.tj
O1 - Hosts: 93.174.89.12 google.com.tw
O1 - Hosts: 93.174.89.12 google.dj
O1 - Hosts: 93.174.89.12 google.de
O1 - Hosts: 93.174.89.12 google.dk
O1 - Hosts: 93.174.89.12 google.dm
O1 - Hosts: 93.174.89.12 google.ee
O1 - Hosts: 93.174.89.12 google.fi
O1 - Hosts: 93.174.89.12 google.fm
O1 - Hosts: 93.174.89.12 google.fr
O1 - Hosts: 93.174.89.12 google.ge
O1 - Hosts: 93.174.89.12 google.gg
O1 - Hosts: 93.174.89.12 google.gm
O1 - Hosts: 93.174.89.12 google.gr
O1 - Hosts: 93.174.89.12 google.ht
O1 - Hosts: 93.174.89.12 google.ie
O1 - Hosts: 93.174.89.12 google.im
O1 - Hosts: 93.174.89.12 google.in
O1 - Hosts: 93.174.89.12 google.it
O1 - Hosts: 93.174.89.12 google.ki
O1 - Hosts: 93.174.89.12 google.la
O1 - Hosts: 93.174.89.12 google.li
O1 - Hosts: 93.174.89.12 google.lv
O1 - Hosts: 93.174.89.12 google.ma
O1 - Hosts: 93.174.89.12 google.ms
O1 - Hosts: 93.174.89.12 google.mu
O1 - Hosts: 93.174.89.12 google.mw
O1 - Hosts: 93.174.89.12 google.nl
O1 - Hosts: 93.174.89.12 google.no
O1 - Hosts: 93.174.89.12 google.nr
O1 - Hosts: 93.174.89.12 google.nu
O1 - Hosts: 93.174.89.12 google.pl
O1 - Hosts: 93.174.89.12 google.pn
O1 - Hosts: 93.174.89.12 google.pt
O1 - Hosts: 93.174.89.12 google.ro
O1 - Hosts: 93.174.89.12 googleWebsite removed for spamming
O1 - Hosts: 93.174.89.12 google.rw
O1 - Hosts: 93.174.89.12 google.sc
O1 - Hosts: 93.174.89.12 google.se
O1 - Hosts: 93.174.89.12 google.sh
O1 - Hosts: 93.174.89.12 google.si
O1 - Hosts: 93.174.89.12 google.sm
O1 - Hosts: 93.174.89.12 google.sn
O1 - Hosts: 93.174.89.12 google.st
O1 - Hosts: 93.174.89.12 google.tl
O1 - Hosts: 93.174.89.12 google.tm
O1 - Hosts: 93.174.89.12 google.tt
O1 - Hosts: 93.174.89.12 google.us
O1 - Hosts: 93.174.89.12 google.vu
O1 - Hosts: 93.174.89.12 google.ws
O1 - Hosts: 93.174.89.12 google.co.ck
O1 - Hosts: 93.174.89.12 google.co.id
O1 - Hosts: 93.174.89.12 google.co.il
O1 - Hosts: 93.174.89.12 google.co.in
O1 - Hosts: 93.174.89.12 google.co.jp
O1 - Hosts: 93.174.89.12 google.co.kr
O1 - Hosts: 93.174.89.12 google.co.ls
O1 - Hosts: 93.174.89.12 google.co.ma
O1 - Hosts: 93.174.89.12 google.co.nz
O1 - Hosts: 93.174.89.12 google.co.tz
O1 - Hosts: 93.174.89.12 google.co.ug
O1 - Hosts: 93.174.89.12 google.co.uk
O1 - Hosts: 93.174.89.12 google.co.za
O1 - Hosts: 93.174.89.12 google.co.zm
O1 - Hosts: 93.174.89.12 google.com
O1 - Hosts: 93.174.89.12 google.com.af
O2 - BHO: gwprimawega - {2839f2e0-c2b3-0a40-818e-56a9505f758e} - C:\WINDOWS\system32\k1pJbO_qX_IK.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\Run: [lsdefrag] C:\DOCUME~1\GENEVI~1\LOCALS~1\Temp\osewxmarcn.tmp
O4 - HKLM\..\Run: [System Defender] "C:\Documents and Settings\All Users\Application Data\a2117b8\WSa211.exe" /s /d
O4 - HKCU\..\Run: [ZagrebLand] C:\DOCUME~1\GENEVI~1\LOCALS~1\Temp\c.exe
O4 - HKLM\..\Policies\Explorer\Run: [RTHDBPL] C:\Documents and Settings\genevieve\Application Data\SystemProc\lsass.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
TFC.exe
- Double click the TFC icon to run the program
- TFC will close all open programs itself in order to run,
- Click the Start button to begin the process.
- Allow TFC to run uninterrupted.
- The program should not take long to finish it's job.
Once its finished it should automatically reboot your machine, if it doesn't, manually reboot to ensure a complete clean
Back in Windows
Download Malwarebytes' Anti-Malware from Here (http://\"http://www.besttechie.net/tools/mbam-setup.exe\") or Here (http://\"http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html\")
Save the installer to desktop
Double Click mbam-setup.exe to install the application.- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
With the log from MBAM, can you also run Hijackthis again
Do a fresh Scan and Save logfile and post it's new log
-
Thx for the fast replay! but since it's my girlfriends pc i won't be on it till wednesday.
Should have mentioned that before xD
Thx and I'll see you next wednesday!
-
Don't wait too long, before you know it she's infected with more than she has right now
Post back as soon as possible