Go Back   Tech Support Forum > Microsoft Support > Internet Browsers and Email > Internet Explorer Forum

My browsers have been hijacked by v9

This is a discussion on My browsers have been hijacked by v9 within the Internet Explorer Forum forums, part of the Tech Support Forum category.

Closed Thread
Thread Tools Search this Thread
Old 08-28-2013, 01:29 PM   #1
Registered Member
Join Date: Aug 2013
Posts: 44
OS: vista home premium

I am sorry but I am a bit of a door stop on this sort of thing.
My IE, Google Chrome and Mozilla firefox have been hijacked first by "My Search LLC" and now by v9. I disabled the EGIS extensions (which seemed to be the associations for "My Search" in my Internet Options settings and "My Search' seems to have gone quiet. I also unistalled Chrome and Firefox because I thought that might be a good idea to try to restrict the hijack browser? I uninstalled Astroburn lite, uTorrent and a few others as you people said they are main conduits for hijackings/hacking. I have also tried to uninstall NTI media maker 8 twice but it keeps coming back into my Progammes!!! Maybe there is something not right with this app.
I think I was first hijacked about 2 months ago without really noticing and I did use internet banking but I don't think I used my credit card. It has only been in the last week or so weird things started happening especially when I tried to reset my default browser and use blank thinking it wouls solve the problems. My friend told me the hijacker files are hidden on my hard disc and it is not easy for a door stop (that's me)to identify and get rid of them. That is why I here now he told me to find a forum for help.
Can someone help me please???

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16502 BrowserJavaVersion: 10.25.2
Run by ian at 17:24:14 on 2013-08-28
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3000.1121 [GMT 3:00]
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
============== Running Processes ================
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\MSSQL\Primavera\MSSQL.2\MSSQL\Binn\msftesql.exe
C:\Program Files\MSSQL\Primavera\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files\Nuance\PDF Professional 7\PDFProFiltSrv.exe
C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\WiTopia\WiTopiaService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Bandoo\Bandoo.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\HP UT\bin\hppusg.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files\Nuance\PDF Professional 7\PdfPro7Hook.exe
C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\WiTopia\WiTopia.exe
C:\Program Files\WiTopia\Resources\openvpn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
============== Pseudo HJT Report ===============
uStart Page = hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_4&ent=hp&u=DFBD41CE936A7A1469CA75521A4D0799
uSearch Bar = Preserve
uDefault_Page_URL = hxxp://en.v9.com/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS543225L9A300_080610FB0F00LLG32H5AX&ts=1372700070
mStart Page = hxxp://en.v9.com/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS543225L9A300_080610FB0F00LLG32H5AX&ts=1372700070
mDefault_Page_URL = hxxp://en.v9.com/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS543225L9A300_080610FB0F00LLG32H5AX&ts=1372700070
mSearchAssistant = hxxp://search.v9.com/web/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS543225L9A300_080610FB0F00LLG32H5AX&ts=0
mCustomizeSearch = hxxp://search.v9.com/web/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS543225L9A300_080610FB0F00LLG32H5AX&ts=0
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - c:\program files\nuance\pdf professional 7\bin\PlusIEContextMenu.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: ShowBarObj Class: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} -
BHO: DataMngr: {9D717F81-9148-4f12-8568-69135F087DB0} -
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: DataMngr: {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - LocalServer32 - <no file>
BHO: File2LinkIB: {c23b756a-bd9f-4ca6-aded-17ab8ccf3e8b} - c:\program files\file2linkib\file2linkibX.dll
BHO: Help the General-Search Project: {CA4520F3-AE13-4FB1-A513-58E23991C86D} - c:\users\ian\appdata\roaming\media finder\extensions\gencrawler_gc.dll
BHO: ZeonIEEventHelper Class: {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - c:\program files\nuance\pdf professional 7\bin\ZeonIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Search-Results Toolbar: {dd6b651f-dfb9-4142-b0bd-09912ad22674} -
BHO: BandooIEPlugin Class: {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - c:\program files\bandoo\plugins\ie\ieplugin.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn3\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll
TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll
TB: File2LinkIB: {c23b756a-bd9f-4ca6-aded-17ab8ccf3e8b} - c:\program files\file2linkib\file2linkibX.dll
TB: DocuCom PDF: {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - c:\program files\nuance\pdf professional 7\bin\ZeonIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Media Finder] "c:\program files\media finder\Media Finder.exe" /opentotray
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ArcadeDeluxeAgent] "c:\program files\acer arcade deluxe\acer arcade deluxe\ArcadeDeluxeAgent.exe"
mRun: [CLMLServer] "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\clml\CLMLSvc.exe"
mRun: [PlayMovie] "c:\program files\acer arcade deluxe\playmovie\PMVService.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [ePower_DMC] c:\program files\acer\empowering technology\epower\ePower_DMC.exe
mRun: [eRecoveryService] <no file>
mRunOnce: [AvgUninstallURL] cmd.exe /c start AVG | Free Uninstall Survey
dRunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f
dRunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f
StartupFolder: c:\users\ian\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\ian\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\ian\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Download with &Media Finder - c:\program files\media finder\hook.html
IE: Open with Nuance PDF Converter 7 - c:\program files\nuance\pdf professional 7\cnvres_eng.dll /100
IE: {1A93C934-025B-4c3a-B38E-9654A7003239} - {6F282B65-56BF-4BD1-A8B2-A4449A05863D}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer =
TCP: Interfaces\{3768789C-A3CE-40F8-9129-BAFD632F7118} : DHCPNameServer =
TCP: Interfaces\{BC4BC220-238A-4EFC-9CAA-477A66280E3F} : DHCPNameServer =
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~1\bandoo\bndhook.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
Hosts: www.spywareinfo.com
============= SERVICES / DRIVERS ===============
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-8-25 13560]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-6-18 211560]
R1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\drivers\hssdrv6.sys [2012-7-10 35560]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-7-5 101720]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\playmovie\000.fcl [2008-4-30 61424]
R2 Change Modem Device Service;Change Modem Device Service;c:\windows\system32\ChgService.exe [2010-11-23 135168]
R2 CLHNService;CLHNService;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\CLHNService.exe [2008-4-30 81504]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-4-30 24576]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 msftesql$PRIMAVERA;SQL Server FullText Search (PRIMAVERA);c:\program files\mssql\primavera\mssql.2\mssql\binn\msftesql.exe [2010-3-26 91992]
R2 MSSQL$PRIMAVERA;SQL Server (PRIMAVERA);c:\program files\mssql\primavera\mssql.2\mssql\binn\sqlservr.exe [2010-12-10 29293408]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 107392]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\nitro pdf\reader\NitroPDFReaderDriverService2.exe [2011-6-21 196912]
R2 NTIPPKernel;NTIPPKernel;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\NTIPPKernel.sys [2008-4-30 122368]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2011-9-15 88576]
R2 PDFProFiltSrv;PDFProFiltSrv;c:\program files\nuance\pdf professional 7\PDFProFiltSrv.exe [2012-2-17 135016]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\playmemories home\PMBDeviceInfoProvider.exe [2012-7-27 474208]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-8-14 39056]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2012-5-30 3048136]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-1-27 2228008]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-6-20 295376]
R3 visctap0901;Viscosity Virtual Adapter V9.1;c:\windows\system32\drivers\visctap0901.sys [2012-9-1 33736]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 DefaultTabUpdate;DefaultTabUpdate;"c:\users\ian\appdata\roaming\defaulttab\defaulttab\dtupdate.exe" --> c:\users\ian\appdata\roaming\defaulttab\defaulttab\DTUpdate.exe [?]
S2 nfchrkp;Support Driver;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-6-21 162408]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [2005-7-26 348352]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-21 179712]
S3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\drivers\cmnsusbser.sys [2010-11-23 103424]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-12-21 24064]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-6-10 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-23 23040]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-10-17 19968]
S3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2009-3-23 75776]
=============== Created Last 30 ================
2013-08-28 10:48:59 7166848 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{0a177694-d927-45eb-98d7-ad319f6bde31}\mpengine.dll
2013-08-27 16:14:21 7166848 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-08-27 04:10:38 -------- d-----w- c:\program files\RealNetworks
2013-08-27 04:10:37 -------- d-----w- c:\programdata\RealNetworks
2013-08-27 04:09:36 -------- d-----w- c:\program files\common files\xing shared
2013-08-25 19:14:29 -------- d-----w- c:\users\ian\appdata\roaming\LavasoftStatistics
2013-08-25 18:30:45 -------- d-----w- c:\programdata\Downloaded Installations
2013-08-25 18:30:24 -------- d-----w- c:\users\ian\appdata\local\adawarebp
2013-08-25 18:30:19 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2013-08-25 18:29:26 -------- d-----w- c:\program files\Lavasoft
2013-08-25 18:20:24 44424 ----a-w- c:\windows\system32\sbbd.exe
2013-08-25 18:20:24 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-08-24 12:59:16 -------- d-----w- c:\users\ian\appdata\local\appbario16
2013-08-24 10:57:54 786272 ----a-w- c:\program files\uninstall information\ib\97\3867\ib_uninstall.exe
2013-08-24 10:47:29 -------- d-----w- c:\program files\MyPC Backup
2013-08-24 10:46:39 -------- d-----w- c:\users\ian\appdata\roaming\SpeedAnalysis2
2013-08-24 10:45:39 -------- d-----w- c:\users\ian\appdata\roaming\7go
2013-08-24 10:45:11 -------- d-----w- c:\programdata\IBUpdaterService
2013-08-24 10:45:08 -------- d-----w- c:\users\ian\appdata\roaming\File Scout
2013-08-23 09:50:21 -------- d-----w- c:\programdata\ErrorEND
2013-08-23 09:50:02 -------- d-----w- c:\program files\ErrorEND
2013-08-23 09:12:48 -------- d-----w- C:\a(1)
2013-08-22 15:08:37 -------- d-----w- c:\users\ian\appdata\roaming\Anvisoft
2013-08-22 15:08:12 -------- d-----w- c:\programdata\Anvisoft
2013-08-22 15:07:53 -------- d-----w- c:\program files\Anvisoft
2013-08-22 13:30:31 -------- d-----w- c:\users\ian\appdata\local\CRE
2013-08-22 13:30:29 -------- d-----w- c:\program files\Conduit
2013-08-22 12:18:50 697992 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{7b521edf-1538-4e76-998f-b308e6eeb0ab}\gapaengine.dll
2013-08-21 13:14:08 17737608 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-08-20 11:43:18 -------- d-----w- c:\programdata\GOOBZO
2013-08-20 09:26:10 -------- d-----w- c:\program files\Enigma Software Group
2013-08-20 09:24:14 -------- d-----w- c:\windows\027B5748C40941FE949B7B81A8304EF4.TMP
2013-08-20 09:24:07 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2013-08-18 17:17:35 -------- d-----w- c:\users\ian\fontconfig
2013-08-14 04:54:36 24064 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-14 04:54:35 15872 ----a-w- c:\windows\system32\icaapi.dll
2013-08-14 04:54:34 914880 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-14 04:54:34 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2013-08-14 04:54:17 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-14 04:54:10 783360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-14 04:54:08 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-14 04:54:06 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-08-14 04:54:06 1205168 ----a-w- c:\windows\system32\ntdll.dll
2013-08-14 04:54:00 992768 ----a-w- c:\windows\system32\crypt32.dll
2013-08-14 04:53:59 172544 ----a-w- c:\windows\system32\wintrust.dll
2013-08-14 04:53:59 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-14 04:53:57 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-09 19:26:44 172032 ----a-w- c:\windows\system32\AniGIF.ocx
==================== Find3M ====================
2013-08-21 13:14:29 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-21 13:14:28 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-25 02:32:35 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-07-25 02:26:10 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-07-25 02:25:30 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-07-25 02:23:59 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-07-25 02:23:58 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-07-25 02:22:35 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-07-15 11:19:56 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-07-15 11:19:44 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-07-15 11:19:43 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-18 18:50:08 211560 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-06-18 18:50:08 107392 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-06-04 01:50:43 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-06-01 0408 505344 ----a-w- c:\windows\system32\qedit.dll
2011-12-11 16:18:50 3552208 ----a-w- c:\program files\ccsetup313.exe
2011-07-01 11:44:37 1393104 ----a-w- c:\program files\MapsSetup.exe
2011-07-01 09:49:20 1980360 ----a-w- c:\program files\MailNotifierSetup.exe
2011-03-21 12:46:19 1770248 ----a-w- c:\program files\BandooV6 (2).exe
2010-10-02 18:40:55 5542672 ----a-w- c:\program files\HSS-1.52-install-anchorfree-76-conduit.exe
2008-09-10 07:00:09 1724416 ----a-w- c:\program files\gdiplus.dll
============= FINISH: 17:26:45.49 ===============
Attached Files
File Type: zip ark (2).zip (6.5 KB, 17 views)

ian worthington is offline  
Old 08-28-2013, 01:43 PM   #2
TSF Enthusiast
Join Date: Dec 2011
Location: North East England
Posts: 5,919
OS: Win 7 Home Premium SP1 64bit

Welcome to TSF and sorry for your problems, although you have to come to the right forum.

First thing that you should do is to access a clean computer and change all of your passwords and if there is any additional security for your banking such as memorable data, then change that as well.

The security guys and gals on here no longer use HJT and use other methods.

You will need to read NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help and then open a new thread in the Virus & Trojan section as advice for virus and malware removal can only be given in that section.

If there's anything that you are unable to do for whatever reason then continue with the next steps but say so in your opening post.

Tomken15 is offline  
Old 08-29-2013, 05:19 AM   #3
Registered Member
Join Date: Aug 2013
Posts: 44
OS: vista home premium

OK Tomken thank you I will repost in the forum as you suggest.
ian worthington is offline  
Old 08-29-2013, 06:31 AM   #4
Registered Member
Join Date: Aug 2013
Posts: 44
OS: vista home premium

Dear Tomken,
I have reposted my problem in the virus, trojen & spyware forum. But I have not had an e mail confirming my post. Should I receive an e mail?
ian worthington is offline  
Old 08-29-2013, 07:19 AM   #5
TSF Enthusiast
Join Date: Dec 2011
Location: North East England
Posts: 5,919
OS: Win 7 Home Premium SP1 64bit

Originally Posted by ian worthington View Post
Dear Tomken,
I have reposted my problem in the virus, trojen & spyware forum. But I have not had an e mail confirming my post. Should I receive an e mail?
That section is quite busy but once your thread is picked up, you'll be given instructions on how to subscribe to it so you'll know when it has been responded to.

As the logs are quite long, they can take some time to study to determine the best action and as the Mods are multi-tasking - this is what can cause the delay in responding to your thread.

If you haven't had a response within 72hrs then give the thread a BUMP as the pre-posting requirements advise, but if you Bump it or add other posts before the 72hrs, then you could put your thread to the back of the queue or it may be assumed that others are dealing with your problem.

Have you also accessed another computer to change your passwords etc.
Tomken15 is offline  
Old 08-29-2013, 07:27 AM   #6
TSF Enthusiast
Join Date: Dec 2011
Location: North East England
Posts: 5,919
OS: Win 7 Home Premium SP1 64bit

Hi Ian, I've just done a search and there's no sign of your thread in the Virus & Trojan section - where have you posted it ?
Tomken15 is offline  
Old 08-29-2013, 08:34 AM   #7
Moderator Hardware Team
oscer1's Avatar
Join Date: Jan 2010
Location: wisconsin
Posts: 10,185
OS: windows 7

My System

he has posted it. http://www.techsupportforum.com/foru...ed-705577.html

closing thread.


Mark thread solved under thread tools when issue has been resolved.
oscer1 is online now  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Browsers hijacked
Hi I was trying to download the safari browsers and I don't know what happened but both I.E and firefox got hijacked. Every time I open I.E a small window opens asking me if I want to update my homepage settings. For firefox there is a tool bar now on the top of the browser. I couldn't zip...
vaindioux Resolved HJT Threads 26 08-18-2013 03:39 PM
Browsers hijacked
Hi Both my browsers internet explorer and Mozilla firefox have been hijacked. There is a toolbar on top of both of them. Also my homepage has been changed to a search engine. I couldn't zip and attach the ark.txt and attach.txt I got an error message so I am pasting them here, I hope that's ok....
vaindioux Resolved HJT Threads 23 04-06-2013 01:41 PM
Browsers hijacked
Hi Both of my browsers Internet explorer and Mozilla firefox got hijacked. I have now an unwanted toolbar. Also my homepage is not yahoo anymore but a search engine. Thanks for the help Patrick
vaindioux Resolved HJT Threads 1 03-24-2013 08:02 AM
Both browsers hijacked
Hi Both IE and firefox have been hijacked, I get redirected to various unwanted sites. They don't do it all the time just every so often. Can anybody help? Windows 7 AMD Phenom II IE 9
vaindioux Resolved HJT Threads 1 01-29-2012 11:03 PM
Hijacked browsers (IE and Firefox):
Whenever I try to access the www.handybackup.com site, the www.handybackup.net site comes up. It has been suggested by handybackup.com that "Your computer might be hacked by fraudulent software." What happens when one of you tries this site out? It appears that my browser is hijacked. I...
camper226 General Computer Security 3 06-26-2011 03:02 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off

Post a Question

» Site Navigation
 > FAQ

All times are GMT -7. The time now is 01:17 PM.

Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts