Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

HJT checkup

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

HJT checkup

Unread postby effingcow » March 3rd, 2009, 9:24 am

Hi,

I'd appreciate if you could look this over for me. thank you,

Amanda

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:47:01 PM, on 11/6/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [CameraApplicationLauncher] C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://c:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Diskeeper - Unknown owner - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\Windows\system32\IPSSVC.EXE
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: lxba_device - - C:\Windows\system32\lxbacoms.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
O23 - Service: On Screen Display (TPHKSVC) - Unknown owner - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11419 bytes
effingcow
Regular Member
 
Posts: 31
Joined: August 29th, 2008, 11:57 am
Location: Aruba
Advertisement
Register to Remove

Re: HJT checkup

Unread postby Rodav » March 5th, 2009, 4:51 pm

Hello! :hello2: and welcome to the Malware Removal forums.
I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research so please be patient while I work on your log and I will post back here with any recommendations.

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1480
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: HJT checkup

Unread postby Rodav » March 5th, 2009, 4:56 pm

Hello Amanda,

You will need to right click HijackThis and select Run as Administrator, then do a system scan to show a more up to date log and post it into your next reply. Also let me know briefly what troubles you may be having.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1480
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: HJT checkup

Unread postby effingcow » March 6th, 2009, 2:47 pm

Hi Rodav,

Thanks for agreeing to help me with this. You guys helped me through a previous virus, and since then, my computer has gotten very slow and has the tendency to freeze and need a restart. This is just more of a "check up" as when i've run avast! I haven't come up with anything suspicious.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:45:16 PM, on 3/6/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Windows\MSAgent\agentsvr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Full Tilt Poker\FullTiltPoker.exe
C:\Program Files\Trend Micro\HijackThis\scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [CameraApplicationLauncher] C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://c:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-U ... E_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Diskeeper - Unknown owner - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\Windows\system32\IPSSVC.EXE
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: lxba_device - - C:\Windows\system32\lxbacoms.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
O23 - Service: On Screen Display (TPHKSVC) - Unknown owner - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10051 bytes


thanks,

amanda
effingcow
Regular Member
 
Posts: 31
Joined: August 29th, 2008, 11:57 am
Location: Aruba

Re: HJT checkup

Unread postby Rodav » March 7th, 2009, 8:02 am

Hello Amanda,

I don't see anything particularly nasty, though on your previous topic it was identified you had an infection with backdoor capabilities. I would still recommend a full reformat and reinstall as we could never be sure if it was compromised and settings changed.

If you want to continue with it, I recommend you read this: http://www.malwareremoval.com/tutorials ... slowly.php

Also run this:
Eset NOD32 Online AntiVirus
Note for Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.

Run Eset NOD32 Online AntiVirus
http://www.eset.eu/online-scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your current Antivirus software. You can usually do this with its Notfication Tray icon near the clock.
  • Click Start
  • Make sure that the option "Remove found threats" is Un-checked, and the option "Scan unwanted applications" is checked
  • Click Scan
  • Wait for the scan to finish
  • Re-enable your Anvirisus software.
  • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1480
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: HJT checkup

Unread postby effingcow » March 7th, 2009, 4:33 pm

"Windows has blocked this software because it cannot verify the publisher"

So I ran Kaspersky instead, and here is the report:


KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, March 7, 2009
Operating System: Microsoft Windows Vista Business Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, March 07, 2009 16:55:16
Records in database: 1877699
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
E:\
Scan statistics
Files scanned 119196
Threat name 5
Infected objects 8
Suspicious objects 0
Duration of the scan 02:20:36

File name Threat name Threats count
C:\Users\Waterproof\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ELH4MO9K\index[1].htm Infected: Trojan-Downloader.JS.Psyme.alv 1
C:\Users\Waterproof\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report1e80bb31\Report.cab Infected: Trojan.Win32.Monderb.wnd 1
C:\Users\Waterproof\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report1e8706c1\Report.cab Infected: Trojan.Win32.Monder.ablr 1
C:\Users\Waterproof\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report1e872633\Report.cab Infected: Trojan.Win32.Monder.arkx 1
C:\Users\Waterproof\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report1e8736d6\Report.cab Infected: Trojan.Win32.Monderb.wnd 1
C:\Users\Waterproof\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report1e8750bc\Report.cab Infected: Trojan.Win32.Monder.arkx 1
C:\Users\Waterproof\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report1e8778c5\Report.cab Infected: Trojan.Win32.Monder.ybi 1
C:\Users\Waterproof\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report1e87a226\Report.cab Infected: Trojan.Win32.Monder.ybi 1
The selected area was scanned.


What light from Monder window break??
effingcow
Regular Member
 
Posts: 31
Joined: August 29th, 2008, 11:57 am
Location: Aruba

Re: HJT checkup

Unread postby Rodav » March 8th, 2009, 7:41 am

Thanks for the Kaspersky log.

Step 1:
Download OTMoveIt3 by Old Timer and save it to your Desktop.
    Right click on OTMoveit3.exe and select "Run as an Administrator"
  • Copy the lines in the codebox below.
Code: Select all
C:\Users\Waterproof\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ELH4MO9K\index[1].htm
C:\Users\Waterproof\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report1e80bb31\Report.cab
C:\Users\Waterproof\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report1e8706c1\Report.cab
C:\Users\Waterproof\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report1e872633\Report.cab
C:\Users\Waterproof\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report1e8736d6\Report.cab
C:\Users\Waterproof\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report1e8750bc\Report.cab
C:\Users\Waterproof\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report1e8778c5\Report.cab
C:\Users\Waterproof\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report1e87a226\Report.cab

  • Return to OTMoveIt3, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTMoveIt3


Step 2:
Right click HijackThis and select Run as Administrator, do a system scan and post:
  • The OTMoveIt3 results
  • The new HijackThis log
Also let me know how your computer is running.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1480
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: HJT checkup

Unread postby effingcow » March 8th, 2009, 5:33 pm

unfortunately....

Error: Unable to interpret <C:\Users\Waterproof\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ELH4MO9K\index[1].htm> in the current context!
Error: Unable to interpret <C:\Users\Waterproof\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report1e80bb31\Report.cab> in the current context!
Error: Unable to interpret <C:\Users\Waterproof\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report1e8706c1\Report.cab> in the current context!
Error: Unable to interpret <C:\Users\Waterproof\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report1e872633\Report.cab> in the current context!
Error: Unable to interpret <C:\Users\Waterproof\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report1e8736d6\Report.cab> in the current context!
Error: Unable to interpret <C:\Users\Waterproof\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report1e8750bc\Report.cab> in the current context!
Error: Unable to interpret <C:\Users\Waterproof\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report1e8778c5\Report.cab> in the current context!
Error: Unable to interpret <C:\Users\Waterproof\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report1e87a226\Report.cab> in the current context!

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03082009_172851


I ran a new HJT anyway, here's the log for it.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:30:43 PM, on 3/8/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\OpenOffice.org 3\program\simpress.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Windows\MSAgent\agentsvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Waterproof\Downloads\OTMoveIt3.exe
C:\Program Files\Trend Micro\HijackThis\scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [CameraApplicationLauncher] C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://c:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-U ... E_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Diskeeper - Unknown owner - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\Windows\system32\IPSSVC.EXE
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: lxba_device - - C:\Windows\system32\lxbacoms.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
O23 - Service: On Screen Display (TPHKSVC) - Unknown owner - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10337 bytes


Computer still extremely slow.

What do the Kaspersky results mean for me?
effingcow
Regular Member
 
Posts: 31
Joined: August 29th, 2008, 11:57 am
Location: Aruba

Re: HJT checkup

Unread postby Rodav » March 8th, 2009, 6:07 pm

I accidentally left out a header in the first step it should work now. The Kaspersky results aren't particularly nasty in isolation but should be removed. I will have a deeper look.

Step 1:
    Right click on OTMoveit3.exe and select "Run as an Administrator"
  • Copy the lines in the codebox below.
Code: Select all
:files
C:\Users\Waterproof\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ELH4MO9K\index[1].htm
C:\Users\Waterproof\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report1e80bb31\Report.cab
C:\Users\Waterproof\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report1e8706c1\Report.cab
C:\Users\Waterproof\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report1e872633\Report.cab
C:\Users\Waterproof\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report1e8736d6\Report.cab
C:\Users\Waterproof\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report1e8750bc\Report.cab
C:\Users\Waterproof\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report1e8778c5\Report.cab
C:\Users\Waterproof\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report1e87a226\Report.cab
:Commands
[EmptyTemp]

  • Return to OTMoveIt3, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTMoveIt3


Step 2:
Download at your desktop DDS from one of the links below:
Link 1
Link 2
  • Double click the tool to run it. If you receive a UAC prompt, please allow it.
  • A black Screen will open, just read the contents and do nothing.
  • When the tool finish it will open 2 reports.
  • Copy/paste both reports back here and remove DDS from your desktop.


Step 2:
Post the following:
  • The OTMoveIt3 results
  • The 2 DDS logs
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1480
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: HJT checkup

Unread postby effingcow » March 9th, 2009, 11:21 am


DDS (Ver_09-02-01.01) - NTFSx86
Run by Waterproof at 11:14:12.57 on Mon 03/09/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_11
Microsoft® Windows Vista™ Business 6.0.6001.1.1252.1.1033.18.998.87 [GMT -4:00]

AV: avast! antivirus 4.8.1229 [VPS 081122-0] *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Windows\system32\AEADISRV.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Windows\system32\lxbacoms.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
c:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Windows\System32\TPHDEXLG.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\OpenOffice.org 3\program\simpress.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Windows\MSAgent\agentsvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Full Tilt Poker\FullTiltPoker.exe
C:\Users\Waterproof\Downloads\OTMoveIt3.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Waterproof\Downloads\dds.pif
C:\Users\Waterproof\Downloads\dds.pif
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://lenovo.live.com
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: NoExplorer - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\NPSWF32_FlashUtil.exe -p
mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BTVLogEx.DLL,StartBattLog
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [CameraApplicationLauncher] c:\program files\lenovo\camera center\bin\CameraApplicationLaunchpadLauncher.exe
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\waterp~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/200 ... oader5.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-U ... E_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/Me ... b56907.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\waterp~1\appdata\roaming\mozilla\firefox\profiles\qwhnxym8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - http://www.google.com
FF - plugin: c:\program files\mozilla firefox\plugins\nppopcaploader.dll
FF - plugin: c:\users\waterproof\appdata\roaming\mozilla\firefox\profiles\qwhnxym8.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-03-08 17:27 <DIR> --d----- C:\_OTMoveIt
2009-03-08 02:55 <DIR> --d----- c:\users\waterproof\Incomplete
2009-02-11 03:09 827,392 a------- c:\windows\system32\wininet.dll
2009-02-11 03:09 1,383,424 a------- c:\windows\system32\mshtml.tlb
2009-02-09 20:13 <DIR> --d----- c:\programdata\PopCap Games
2009-02-09 20:13 <DIR> --d----- c:\progra~2\PopCap Games

==================== Find3M ====================

2008-10-04 02:56 51,200 a------- c:\windows\inf\infpub.dat
2008-10-04 02:56 86,016 a------- c:\windows\inf\infstor.dat
2008-10-04 02:56 143,360 a------- c:\windows\inf\infstrng.dat
2008-07-09 17:56 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-20 22:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 11:16:45.28 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft® Windows Vista™ Business
Boot Device: \Device\HarddiskVolume2
Install Date: 6/12/2008 12:03:20 AM
System Uptime: 3/6/2009 11:29:49 AM (72 hours ago)

Motherboard: LENOVO | | 7659N2U
Processor: Intel(R) Core(TM)2 Duo CPU T8300 @ 2.40GHz | None | 800/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 66 GiB total, 21.397 GiB free.
E: is CDROM (CDFS)

==== Disabled Device Manager Items =============

==== Installed Programs ======================


32 Bit HP CIO Components Installer
Access Help
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.3
Adobe Shockwave Player
AltoMP3 Gold 5.20
Apple Mobile Device Support
Apple Software Update
AutoUpdate
avast! Antivirus
Bejeweled 2 Deluxe 1.1.3.2523
BufferChm
Camera Center
Cards_Calendar_OrderGift_DoMorePlugout
Client Security Solution
Compatibility Pack for the 2007 Office system
Copy
CustomerResearchQFolder
Destination Component
DeviceDiscovery
DeviceManagementQFolder
Diskeeper Home
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DIY Writer
DocProc
DocProcQFolder
Drag-to-Disc
eSupportQFolder
Fax
Full Tilt Poker
GPBaseService
Help Center
HijackThis 2.0.2
HP Customer Participation Program 10.0
HP Imaging Device Functions 10.0
HP Photosmart C4340 All-In-One Driver Software 10.0 Rel .3
HP Photosmart Essential 2.5
HP Smart Web Printing
HP Solution Center 10.0
HP Update
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
Integrated Camera
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
InterVideo Register Manager
InterVideo WinDVD
iTunes
Java(TM) 6 Update 11
Java(TM) 6 Update 7
Lenovo Registration
Lenovo System Interface Driver
Lexmark X5100 Series
LimeWire 4.18.8
Maintenance Manager
MarketResearch
Message Center
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft Office 2000 SR-1 Small Business
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.7)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
Multimedia Center For Think Offerings
OCR Software by I.R.I.S. 10.0
Octoshape add-in for Adobe Flash Player
On Screen Display
OpenOffice.org 3.0
PanoStandAlone
PC-Doctor 5 for Windows
Picasa 2
PokerStars
PopCap Browser Plugin
Presentation Director
Productivity Center Supplement for ThinkPad
PS_AIO_03_C4340_ProductContext
PS_AIO_03_C4340_Software
PS_AIO_03_C4340_Software_Min
PSSWCORE
QuickTime
Registry patch for Windows Vista USB S3 PM Enablement
Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista
Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista
Registry patch to improve USB device detection on resume from sleep for Windows Vista
Rescue and Recovery
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
Safari
Scan
Security Update for CAPICOM (KB931906)
Shop for HP Supplies
SmartWebPrintingOC
SolutionCenter
Sonic Icons for Lenovo
SoundMAX
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
Status
System Migration Assistant
System Update
ThinkPad Bluetooth with Enhanced Data Rate Software 6.0.1.4900
ThinkPad EasyEject Utility
ThinkPad FullScreen Magnifier
ThinkPad Hotkey Features Setup
ThinkPad Mobility Center Customization
ThinkPad Modem
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad UltraNav Driver
ThinkPad UltraNav Utility
Thinkpad Wireless LAN Adapters Software (11a/b/g/n)
ThinkVantage Access Connections
ThinkVantage Active Protection System
ThinkVantage Productivity Center
ThinkVantage Technologies Welcome Message
Toolbox
TrayApp
Trillian
UnloadSupport
VideoToolkit01
VitalSource Bookshelf
Wallpapers
WebReg
Windows Driver Package - Intel (e1express) Net (04/26/2007 9.7.240.0)
Windows Driver Package - Intel (iaStor) hdc (02/12/2007 7.0.0.1020)
Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011)
Windows Driver Package - Intel hdc (12/06/2006 6.8.0.3002)
Windows Driver Package - Intel System (09/15/2006 7.0.0.1011)
Windows Driver Package - Intel System (09/15/2006 8.0.0.1008)
Windows Driver Package - Intel System (09/15/2006 8.0.0.1010)
Windows Driver Package - Intel System (09/15/2006 8.2.0.1000)
Windows Driver Package - Intel USB (09/15/2006 8.0.0.1008)
Windows Driver Package - Lenovo (IBMPMDRV) System (05/31/2007 1.43)
Windows Driver Package - Ricoh Company MMC Host Controller (08/08/2007 6.00.03.02)
Windows Driver Package - Ricoh Company MS Host Controller (07/30/2007 6.00.01.11)
Windows Driver Package - Ricoh Company xD Host Controller (07/30/2007 6.00.01.13)
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Xvid 1.1.3 final uninstall

==== End Of File ===========================
effingcow
Regular Member
 
Posts: 31
Joined: August 29th, 2008, 11:57 am
Location: Aruba

Re: HJT checkup

Unread postby effingcow » March 9th, 2009, 3:47 pm

oh yes, hello... This too.

========== FILES ==========
C:\Users\Waterproof\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ELH4MO9K\index[1].htm moved successfully.
C:\Users\Waterproof\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report1e80bb31\Report.cab moved successfully.
C:\Users\Waterproof\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report1e8706c1\Report.cab moved successfully.
C:\Users\Waterproof\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report1e872633\Report.cab moved successfully.
C:\Users\Waterproof\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report1e8736d6\Report.cab moved successfully.
C:\Users\Waterproof\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report1e8750bc\Report.cab moved successfully.
C:\Users\Waterproof\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report1e8778c5\Report.cab moved successfully.
C:\Users\Waterproof\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report1e87a226\Report.cab moved successfully.
========== COMMANDS ==========
File delete failed. C:\Users\WATERP~1\AppData\Local\Temp\Word8.0\ShockwaveFlashObjects.exd scheduled to be deleted on reboot.
File delete failed. C:\Users\WATERP~1\AppData\Local\Temp\hsperfdata_Waterproof\4496 scheduled to be deleted on reboot.
File delete failed. C:\Users\WATERP~1\AppData\Local\Temp\etilqs_ANKTmdU9A47bb6czvIta scheduled to be deleted on reboot.
File delete failed. C:\Users\WATERP~1\AppData\Local\Temp\etilqs_ANKTmdU9A47bb6czvIta-journal scheduled to be deleted on reboot.
File delete failed. C:\Users\WATERP~1\AppData\Local\Temp\etilqs_sGohiNgHz1Kkpl00dWrw scheduled to be deleted on reboot.
File delete failed. C:\Users\WATERP~1\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be deleted on reboot.
File delete failed. C:\Users\WATERP~1\AppData\Local\Temp\mso3A6.wmf scheduled to be deleted on reboot.
File delete failed. C:\Users\WATERP~1\AppData\Local\Temp\~DF1793.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\WATERP~1\AppData\Local\Temp\~DF1CC8.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\WATERP~1\AppData\Local\Temp\~DF1FC6.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\WATERP~1\AppData\Local\Temp\~DF3855.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\WATERP~1\AppData\Local\Temp\~DF3891.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\WATERP~1\AppData\Local\Temp\~DF4DB2.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\WATERP~1\AppData\Local\Temp\~DF4DC2.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\WATERP~1\AppData\Local\Temp\~DF503A.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\WATERP~1\AppData\Local\Temp\~DF5AE.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\WATERP~1\AppData\Local\Temp\~DF60A2.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\WATERP~1\AppData\Local\Temp\~DF62A0.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\WATERP~1\AppData\Local\Temp\~DF7521.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\WATERP~1\AppData\Local\Temp\~DF7538.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\WATERP~1\AppData\Local\Temp\~DF7563.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\WATERP~1\AppData\Local\Temp\~DFA38B.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\WATERP~1\AppData\Local\Temp\~DFBF4C.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\WATERP~1\AppData\Local\Temp\~DFBF5B.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\WATERP~1\AppData\Local\Temp\~DFCC35.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\WATERP~1\AppData\Local\Temp\~DFE7E4.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\WATERP~1\AppData\Local\Temp\~WRD0238.doc scheduled to be deleted on reboot.
File delete failed. C:\Users\WATERP~1\AppData\Local\Temp\~WRF2289.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\WATERP~1\AppData\Local\Temp\~WRS3531.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\Windows\temp\_avast4_\unp118019041.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\_avast4_\unp120794176.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\_avast4_\unp209246447.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\_avast4_\unp217422261.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\_avast4_\unp3511655.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\_avast4_\unp36275039.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\_avast4_\unp48951405.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
Windows Temp folder emptied.
File delete failed. C:\Users\Waterproof\AppData\Local\Mozilla\Firefox\Profiles\qwhnxym8.default\OfflineCache\index.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Users\Waterproof\AppData\Local\Mozilla\Firefox\Profiles\qwhnxym8.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Waterproof\AppData\Local\Mozilla\Firefox\Profiles\qwhnxym8.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Waterproof\AppData\Local\Mozilla\Firefox\Profiles\qwhnxym8.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Waterproof\AppData\Local\Mozilla\Firefox\Profiles\qwhnxym8.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Waterproof\AppData\Local\Mozilla\Firefox\Profiles\qwhnxym8.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03092009_111017
effingcow
Regular Member
 
Posts: 31
Joined: August 29th, 2008, 11:57 am
Location: Aruba

Re: HJT checkup

Unread postby Rodav » March 9th, 2009, 4:41 pm

With reference to Malware Removal's P2P Programs Policy, please uninstall the following programs before we continue:

  1. Click on Start > Control Panel and double click on Programs and Features.
  2. Locate LimeWire 4.18.8 and click on the Uninstall button to uninstall it.
  3. Repeat for any other P2P program.
  4. Close Control Panel when done.

  1. Open HijackThis.
  2. Click on the Open the Misc Tools section button.
  3. Look under System tools.
  4. Click on the Open Uninstall Manager... button.
  5. Click on the Save list... button.
  6. It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  7. Notepad will open. Please post this log in your next reply.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1480
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: HJT checkup

Unread postby effingcow » March 11th, 2009, 12:55 am

Hey,

how's it going? here's the uninstall list and also I restarted my computer after deleting temp, and i got the following log.

32 Bit HP CIO Components Installer
Access Help
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.3
Adobe Shockwave Player
AltoMP3 Gold 5.20
Apple Mobile Device Support
Apple Software Update
avast! Antivirus
Bejeweled 2 Deluxe 1.1.3.2523
Camera Center
Client Security Solution
Compatibility Pack for the 2007 Office system
Diskeeper Home
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DIY Writer
Drag-to-Disc
Full Tilt Poker
Help Center
HijackThis 2.0.2
HP Customer Participation Program 10.0
HP Imaging Device Functions 10.0
HP Photosmart C4340 All-In-One Driver Software 10.0 Rel .3
HP Photosmart Essential 2.5
HP Smart Web Printing
HP Solution Center 10.0
HP Update
Integrated Camera
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
InterVideo WinDVD
iTunes
Java(TM) 6 Update 11
Java(TM) 6 Update 7
Lenovo Registration
Lenovo System Interface Driver
Lexmark X5100 Series
Maintenance Manager
Message Center
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft Office 2000 SR-1 Small Business
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.7)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
Multimedia Center For Think Offerings
OCR Software by I.R.I.S. 10.0
On Screen Display
OpenOffice.org 3.0
PC-Doctor 5 for Windows
Picasa 2
PokerStars
PopCap Browser Plugin
Presentation Director
Productivity Center Supplement for ThinkPad
QuickTime
Registry patch for Windows Vista USB S3 PM Enablement
Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista
Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista
Registry patch to improve USB device detection on resume from sleep for Windows Vista
Rescue and Recovery
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
Safari
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Shop for HP Supplies
Sonic Icons for Lenovo
SoundMAX
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
System Migration Assistant
System Update
ThinkPad Bluetooth with Enhanced Data Rate Software 6.0.1.4900
ThinkPad EasyEject Utility
ThinkPad FullScreen Magnifier
ThinkPad Mobility Center Customization
ThinkPad Modem
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad UltraNav Driver
ThinkPad UltraNav Utility
Thinkpad Wireless LAN Adapters Software (11a/b/g/n)
ThinkVantage Access Connections
ThinkVantage Active Protection System
ThinkVantage Productivity Center
ThinkVantage Technologies Welcome Message
Trillian
VitalSource Bookshelf
Wallpapers
Windows Driver Package - Intel (e1express) Net (04/26/2007 9.7.240.0)
Windows Driver Package - Intel (iaStor) hdc (02/12/2007 7.0.0.1020)
Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011)
Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011)
Windows Driver Package - Intel hdc (12/06/2006 6.8.0.3002)
Windows Driver Package - Intel System (09/15/2006 7.0.0.1011)
Windows Driver Package - Intel System (09/15/2006 8.0.0.1008)
Windows Driver Package - Intel System (09/15/2006 8.0.0.1010)
Windows Driver Package - Intel System (09/15/2006 8.2.0.1000)
Windows Driver Package - Intel USB (09/15/2006 8.0.0.1008)
Windows Driver Package - Lenovo (IBMPMDRV) System (05/31/2007 1.43)
Windows Driver Package - Ricoh Company MMC Host Controller (08/08/2007 6.00.03.02)
Windows Driver Package - Ricoh Company MS Host Controller (07/30/2007 6.00.01.11)
Windows Driver Package - Ricoh Company xD Host Controller (07/30/2007 6.00.01.13)
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Xvid 1.1.3 final uninstall




========== FILES ==========
C:\Users\Waterproof\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ELH4MO9K\index[1].htm moved successfully.
C:\Users\Waterproof\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report1e80bb31\Report.cab moved successfully.
C:\Users\Waterproof\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report1e8706c1\Report.cab moved successfully.
C:\Users\Waterproof\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report1e872633\Report.cab moved successfully.
C:\Users\Waterproof\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report1e8736d6\Report.cab moved successfully.
C:\Users\Waterproof\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report1e8750bc\Report.cab moved successfully.
C:\Users\Waterproof\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report1e8778c5\Report.cab moved successfully.
C:\Users\Waterproof\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report1e87a226\Report.cab moved successfully.
========== COMMANDS ==========
File delete failed. C:\Users\WATERP~1\AppData\Local\Temp\Word8.0\ShockwaveFlashObjects.exd scheduled to be deleted on reboot.
File delete failed. C:\Users\WATERP~1\AppData\Local\Temp\hsperfdata_Waterproof\4496 scheduled to be deleted on reboot.
File delete failed. C:\Users\WATERP~1\AppData\Local\Temp\etilqs_ANKTmdU9A47bb6czvIta scheduled to be deleted on reboot.
File delete failed. C:\Users\WATERP~1\AppData\Local\Temp\etilqs_ANKTmdU9A47bb6czvIta-journal scheduled to be deleted on reboot.
File delete failed. C:\Users\WATERP~1\AppData\Local\Temp\etilqs_sGohiNgHz1Kkpl00dWrw scheduled to be deleted on reboot.
File delete failed. C:\Users\WATERP~1\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be deleted on reboot.
File delete failed. C:\Users\WATERP~1\AppData\Local\Temp\mso3A6.wmf scheduled to be deleted on reboot.
File delete failed. C:\Users\WATERP~1\AppData\Local\Temp\~DF1793.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\WATERP~1\AppData\Local\Temp\~DF1CC8.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\WATERP~1\AppData\Local\Temp\~DF1FC6.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\WATERP~1\AppData\Local\Temp\~DF3855.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\WATERP~1\AppData\Local\Temp\~DF3891.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\WATERP~1\AppData\Local\Temp\~DF4DB2.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\WATERP~1\AppData\Local\Temp\~DF4DC2.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\WATERP~1\AppData\Local\Temp\~DF503A.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\WATERP~1\AppData\Local\Temp\~DF5AE.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\WATERP~1\AppData\Local\Temp\~DF60A2.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\WATERP~1\AppData\Local\Temp\~DF62A0.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\WATERP~1\AppData\Local\Temp\~DF7521.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\WATERP~1\AppData\Local\Temp\~DF7538.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\WATERP~1\AppData\Local\Temp\~DF7563.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\WATERP~1\AppData\Local\Temp\~DFA38B.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\WATERP~1\AppData\Local\Temp\~DFBF4C.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\WATERP~1\AppData\Local\Temp\~DFBF5B.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\WATERP~1\AppData\Local\Temp\~DFCC35.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\WATERP~1\AppData\Local\Temp\~DFE7E4.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\WATERP~1\AppData\Local\Temp\~WRD0238.doc scheduled to be deleted on reboot.
File delete failed. C:\Users\WATERP~1\AppData\Local\Temp\~WRF2289.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\WATERP~1\AppData\Local\Temp\~WRS3531.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\Windows\temp\_avast4_\unp118019041.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\_avast4_\unp120794176.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\_avast4_\unp209246447.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\_avast4_\unp217422261.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\_avast4_\unp3511655.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\_avast4_\unp36275039.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\_avast4_\unp48951405.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
Windows Temp folder emptied.
File delete failed. C:\Users\Waterproof\AppData\Local\Mozilla\Firefox\Profiles\qwhnxym8.default\OfflineCache\index.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Users\Waterproof\AppData\Local\Mozilla\Firefox\Profiles\qwhnxym8.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Waterproof\AppData\Local\Mozilla\Firefox\Profiles\qwhnxym8.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Waterproof\AppData\Local\Mozilla\Firefox\Profiles\qwhnxym8.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Waterproof\AppData\Local\Mozilla\Firefox\Profiles\qwhnxym8.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Waterproof\AppData\Local\Mozilla\Firefox\Profiles\qwhnxym8.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03092009_111017

Files moved on Reboot...
C:\Users\WATERP~1\AppData\Local\Temp\Word8.0\ShockwaveFlashObjects.exd moved successfully.
File C:\Users\WATERP~1\AppData\Local\Temp\hsperfdata_Waterproof\4496 not found!
File C:\Users\WATERP~1\AppData\Local\Temp\etilqs_ANKTmdU9A47bb6czvIta not found!
File C:\Users\WATERP~1\AppData\Local\Temp\etilqs_ANKTmdU9A47bb6czvIta-journal not found!
File C:\Users\WATERP~1\AppData\Local\Temp\etilqs_sGohiNgHz1Kkpl00dWrw not found!
C:\Users\WATERP~1\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\WATERP~1\AppData\Local\Temp\mso3A6.wmf moved successfully.
File C:\Users\WATERP~1\AppData\Local\Temp\~DF1793.tmp not found!
File C:\Users\WATERP~1\AppData\Local\Temp\~DF1CC8.tmp not found!
File C:\Users\WATERP~1\AppData\Local\Temp\~DF1FC6.tmp not found!
File C:\Users\WATERP~1\AppData\Local\Temp\~DF3855.tmp not found!
File C:\Users\WATERP~1\AppData\Local\Temp\~DF3891.tmp not found!
File C:\Users\WATERP~1\AppData\Local\Temp\~DF4DB2.tmp not found!
File C:\Users\WATERP~1\AppData\Local\Temp\~DF4DC2.tmp not found!
File C:\Users\WATERP~1\AppData\Local\Temp\~DF503A.tmp not found!
File C:\Users\WATERP~1\AppData\Local\Temp\~DF5AE.tmp not found!
File C:\Users\WATERP~1\AppData\Local\Temp\~DF60A2.tmp not found!
File C:\Users\WATERP~1\AppData\Local\Temp\~DF62A0.tmp not found!
File C:\Users\WATERP~1\AppData\Local\Temp\~DF7521.tmp not found!
File C:\Users\WATERP~1\AppData\Local\Temp\~DF7538.tmp not found!
File C:\Users\WATERP~1\AppData\Local\Temp\~DF7563.tmp not found!
File C:\Users\WATERP~1\AppData\Local\Temp\~DFA38B.tmp not found!
File C:\Users\WATERP~1\AppData\Local\Temp\~DFBF4C.tmp not found!
File C:\Users\WATERP~1\AppData\Local\Temp\~DFBF5B.tmp not found!
File C:\Users\WATERP~1\AppData\Local\Temp\~DFCC35.tmp not found!
File C:\Users\WATERP~1\AppData\Local\Temp\~DFE7E4.tmp not found!
File C:\Users\WATERP~1\AppData\Local\Temp\~WRD0238.doc not found!
C:\Users\WATERP~1\AppData\Local\Temp\~WRF2289.tmp moved successfully.
C:\Users\WATERP~1\AppData\Local\Temp\~WRS3531.tmp moved successfully.
File C:\Windows\temp\_avast4_\unp118019041.tmp not found!
File C:\Windows\temp\_avast4_\unp120794176.tmp not found!
File C:\Windows\temp\_avast4_\unp209246447.tmp not found!
File C:\Windows\temp\_avast4_\unp217422261.tmp not found!
File C:\Windows\temp\_avast4_\unp3511655.tmp not found!
File C:\Windows\temp\_avast4_\unp36275039.tmp not found!
File C:\Windows\temp\_avast4_\unp48951405.tmp not found!
File move failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
C:\Users\Waterproof\AppData\Local\Mozilla\Firefox\Profiles\qwhnxym8.default\OfflineCache\index.sqlite moved successfully.
C:\Users\Waterproof\AppData\Local\Mozilla\Firefox\Profiles\qwhnxym8.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Waterproof\AppData\Local\Mozilla\Firefox\Profiles\qwhnxym8.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Waterproof\AppData\Local\Mozilla\Firefox\Profiles\qwhnxym8.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Waterproof\AppData\Local\Mozilla\Firefox\Profiles\qwhnxym8.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Waterproof\AppData\Local\Mozilla\Firefox\Profiles\qwhnxym8.default\urlclassifier3.sqlite moved successfully.


What are you thinking about my computer?
effingcow
Regular Member
 
Posts: 31
Joined: August 29th, 2008, 11:57 am
Location: Aruba

Re: HJT checkup

Unread postby Rodav » March 11th, 2009, 3:51 pm

I think I found out why your computer is slow. The good news is it doesn't look like malware is causing it. The bad news is your computer could really use some extra RAM. Vista is a pretty resource intensive operating system and any programs running will all be using RAM too, some more so than others. I would recommend at least 2GB of RAM on a computer with Vista installed.

You do have an old version of java installed which will need to be removed via Add/Remove programs also: Java(TM) 6 Update 7

If you have any questions let me know.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1480
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: HJT checkup

Unread postby NonSuch » March 17th, 2009, 2:08 am

Due to a lack of activity, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27302
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 28 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware