Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

cant run hijackthis

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: cant run hijackthis

Unread postby Trigger » October 11th, 2009, 11:56 pm

info.txt logfile of random's system information tool 1.06 2009-10-12 13:36:59

======Uninstall list======

32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Avira AntiVir Personal - Free Antivirus-->D:\Avira\AntiVir Desktop\setup.exe /REMOVE
CCleaner (remove only)-->"e:\Program Files\CCleaner\uninst.exe"
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
DM9XInst-->c:\Program Files\DAVICOM\DM9XInst\uninst2k.exe {D9E09B07-6C95-11D5-AEBB-00606E910201} PCI\ Win2k
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore-->MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock-->MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt-->MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
e-tax 2009-->MsiExec.exe /X{0A8C7880-F199-4807-ABD4-6E695B71A3D7}
fflink-->MsiExec.exe /I{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3-->E:\Program Files\HP\Digital Imaging\{D77D43B5-ED55-426b-B67B-E21F804F6102}\setup\hpzscr01.exe -datfile hposcr27.dat -onestop
HP Imaging Device Functions 10.0-->E:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Smart Web Printing-->E:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Update-->MsiExec.exe /X{11B83AD3-7A46-4C2E-A568-9505981D4C6F}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
Kodak EasyShare software-->C:\ProgramData\Kodak\EasyShareSetup\$SETUP_140001_328bb14\Setup.exe /APR-REMOVE
Malwarebytes' Anti-Malware-->"e:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft IPsec Diagnostic Tool-->MsiExec.exe /X{931DCC98-DA00-4908-8356-FB822088E278}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.5.3)-->e:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
netbrdg-->MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OGA Notifier 1.7.0105.35.0-->MsiExec.exe /I{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x9 -removeonly
SAMSUNG Mobile Modem Driver Set-->C:\Windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software-->C:\Windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\Windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\Windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
skin0001-->MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
staticcr-->MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Windows Driver Package - 2Wire (2WIREPCP) Net (03/22/2007 2.0)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\2wirepcp.inf_2b7726ce\2wirepcp.inf
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Family Safety-->MsiExec.exe /X{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}
Windows Live Mail-->MsiExec.exe /I{63C1109E-D977-49ED-BCE3-D00D0BF187D6}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Photo Gallery-->MsiExec.exe /X{3C52E7DA-C431-4239-B66B-1BF703D5B194}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}

======Hosts File======

::1 localhost

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: User-PC
Event Code: 6008
Message: The previous system shutdown at 12:06:54 PM on 10/12/2009 was unexpected.
Record Number: 83770
Source Name: EventLog
Time Written: 20091012020747.000000-000
Event Type: Error
User:

Computer Name: User-PC
Event Code: 15016
Message: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.
Record Number: 83780
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20091012020750.473537-000
Event Type: Error
User:

Computer Name: User-PC
Event Code: 7022
Message: The HP CUE DeviceDiscovery Service service hung on starting.
Record Number: 83845
Source Name: Service Control Manager
Time Written: 20091012020933.000000-000
Event Type: Error
User:

Computer Name: User-PC
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
Avgfwfd
BTHidMgr
Record Number: 83848
Source Name: Service Control Manager
Time Written: 20091012020933.000000-000
Event Type: Error
User:

Computer Name: User-PC
Event Code: 36
Message: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
Record Number: 83868
Source Name: volsnap
Time Written: 20091012023657.457137-000
Event Type: Error
User:

=====Application event log=====

Computer Name: User-PC
Event Code: 11
Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Record Number: 30223
Source Name: Microsoft-Windows-CAPI2
Time Written: 20091012005247.000000-000
Event Type: Error
User:

Computer Name: User-PC
Event Code: 1000
Message: Faulting application Explorer.EXE, version 6.0.6001.18164, time stamp 0x4907e242, faulting module ADVAPI32.dll, version 6.0.6001.18000, time stamp 0x4791a64b, exception code 0xc0000005, fault offset 0x0003f20c, process id 0x5ac, application start time 0x01ca4ad612b565bc.
Record Number: 30224
Source Name: Application Error
Time Written: 20091012005252.000000-000
Event Type: Error
User:

Computer Name: User-PC
Event Code: 64
Message: Certificate for local system with Thumbprint 4e 7c 54 42 2a 43 1a db de 20 36 77 0e b2 fa 58 fb 58 cd 44 is about to expire or already expired.
Record Number: 30269
Source Name: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Time Written: 20091012020802.000000-000
Event Type: Warning
User:

Computer Name: User-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 30282
Source Name: Microsoft-Windows-WMI
Time Written: 20091012020926.000000-000
Event Type: Error
User:

Computer Name: User-PC
Event Code: 11
Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Record Number: 30285
Source Name: Microsoft-Windows-CAPI2
Time Written: 20091012020939.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: User-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 26901
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091012033658.402137-000
Event Type: Audit Failure
User:

Computer Name: User-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 26902
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091012033658.436137-000
Event Type: Audit Failure
User:

Computer Name: User-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 26903
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091012033658.468137-000
Event Type: Audit Failure
User:

Computer Name: User-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 26904
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091012033658.501137-000
Event Type: Audit Failure
User:

Computer Name: User-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 26905
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091012033658.534137-000
Event Type: Audit Failure
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Windows\Microsoft.NET\Framework\v2.0.50727;C:\Program Files\QuickTime\QTSystem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE

-----------------EOF-----------------
Trigger
Regular Member
 
Posts: 55
Joined: September 16th, 2009, 7:05 am
Advertisement
Register to Remove

Re: cant run hijackthis

Unread postby Wingman » October 13th, 2009, 3:43 pm

Hello Trigger,
Thanks for getting the tasks done.. let's continue.
We can change Java so it won't be looking for updates... but we'll do that after you have removed the older, vulnerable version first.

Please do not run any "fix" programs and/or remove any files unless instructed to do so, by me. I need to see what's present in order to properly diagnose the problem(s) and recommend corrective actions. Thanks.

Please read these instructions carefully before executing and then perform the steps, in the order given.
lf, you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem.

Please print these instructions... you will be closing your browser, losing Internet access.

There is a file that need more information on... so I would like you to scan it with an online scanner.

Step 1.
Online Multi Antivirus file scan
Please go to either: Jotti or Virus Total and upload the following file(s) for scanning:

C:\Windows\system32\FsUsbExDisk.SYS

Using Jotti
  1. Please copy and paste... the above full path and file name(s)...in the text box next to the Browse button.
  2. Click on Submit..button.
  3. The file will be uploaded and scanned by various antivirus scanners..this may take a few minutes.
  4. When all scans have completed... Highlight the results text, beginning with "File...and select all text down to the last scan result.
  5. Copy the selected text... Open Notepad... Paste the contents into Notepad... Save the file to a convenient place.
  6. Please repeat this procedure for each file listed above.
  7. Paste the contents of all the Jotti scan results in your next reply.

Using Virus Total
  1. Please copy and paste... the above full path and file name(s)...in the text box next to the Browse button.
  2. Click on Send File...button.
  3. The file will be queued, uploaded and scanned by various antivirus scanners..this may take a few minutes.
  4. When the scan is completed...press the "Compact" icon
  5. The results will be shown in a grid like window...please Select and Copy the entire contents.
  6. Open Notepad...Paste the result contents into the Notepad window...Save this file to a convenient place.
  7. Please repeat this procedure for each file listed above.
  8. Paste the contents of all the Virus Total results in your next reply.

Step 2.
Java Update Needed!
Your Java is out of date.
Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
Please follow these steps to remove older versions of Java components and update:

Attention: Print these instructions or copy them. You will be closing your browser!!

DOWNLOAD UPDATED VERSION
  1. Get the latest version of Java Runtime Environment (JRE)... © Sun Microsystems, Inc.
  2. Look for "Java Runtime Environment (JRE)" JRE 6 Update 16.
  3. Click the "Download" button to the right.
  4. Select your Platform: "Windows".
  5. Select your Language: "Multi-language".
  6. Read the License Agreement, and then check the box that says: "Accept License Agreement".
  7. Click Continue and the page will refresh.
  8. Click on the link to download Windows Offline Installation and save the file to your desktop.
    <STOP> Do not install the new version of Java yet. We need to do some cleanup first!

REMOVE OLD JAVA VERSIONS
  1. Close any programs you may have running - especially your web browser.
  2. Go to Start > Settings > Control Panel.
  3. Double-click on Add/Remove Programs ...remove all older versions of Java.
    Java(TM) 6 Update 13
    Java(TM) 6 Update 7
  4. Check (highlight) one at a time... the above entries.
  5. Click the Remove or Change/Remove button...follow any onscreen instructions for the Java uninstaller.
  6. Repeat steps 4-5, for each version of Java listed.
  7. When all Java components are removed... Exit Add/remove Programs and Control Panel.
    Delete old Java Folder
    • Right click on the Start...button.
    • Select Explore...from the menu.
    • Navigate to and find the following folder: if found, delete it.
      It's possible it may have been removed by the uninstall steps
      C:\Program Files\Java\ <==== delete this entire folder
    • When finished, close and exit Explorer.

INSTALL UPDATED VERSION
  1. Close all open applications (standard), especially your browser.
  2. From desktop... right-click on jre-6u16-windows-i586.exe, select Run as Administrator to install the newest version.
  3. Follow the on-screen directions...when installation is completed successfully, reboot your computer normally.
  4. Once the computer has been restarted, you can delete the "downloaded" installation file from your desktop.

Step 3.
RSIT (Random's System Information Tool)
You should still have this program on your desktop. If so, just ignore the download instructions.
Please download RSIT by random/random... save it to your desktop.

In order for both info and log files to be produced again, I need you to delete the existing RSIT folder:
  1. C:\RSIT <-- delete this entire folder , then...
  2. Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
  3. Please read the disclaimer... click on Continue.
    RSIT will start running. When done... 2 (Notepad) text files...will be produced.
    The first one, "log.txt", <<will be maximized... the second one, "info.txt", <<will be minimized.
  4. Please post both... "log.txt" and "info.txt", file contents in your next reply.
    (These logs can be lengthy, so post 1 log per reply please.)

Step 4.
Kaspersky Online Scanner.
Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go to Kaspersky Online Virus Scanner © Kaspersky Lab to perform an online antivirus scan.
  1. Click on the Image ...button.
  2. The program will launch and fill in the Information section ... on the left.
  3. Read the "Requirements and Limitations" then press... the Image ...button.
  4. The program will begin downloading the latest program and definition files.
    It takes a while... please be patient and let it finish.
  5. Once the files have been downloaded, click on the Image ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the Image ...button, if you made any changes.
  6. Now under the Scan section on the left:
      Select My Computer
  7. The program will start and scan your system. This will run for a while, be patient... let it run.
    Once the scan is complete it will display if your system has been infected.
  8. Save the scan results as a Text file ... save it to your desktop.
  9. Copy and paste the saved scan results file in your next reply.

Step 5.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. Jotti or Virus Total scan results
  3. Old Java removed, new installed OK?
  4. RSIT new log.txt and info.txt file contents.
  5. KAS scan results.
  6. How is the computer behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14115
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: cant run hijackthis

Unread postby Trigger » October 14th, 2009, 12:08 am

hello wingman
1. Any problem executing the instructions? no all good nice and clear :)
2. Jotti or Virus Total? scan results in next reply
3. Old Java removed, new installed OK? yes, no problems at all.
4. RSIT new log.txt and info.txt file contents. reply after virus scan.
5. KAS scan results. had a bit of trouble here online scanner was "down"
6. How is the computer behaving? yeah not to bad web surfing is a bit slow pages are fine youtube and the like are a bit on the slow side.
Trigger
Regular Member
 
Posts: 55
Joined: September 16th, 2009, 7:05 am

Re: cant run hijackthis

Unread postby Trigger » October 14th, 2009, 12:09 am

File FsUsbExDisk.Sys received on 2009.10.14 03:30:28 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 0/41 (0%)
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 40 and 57 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email:


Antivirus Version Last Update Result
a-squared 4.5.0.41 2009.10.14 -
AhnLab-V3 5.0.0.2 2009.10.13 -
AntiVir 7.9.1.35 2009.10.13 -
Antiy-AVL 2.0.3.7 2009.10.14 -
Authentium 5.1.2.4 2009.10.14 -
Avast 4.8.1351.0 2009.10.13 -
AVG 8.5.0.420 2009.10.13 -
BitDefender 7.2 2009.10.14 -
CAT-QuickHeal 10.00 2009.10.13 -
ClamAV 0.94.1 2009.10.14 -
Comodo 2599 2009.10.13 -
DrWeb 5.0.0.12182 2009.10.13 -
eSafe 7.0.17.0 2009.10.13 -
eTrust-Vet 35.1.7066 2009.10.13 -
F-Prot 4.5.1.85 2009.10.13 -
F-Secure 8.0.14470.0 2009.10.14 -
Fortinet 3.120.0.0 2009.10.14 -
GData 19 2009.10.14 -
Ikarus T3.1.1.72.0 2009.10.14 -
Jiangmin 11.0.800 2009.10.08 -
K7AntiVirus 7.10.869 2009.10.13 -
Kaspersky 7.0.0.125 2009.10.14 -
McAfee 5770 2009.10.13 -
McAfee+Artemis 5770 2009.10.13 -
McAfee-GW-Edition 6.8.5 2009.10.14 -
Microsoft 1.5101 2009.10.13 -
NOD32 4504 2009.10.13 -
Norman 6.01.09 2009.10.12 -
nProtect 2009.1.8.0 2009.10.13 -
Panda 10.0.2.2 2009.10.14 -
PCTools 4.4.2.0 2009.10.13 -
Prevx 3.0 2009.10.14 -
Rising 21.51.20.00 2009.10.14 -
Sophos 4.46.0 2009.10.14 -
Sunbelt 3.2.1858.2 2009.10.14 -
Symantec 1.4.4.12 2009.10.14 -
TheHacker 6.5.0.2.041 2009.10.14 -
TrendMicro 8.950.0.1094 2009.10.13 -
VBA32 3.12.10.11 2009.10.13 -
ViRobot 2009.10.14.1983 2009.10.14 -
VirusBuster 4.6.5.0 2009.10.13 -
Additional information
File size: 36608 bytes
MD5...: 790a4ca68f44be35967b3df61f3e4675
SHA1..: bd0ea1bd82cfff4129b486d4d2f6661e3f28d318
SHA256: 7cbc77c620aba75fef4ba8ad9c38766d50cd18106eba4693f162f2c5a7d46aa8
ssdeep: 768:o04pOmckpdHXCDwdGSlAK5uVEWA69ir1FmU:oncUyEdGShwEWG1FmU

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x6d1f
timedatestamp.....: 0x48c8bdc2 (Thu Sep 11 06:42:10 2008)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x260 0x6cfe 0x6d00 6.57 8022e15a8918cb4af57e6d43d51c9b4c
.data 0x6f60 0x11a0 0x11a0 0.82 9d966a7c58463c4d95af560266df5b39
INIT 0x8100 0x564 0x580 5.17 24e35a4a457a8a9b599721f5c8fbc294
.reloc 0x8680 0x876 0x880 6.44 74e8722b79e3fe3758d06246890e01d2

( 2 imports )
> ntoskrnl.exe: KeEnterCriticalRegion, sprintf, ExAcquireResourceSharedLite, IoFreeIrp, KeSetEvent, KeWaitForSingleObject, IofCallDriver, KeGetCurrentThread, IoAllocateIrp, KeInitializeEvent, RtlFreeAnsiString, RtlUnicodeStringToAnsiString, IoGetCurrentProcess, PsGetCurrentProcessId, strncpy, ZwClose, ObfDereferenceObject, IoAttachDeviceToDeviceStack, IoCreateDevice, IoGetRelatedDeviceObject, ObReferenceObjectByHandle, ZwCreateFile, ExAcquireResourceExclusiveLite, IoQueryVolumeInformation, IoAttachDeviceByPointer, KeQuerySystemTime, ExInterlockedPopEntrySList, ExInterlockedPushEntrySList, ProbeForWrite, _except_handler3, IoDeleteDevice, IoDetachDevice, ExQueueWorkItem, IofCompleteRequest, MmMapLockedPages, DbgPrint, IoDeleteSymbolicLink, ExInitializeNPagedLookasideList, ExInitializeResourceLite, IoCreateSymbolicLink, NtBuildNumber, ExReleaseResourceLite, KeLeaveCriticalRegion, ExAllocatePoolWithTag, RtlInitUnicodeString, ExFreePool
> HAL.dll: KeQueryPerformanceCounter, ExAcquireFastMutex, ExReleaseFastMutex, KeGetCurrentIrql

( 0 exports )

RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=790a4ca68f44be35967b3df61f3e4675' target='_blank'>http://www.threatexpert.com/report.aspx?md5=790a4ca68f44be35967b3df61f3e4675</a>
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
Trigger
Regular Member
 
Posts: 55
Joined: September 16th, 2009, 7:05 am

Re: cant run hijackthis

Unread postby Trigger » October 14th, 2009, 12:10 am

Logfile of random's system information tool 1.06 (written by random/random)
Run by User at 2009-10-14 13:54:35
Microsoft® Windows Vista™ Home Basic Service Pack 1
System drive C: has 916 MB (6%) free of 15 GB
Total RAM: 1917 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:54:46 PM, on 10/14/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Windows\System32\rundll32.exe
E:\Program Files\HP\HP Software Update\hpwuSchd2.exe
D:\Avira\AntiVir Desktop\avgnt.exe
E:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
E:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
E:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\User\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\User.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.malwareremoval.com/forum/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - E:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "e:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [avgnt] "D:\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - E:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Update Service (gupdate1c9a391f4bedba5) (gupdate1c9a391f4bedba5) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: NBService - Unknown owner - D:\Program Files\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

--
End of file - 5855 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
Windows Live Family Safety Browser Helper Class - C:\Program Files\Windows Live\Family Safety\fssbho.dll [2009-02-06 61808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - E:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-14 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - E:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-09-19 4702208]
"fssui"=C:\Program Files\Windows Live\Family Safety\fsui.exe [2009-02-06 454000]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-02-18 13683232]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2009-02-18 92704]
"HP Software Update"=E:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"Malwarebytes Anti-Malware (reboot)"=e:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"avgnt"=D:\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"SunJavaUpdateSched"=E:\Program Files\Java\jre6\bin\jusched.exe [2009-10-14 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 3 months======

2009-10-14 13:54:35 ----DC---- C:\rsit
2009-10-14 13:54:35 ----DC---- \rsit
2009-10-14 13:46:20 ----AC---- C:\Windows\system32\javaws.exe
2009-10-14 13:46:20 ----AC---- C:\Windows\system32\javaw.exe
2009-10-14 13:46:20 ----AC---- C:\Windows\system32\java.exe
2009-10-07 04:28:32 ----DC---- C:\Program Files\ERUNT
2009-10-04 01:30:31 ----C---- C:\Windows\system32\MpSigStub.exe
2009-09-30 09:25:41 ----DC---- C:\Users\User\AppData\Roaming\Malwarebytes
2009-09-30 08:56:03 ----AC---- C:\Windows\system32\CF14287.exe
2009-09-30 08:56:00 ----AC---- C:\Windows\system32\swsc.exe
2009-09-29 10:46:46 ----DC---- C:\Windows\temp
2009-09-29 10:45:38 ----SHDC---- C:\$RECYCLE.BIN
2009-09-29 10:45:38 ----SHDC---- \$RECYCLE.BIN
2009-09-27 03:10:44 ----AC---- C:\Windows\system32\tzres.dll
2009-09-26 16:47:37 ----AC---- C:\Windows\system32\jscript.dll
2009-09-26 16:47:27 ----AC---- C:\Windows\system32\TCPSVCS.EXE
2009-09-26 16:47:27 ----AC---- C:\Windows\system32\ROUTE.EXE
2009-09-26 16:47:27 ----AC---- C:\Windows\system32\NETSTAT.EXE
2009-09-26 16:47:27 ----AC---- C:\Windows\system32\netiohlp.dll
2009-09-26 16:47:27 ----AC---- C:\Windows\system32\MRINFO.EXE
2009-09-26 16:47:27 ----AC---- C:\Windows\system32\HOSTNAME.EXE
2009-09-26 16:47:27 ----AC---- C:\Windows\system32\finger.exe
2009-09-26 16:47:27 ----AC---- C:\Windows\system32\ARP.EXE
2009-09-26 16:47:26 ----AC---- C:\Windows\system32\netevent.dll
2009-09-26 16:46:13 ----AC---- C:\Windows\system32\wlanmsm.dll
2009-09-26 16:46:12 ----AC---- C:\Windows\system32\wlansvc.dll
2009-09-26 16:46:12 ----AC---- C:\Windows\system32\wlansec.dll
2009-09-26 16:46:12 ----AC---- C:\Windows\system32\L2SecHC.dll
2009-09-26 16:46:06 ----AC---- C:\Windows\system32\t2embed.dll
2009-09-26 16:46:06 ----AC---- C:\Windows\system32\fontsub.dll
2009-09-26 16:46:06 ----AC---- C:\Windows\system32\atmfd.dll
2009-09-26 16:46:05 ----AC---- C:\Windows\system32\dciman32.dll
2009-09-26 16:45:45 ----AC---- C:\Windows\system32\WMVCORE.DLL
2009-09-26 16:45:44 ----AC---- C:\Windows\system32\mf.dll
2009-09-26 16:45:36 ----AC---- C:\Windows\system32\atl.dll
2009-09-26 16:45:31 ----AC---- C:\Windows\system32\wkssvc.dll
2009-09-26 16:45:15 ----AC---- C:\Windows\system32\mshtml.dll
2009-09-26 16:45:14 ----AC---- C:\Windows\system32\ieframe.dll
2009-09-26 16:45:12 ----AC---- C:\Windows\system32\wininet.dll
2009-09-26 16:45:12 ----AC---- C:\Windows\system32\urlmon.dll
2009-09-26 16:45:12 ----AC---- C:\Windows\system32\msfeeds.dll
2009-09-26 16:45:12 ----AC---- C:\Windows\system32\iertutil.dll
2009-09-26 16:45:11 ----AC---- C:\Windows\system32\occache.dll
2009-09-26 16:45:11 ----AC---- C:\Windows\system32\iedkcs32.dll
2009-09-26 16:45:10 ----AC---- C:\Windows\system32\ieUnatt.exe
2009-09-26 16:45:10 ----AC---- C:\Windows\system32\ieui.dll
2009-09-26 16:45:10 ----AC---- C:\Windows\system32\iepeers.dll
2009-09-26 16:45:09 ----AC---- C:\Windows\system32\msfeedssync.exe
2009-09-26 16:45:09 ----AC---- C:\Windows\system32\msfeedsbs.dll
2009-09-26 16:45:09 ----AC---- C:\Windows\system32\jsproxy.dll
2009-09-26 16:45:09 ----AC---- C:\Windows\system32\iesysprep.dll
2009-09-26 16:45:09 ----AC---- C:\Windows\system32\iesetup.dll
2009-09-26 16:45:09 ----AC---- C:\Windows\system32\iernonce.dll
2009-09-26 16:45:09 ----AC---- C:\Windows\system32\ie4uinit.exe
2009-09-26 16:45:05 ----AC---- C:\Windows\system32\mstscax.dll
2009-09-26 16:44:58 ----AC---- C:\Windows\system32\avifil32.dll
2009-09-26 16:44:45 ----AC---- C:\Windows\system32\wmp.dll
2009-09-26 16:44:44 ----AC---- C:\Windows\system32\wmpdxm.dll
2009-09-26 16:44:43 ----AC---- C:\Windows\system32\spwmp.dll
2009-09-26 16:44:42 ----AC---- C:\Windows\system32\dxmasf.dll
2009-09-26 16:44:41 ----AC---- C:\Windows\system32\wmploc.DLL
2009-09-26 16:41:51 ----AC---- C:\Windows\system32\Apphlpdm.dll
2009-09-26 16:41:49 ----AC---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-09-26 13:41:42 ----AC---- C:\Windows\zip.exe
2009-09-26 13:41:42 ----AC---- C:\Windows\SWXCACLS.exe
2009-09-26 13:41:42 ----AC---- C:\Windows\SWSC.exe
2009-09-26 13:41:42 ----AC---- C:\Windows\SWREG.exe
2009-09-26 13:41:42 ----AC---- C:\Windows\sed.exe
2009-09-26 13:41:42 ----AC---- C:\Windows\NIRCMD.exe
2009-09-26 13:41:42 ----AC---- C:\Windows\grep.exe
2009-09-26 13:41:39 ----DC---- C:\Windows\ERDNT
2009-09-26 13:41:03 ----DC---- C:\Qoobox
2009-09-26 13:41:03 ----DC---- \Qoobox
2009-09-24 07:54:46 ----AC---- C:\RootRepeal report 09-24-09 (07-54-46).txt
2009-09-24 07:54:46 ----AC---- \RootRepeal report 09-24-09 (07-54-46).txt
2009-09-20 16:54:16 ----DC---- C:\Program Files\Trend Micro
2009-09-19 15:07:37 ----AC---- C:\MGtools.exe
2009-09-19 15:07:37 ----AC---- \MGtools.exe
2009-09-16 09:04:13 ----DC---- C:\Program Files\Common Files\iS3
2009-09-06 22:26:18 ----DC---- C:\Windows\BDOSCAN8
2009-09-05 21:32:40 ----AC---- C:\Windows\PhotoSnapViewer.INI
2009-08-26 04:23:34 ----DC---- C:\Windows\Sun
2009-08-25 13:03:00 ----DC---- C:\Users\User\AppData\Roaming\KodakCredentialStore
2009-08-25 12:59:43 ----DC---- C:\Users\User\AppData\Roaming\Skinux
2009-08-25 12:58:10 ----ASHC---- C:\Users\User\AppData\Roaming\desktop.ini
2009-08-25 12:57:27 ----DC---- C:\Users\User\AppData\Roaming\ArcSoft
2009-08-25 12:55:54 ----DC---- C:\Program Files\Common Files\ArcSoft
2009-08-25 12:55:00 ----DC---- C:\Program Files\Kodak
2009-08-25 12:52:50 ----DC---- C:\Program Files\Common Files\Kodak
2009-08-25 12:51:30 ----DC---- C:\Program Files\Common Files\MSSoap
2009-08-25 09:31:05 ----AC---- C:\Windows\NeroDigital.ini
2009-08-24 22:21:48 ----DC---- C:\Users\User\AppData\Roaming\AVG8
2009-08-08 21:22:08 ----DC---- C:\Program Files\MarkAnyContentSAFER
2009-08-08 21:06:31 ----DC---- C:\Windows\system32\Samsung_USB_Drivers
2009-08-08 21:05:07 ----AC---- C:\Windows\system32\FsUsbExDevice.Dll
2009-08-08 21:05:07 ----A---- C:\Windows\system32\FsUsbExService.Exe
2009-08-08 21:03:52 ----DC---- C:\Users\User\AppData\Roaming\Samsung
2009-07-17 09:46:17 ----AC---- C:\Windows\ODBC.INI

======List of files/folders modified in the last 3 months======

2009-10-14 13:51:03 ----SHD---- C:\System Volume Information
2009-10-14 13:51:03 ----SHD---- \System Volume Information
2009-10-14 13:47:12 ----DC---- C:\Windows\Prefetch
2009-10-14 13:46:29 ----SHDC---- C:\Windows\Installer
2009-10-14 13:46:29 ----DC---- C:\Config.Msi
2009-10-14 13:46:29 ----DC---- \Config.Msi
2009-10-14 13:46:20 ----DC---- C:\Windows\System32
2009-10-14 13:46:12 ----AC---- C:\Windows\system32\deploytk.dll
2009-10-14 13:44:52 ----RDC---- C:\Program Files
2009-10-14 13:44:52 ----RDC---- \Program Files
2009-10-14 13:42:17 ----DC---- C:\Program Files\Common Files
2009-10-12 12:12:45 ----DC---- C:\Windows\inf
2009-10-12 12:12:45 ----AC---- C:\Windows\system32\PerfStringBackup.INI
2009-10-12 10:59:42 ----DC---- C:\Program Files\Windows Live
2009-10-12 10:58:52 ----D---- C:\Windows\winsxs
2009-10-12 10:47:51 ----DC---- C:\ProgramData
2009-10-12 10:47:51 ----DC---- \ProgramData
2009-10-10 14:19:37 ----HDC---- C:\Program Files\InstallShield Installation Information
2009-10-10 14:04:25 ----DC---- C:\Windows
2009-10-10 14:04:25 ----DC---- \Windows
2009-10-10 13:51:16 ----DC---- C:\Windows\system32\catroot
2009-10-10 04:21:03 ----DC---- C:\Program Files\Common Files\microsoft shared
2009-10-10 04:19:07 ----DC---- C:\Windows\system32\drivers
2009-10-10 04:17:57 ----DC---- C:\Windows\system32\catroot2
2009-10-10 04:13:10 ----DC---- C:\Windows\Debug
2009-10-09 14:39:28 ----SDC---- C:\Windows\Downloaded Program Files
2009-10-09 13:56:23 ----DC---- C:\Program Files\Google
2009-10-09 13:42:50 ----DC---- C:\Windows\Tasks
2009-10-09 13:39:53 ----DC---- C:\Program Files\Common Files\Adobe
2009-10-09 13:39:53 ----DC---- C:\Program Files\Adobe
2009-10-07 14:02:13 ----DC---- C:\Program Files\Common Files\Symantec Shared
2009-09-30 08:56:03 ----DC---- C:\Windows\system32\en-US
2009-09-29 10:44:50 ----AC---- C:\Windows\system.ini
2009-09-29 10:42:42 ----DC---- C:\Windows\AppPatch
2009-09-27 03:35:52 ----D---- C:\Windows\rescache
2009-09-27 03:18:45 ----DC---- C:\Program Files\Microsoft Silverlight
2009-09-27 03:17:14 ----DC---- C:\Windows\system32\migration
2009-09-27 03:17:14 ----DC---- C:\Program Files\Windows Mail
2009-09-27 03:17:13 ----DC---- C:\Program Files\Windows Media Player
2009-09-27 03:17:13 ----DC---- C:\Program Files\Internet Explorer
2009-09-27 03:09:35 ----DC---- C:\Windows\Microsoft.NET
2009-09-26 14:04:35 ----DC---- C:\Windows\system32\config
2009-09-25 04:12:07 ----DC---- C:\Windows\Logs
2009-09-20 16:52:03 ----DC---- C:\Windows\system32\Tasks
2009-09-16 09:00:17 ----DC---- C:\Windows\system32\DRVSTORE
2009-09-08 19:55:24 ----DC---- C:\Windows\Minidump
2009-08-28 14:38:22 ----AC---- C:\Windows\system32\mrt.exe
2009-08-25 12:55:00 ----DC---- C:\Windows\Help
2009-08-25 12:54:17 ----RSDC---- C:\Windows\assembly
2009-08-24 22:39:06 ----SDC---- C:\Users\User\AppData\Roaming\Microsoft
2009-07-17 09:47:23 ----RSDC---- C:\Windows\Fonts
2009-07-17 09:41:08 ----DC---- C:\Windows\system

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\D:\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-07-28 55656]
R2 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-02-06 55280]
R3 DM9102; CNet PRO200 PCI Fast Ethernet NT Driver ; C:\Windows\system32\DRIVERS\DM9PCI5.SYS [2002-10-29 33280]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-09-19 1959832]
R3 NVENETFD;NVIDIA nForce 10/100 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2008-08-01 1052704]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-02-18 7765504]
S1 Avgfwfd;AVG network filter service; C:\Windows\system32\DRIVERS\avgfwd6x.sys [2009-08-24 23832]
S3 2WIREPCP;2Wire USB; C:\Windows\system32\DRIVERS\2WirePCP.sys [2007-03-23 60768]
S3 BlueletAudio;Bluetooth Audio Service; C:\Windows\system32\DRIVERS\blueletaudio.sys []
S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\Windows\system32\DRIVERS\BlueletSCOAudio.sys []
S3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys []
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-21 19456]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-21 131584]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-21 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-21 36864]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2008-11-14 36608]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2008-07-22 15600]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-21 49664]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-21 8192]
S3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2008-03-31 51200]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 VComm;Virtual Serial port driver; C:\Windows\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:\Windows\System32\Drivers\VcommMgr.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; D:\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; D:\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 fsssvc;Windows Live Family Safety; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-02-18 207392]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S2 gupdate1c9a391f4bedba5;Google Update Service (gupdate1c9a391f4bedba5); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-13 133104]
S3 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe []
S3 NBService;NBService; D:\Program Files\Nero 7\Nero BackItUp\NBService.exe []
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]

-----------------EOF-----------------
Trigger
Regular Member
 
Posts: 55
Joined: September 16th, 2009, 7:05 am

Re: cant run hijackthis

Unread postby Trigger » October 14th, 2009, 12:12 am

info.txt logfile of random's system information tool 1.06 2009-10-14 13:54:48

======Uninstall list======

32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Avira AntiVir Personal - Free Antivirus-->D:\Avira\AntiVir Desktop\setup.exe /REMOVE
CCleaner (remove only)-->"e:\Program Files\CCleaner\uninst.exe"
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
DM9XInst-->c:\Program Files\DAVICOM\DM9XInst\uninst2k.exe {D9E09B07-6C95-11D5-AEBB-00606E910201} PCI\ Win2k
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore-->MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock-->MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt-->MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
e-tax 2009-->MsiExec.exe /X{0A8C7880-F199-4807-ABD4-6E695B71A3D7}
fflink-->MsiExec.exe /I{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3-->E:\Program Files\HP\Digital Imaging\{D77D43B5-ED55-426b-B67B-E21F804F6102}\setup\hpzscr01.exe -datfile hposcr27.dat -onestop
HP Imaging Device Functions 10.0-->E:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Smart Web Printing-->E:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Update-->MsiExec.exe /X{11B83AD3-7A46-4C2E-A568-9505981D4C6F}
Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
Kodak EasyShare software-->C:\ProgramData\Kodak\EasyShareSetup\$SETUP_140001_328bb14\Setup.exe /APR-REMOVE
Malwarebytes' Anti-Malware-->"e:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft IPsec Diagnostic Tool-->MsiExec.exe /X{931DCC98-DA00-4908-8356-FB822088E278}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.5.3)-->e:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
netbrdg-->MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OGA Notifier 1.7.0105.35.0-->MsiExec.exe /I{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x9 -removeonly
SAMSUNG Mobile Modem Driver Set-->C:\Windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software-->C:\Windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\Windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\Windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
skin0001-->MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
staticcr-->MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Windows Driver Package - 2Wire (2WIREPCP) Net (03/22/2007 2.0)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\2wirepcp.inf_2b7726ce\2wirepcp.inf
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Family Safety-->MsiExec.exe /X{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}
Windows Live Mail-->MsiExec.exe /I{63C1109E-D977-49ED-BCE3-D00D0BF187D6}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Photo Gallery-->MsiExec.exe /X{3C52E7DA-C431-4239-B66B-1BF703D5B194}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}

======Hosts File======

::1 localhost

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: User-PC
Event Code: 36
Message: The time service has not synchronized the system time for 86400 seconds because none of the time service providers provided a usable time stamp. The time service will not update the local system time until it is able to synchronize with a time source. If the local system is configured to act as a time server for clients, it will stop advertising as a time source to clients. The time service will continue to retry and sync time with its time sources. Check system event log for other W32time events for more details. Run 'w32tm /resync' to force an instant time synchronization.
Record Number: 83902
Source Name: Microsoft-Windows-Time-Service
Time Written: 20091013020800.000000-000
Event Type: Warning
User:

Computer Name: User-PC
Event Code: 36
Message: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
Record Number: 83945
Source Name: volsnap
Time Written: 20091014035103.405891-000
Event Type: Error
User:

Computer Name: User-PC
Event Code: 15016
Message: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.
Record Number: 83949
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20091014035109.115723-000
Event Type: Error
User:

Computer Name: User-PC
Event Code: 7022
Message: The HP CUE DeviceDiscovery Service service hung on starting.
Record Number: 84015
Source Name: Service Control Manager
Time Written: 20091014035251.000000-000
Event Type: Error
User:

Computer Name: User-PC
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
Avgfwfd
BTHidMgr
Record Number: 84019
Source Name: Service Control Manager
Time Written: 20091014035251.000000-000
Event Type: Error
User:

=====Application event log=====

Computer Name: User-PC
Event Code: 64
Message: Certificate for local system with Thumbprint 4e 7c 54 42 2a 43 1a db de 20 36 77 0e b2 fa 58 fb 58 cd 44 is about to expire or already expired.
Record Number: 30328
Source Name: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Time Written: 20091013180802.000000-000
Event Type: Warning
User:

Computer Name: User-PC
Event Code: 64
Message: Certificate for local system with Thumbprint 4e 7c 54 42 2a 43 1a db de 20 36 77 0e b2 fa 58 fb 58 cd 44 is about to expire or already expired.
Record Number: 30329
Source Name: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Time Written: 20091014020802.000000-000
Event Type: Warning
User:

Computer Name: User-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 30359
Source Name: Microsoft-Windows-WMI
Time Written: 20091014035124.000000-000
Event Type: Error
User:

Computer Name: User-PC
Event Code: 64
Message: Certificate for local system with Thumbprint 4e 7c 54 42 2a 43 1a db de 20 36 77 0e b2 fa 58 fb 58 cd 44 is about to expire or already expired.
Record Number: 30364
Source Name: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Time Written: 20091014035219.000000-000
Event Type: Warning
User:

Computer Name: User-PC
Event Code: 11
Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Record Number: 30368
Source Name: Microsoft-Windows-CAPI2
Time Written: 20091014035256.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: User-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 26988
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091014035446.737323-000
Event Type: Audit Failure
User:

Computer Name: User-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 26989
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091014035446.771323-000
Event Type: Audit Failure
User:

Computer Name: User-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 26990
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091014035446.804323-000
Event Type: Audit Failure
User:

Computer Name: User-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 26991
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091014035446.837323-000
Event Type: Audit Failure
User:

Computer Name: User-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 26992
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091014035446.869323-000
Event Type: Audit Failure
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Windows\Microsoft.NET\Framework\v2.0.50727;C:\Program Files\QuickTime\QTSystem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE

-----------------EOF-----------------
Trigger
Regular Member
 
Posts: 55
Joined: September 16th, 2009, 7:05 am

Re: cant run hijackthis

Unread postby Wingman » October 15th, 2009, 12:39 pm

Hello Trigger,

Please do not run any "fix" programs and/or remove any files unless instructed to do so, by me. I need to see what's present in order to properly diagnose the problem(s) and recommend corrective actions. Thanks.

Please read these instructions carefully before executing and then perform the steps, in the order given.
lf, you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem.

Step 1.
ERUNT - Emergency Recovery Utility NT
You still have this installed... so we'll use it to make a backup of your registry.
Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.
Run:
This will create a full backup of your registry... ERUNT can be used to restore the registry from this backup, if needed.
  1. Please navigate to Start >> All Programs >> ERUNT... right-click and select Run As Administrator.
  2. Click on OK within the pop-up menu.
  3. In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  4. Next click on "OK"... at the prompt... reply "Yes".
    After a short duration the Registry backup is complete! pop-up message will appear.
  5. Now click on "OK". A registry backup has now been created.
< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!

Step 2.
OTM
  1. Please download OTM.exe...by Old Timer. Save it to your desktop.
  2. Right click on OTM.exe and select Run As Administrator to run it. If Windows UAC prompts, please allow it.
  3. Please copy and paste the text in the Code box below, into OTM (1).
    Please refer to the OTM screen image below, for reference.
    Warning: Do not type it out... errors could damage your machine.
    Code: Select all
    :Reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{85d1f590-48f4-11d9-9669-0800200c9a66}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{644E432F-49D3-41A1-8DD5-E099162EEEC5}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner]
    "CLSID"=-
    [-HKEY_CLASSES_ROOT\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}]
    :Commands
    [EmptyTemp]
    [Reboot]
    

    Please refer to this image to use OTM.exe

    Image
  4. Click on MoveIt! (2)
  5. The end results of the processing will be in 2 places:
    • The Results window on the right side of the OTM screen.
    • A log (text) file created in "C:\_OTM\MovedFiles\mmddyyyy_hhmmss.log"
  6. Copy all the text from the Results window... Open Notepad, paste the OTM results into the Notepad file, save it on your desktop.
  7. Click Exit (3) when done.
  8. Please paste the entire content from the OTM (Results) window (Notepad file) or the OTM log file, in your next reply.
NOTE: If your computer did not automatically reboot... please reboot it (normally) now!

Step 3.
RSIT (Random's System Information Tool)
You should still have this program on your desktop. If so, just ignore the download instructions.
Please download RSIT by random/random... save it to your desktop.

In order for both info and log files to be produced again, I need you to delete the existing RSIT folder:
  1. C:\RSIT <-- delete this entire folder , then...
  2. Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
  3. Please read the disclaimer... click on Continue.
    RSIT will start running. When done... 2 (Notepad) text files...will be produced.
    The first one, "log.txt", <<will be maximized... the second one, "info.txt", <<will be minimized.
  4. Please post both... "log.txt" and "info.txt", file contents in your next reply.
    (These logs can be lengthy, so post 1 log per reply please.)

Step 4.
ESET NOD32 Online Scan
Note: You - will - need to use Internet Explorer for this scan!
Vista users: You will need to to right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
Please temporarily disable your Anti-virus real-time protection. If active, it could impact the online scan.
AVIRA ANTIVIR
Please navigate to the system tray on the bottom right hand corner and look for an open white umbrella on red background (looks to this: Image )
  • right click it-> untick the option AntiVir Guard enable.
  • You should now see a closed, white umbrella on a red background (looks to this: Image )
Please go to ESET Online Scanner - © ESET All Rights Reserved... to run an online scan.
** Make sure you are using an account that has Administrative privileges **
    Press the "ESET Online Scanner" button.
  1. Check the box next to "YES, I accept the Terms of Use."
  2. Click "Start"... a window will open... it may appear nothing is happening... please be patient.
  3. Click Yes... at the run ActiveX prompt. Click Install... at the install ActiveX prompt.
    Once installed, the scanner will be initialized.
  4. Click "Start". Make sure that the options:
    • Remove found threats is UNCHECKED
    • Leave the "default" settings under Advanced as they are, if not set , please check:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
  5. Click "Start"... ESET scanner will begin to download the virus signatures database.
    When the signatures have been downloaded, the scan will start automatically.
  6. Wait for the scan to finish... it may take a while... please be patient. When the scan is finished...
  7. Use Notepad to open the log file located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste the contents of log.txt in your next reply.

Remember to enable your Anti-virus protection... before continuing!

Step 5.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. OTM results log.
  3. RSIT new log.txt and info.txt file contents.
  4. ESET scan results.
  5. How is the computer behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14115
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: cant run hijackthis

Unread postby Trigger » October 16th, 2009, 2:43 am

hey wingman thanks for your help so far its been really helpful here is the info you requested.
internet is still a little slow. trigger.
Last edited by Trigger on October 16th, 2009, 2:47 am, edited 1 time in total.
Trigger
Regular Member
 
Posts: 55
Joined: September 16th, 2009, 7:05 am

Re: cant run hijackthis

Unread postby Trigger » October 16th, 2009, 2:43 am

All processes killed
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{85d1f590-48f4-11d9-9669-0800200c9a66}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85d1f590-48f4-11d9-9669-0800200c9a66}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{644E432F-49D3-41A1-8DD5-E099162EEEC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{644E432F-49D3-41A1-8DD5-E099162EEEC5}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\\CLSID deleted successfully.
Registry key HKEY_CLASSES_ROOT\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: User
->Temp folder emptied: 50626429 bytes
File delete failed. C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 42095410 bytes
->Java cache emptied: 73862819 bytes
->FireFox cache emptied: 33141570 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 61430 bytes
RecycleBin emptied: 45056 bytes

Total Files Cleaned = 190.58 mb


OTM by OldTimer - Version 3.0.0.6 log created on 10162009_041839

Files moved on Reboot...

Registry entries deleted on Reboot...
Trigger
Regular Member
 
Posts: 55
Joined: September 16th, 2009, 7:05 am

Re: cant run hijackthis

Unread postby Trigger » October 16th, 2009, 2:44 am

Logfile of random's system information tool 1.06 (written by random/random)
Run by User at 2009-10-16 04:25:25
Microsoft® Windows Vista™ Home Basic Service Pack 1
System drive C: has 1 GB (7%) free of 15 GB
Total RAM: 1917 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:25:40 AM, on 10/16/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Windows\System32\rundll32.exe
E:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
D:\Avira\AntiVir Desktop\avgnt.exe
E:\Program Files\Java\jre6\bin\jusched.exe
E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
E:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
E:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\User\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\User.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.malwareremoval.com/forum/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - E:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "e:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [avgnt] "D:\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - E:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O18 - Protocol: linkscanner - (no CLSID) - (no file)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Update Service (gupdate1c9a391f4bedba5) (gupdate1c9a391f4bedba5) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: NBService - Unknown owner - D:\Program Files\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

--
End of file - 5052 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
Windows Live Family Safety Browser Helper Class - C:\Program Files\Windows Live\Family Safety\fssbho.dll [2009-02-06 61808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - E:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-14 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - E:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-09-19 4702208]
"fssui"=C:\Program Files\Windows Live\Family Safety\fsui.exe [2009-02-06 454000]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-02-18 13683232]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2009-02-18 92704]
"HP Software Update"=E:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"Malwarebytes Anti-Malware (reboot)"=e:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"avgnt"=D:\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"SunJavaUpdateSched"=E:\Program Files\Java\jre6\bin\jusched.exe [2009-10-14 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 3 months======

2009-10-16 04:25:25 ----DC---- C:\rsit
2009-10-16 04:25:25 ----DC---- \rsit
2009-10-16 04:18:39 ----DC---- C:\_OTM
2009-10-16 04:18:39 ----DC---- \_OTM
2009-10-14 13:46:20 ----AC---- C:\Windows\system32\javaws.exe
2009-10-14 13:46:20 ----AC---- C:\Windows\system32\javaw.exe
2009-10-14 13:46:20 ----AC---- C:\Windows\system32\java.exe
2009-10-07 04:28:32 ----DC---- C:\Program Files\ERUNT
2009-10-04 01:30:31 ----C---- C:\Windows\system32\MpSigStub.exe
2009-09-30 09:25:41 ----DC---- C:\Users\User\AppData\Roaming\Malwarebytes
2009-09-30 08:56:03 ----AC---- C:\Windows\system32\CF14287.exe
2009-09-30 08:56:00 ----AC---- C:\Windows\system32\swsc.exe
2009-09-29 10:46:46 ----DC---- C:\Windows\temp
2009-09-29 10:45:38 ----SHDC---- C:\$RECYCLE.BIN
2009-09-29 10:45:38 ----SHDC---- \$RECYCLE.BIN
2009-09-27 03:10:44 ----AC---- C:\Windows\system32\tzres.dll
2009-09-26 16:47:37 ----AC---- C:\Windows\system32\jscript.dll
2009-09-26 16:47:27 ----AC---- C:\Windows\system32\TCPSVCS.EXE
2009-09-26 16:47:27 ----AC---- C:\Windows\system32\ROUTE.EXE
2009-09-26 16:47:27 ----AC---- C:\Windows\system32\NETSTAT.EXE
2009-09-26 16:47:27 ----AC---- C:\Windows\system32\netiohlp.dll
2009-09-26 16:47:27 ----AC---- C:\Windows\system32\MRINFO.EXE
2009-09-26 16:47:27 ----AC---- C:\Windows\system32\HOSTNAME.EXE
2009-09-26 16:47:27 ----AC---- C:\Windows\system32\finger.exe
2009-09-26 16:47:27 ----AC---- C:\Windows\system32\ARP.EXE
2009-09-26 16:47:26 ----AC---- C:\Windows\system32\netevent.dll
2009-09-26 16:46:13 ----AC---- C:\Windows\system32\wlanmsm.dll
2009-09-26 16:46:12 ----AC---- C:\Windows\system32\wlansvc.dll
2009-09-26 16:46:12 ----AC---- C:\Windows\system32\wlansec.dll
2009-09-26 16:46:12 ----AC---- C:\Windows\system32\L2SecHC.dll
2009-09-26 16:46:06 ----AC---- C:\Windows\system32\t2embed.dll
2009-09-26 16:46:06 ----AC---- C:\Windows\system32\fontsub.dll
2009-09-26 16:46:06 ----AC---- C:\Windows\system32\atmfd.dll
2009-09-26 16:46:05 ----AC---- C:\Windows\system32\dciman32.dll
2009-09-26 16:45:45 ----AC---- C:\Windows\system32\WMVCORE.DLL
2009-09-26 16:45:44 ----AC---- C:\Windows\system32\mf.dll
2009-09-26 16:45:36 ----AC---- C:\Windows\system32\atl.dll
2009-09-26 16:45:31 ----AC---- C:\Windows\system32\wkssvc.dll
2009-09-26 16:45:15 ----AC---- C:\Windows\system32\mshtml.dll
2009-09-26 16:45:14 ----AC---- C:\Windows\system32\ieframe.dll
2009-09-26 16:45:12 ----AC---- C:\Windows\system32\wininet.dll
2009-09-26 16:45:12 ----AC---- C:\Windows\system32\urlmon.dll
2009-09-26 16:45:12 ----AC---- C:\Windows\system32\msfeeds.dll
2009-09-26 16:45:12 ----AC---- C:\Windows\system32\iertutil.dll
2009-09-26 16:45:11 ----AC---- C:\Windows\system32\occache.dll
2009-09-26 16:45:11 ----AC---- C:\Windows\system32\iedkcs32.dll
2009-09-26 16:45:10 ----AC---- C:\Windows\system32\ieUnatt.exe
2009-09-26 16:45:10 ----AC---- C:\Windows\system32\ieui.dll
2009-09-26 16:45:10 ----AC---- C:\Windows\system32\iepeers.dll
2009-09-26 16:45:09 ----AC---- C:\Windows\system32\msfeedssync.exe
2009-09-26 16:45:09 ----AC---- C:\Windows\system32\msfeedsbs.dll
2009-09-26 16:45:09 ----AC---- C:\Windows\system32\jsproxy.dll
2009-09-26 16:45:09 ----AC---- C:\Windows\system32\iesysprep.dll
2009-09-26 16:45:09 ----AC---- C:\Windows\system32\iesetup.dll
2009-09-26 16:45:09 ----AC---- C:\Windows\system32\iernonce.dll
2009-09-26 16:45:09 ----AC---- C:\Windows\system32\ie4uinit.exe
2009-09-26 16:45:05 ----AC---- C:\Windows\system32\mstscax.dll
2009-09-26 16:44:58 ----AC---- C:\Windows\system32\avifil32.dll
2009-09-26 16:44:45 ----AC---- C:\Windows\system32\wmp.dll
2009-09-26 16:44:44 ----AC---- C:\Windows\system32\wmpdxm.dll
2009-09-26 16:44:43 ----AC---- C:\Windows\system32\spwmp.dll
2009-09-26 16:44:42 ----AC---- C:\Windows\system32\dxmasf.dll
2009-09-26 16:44:41 ----AC---- C:\Windows\system32\wmploc.DLL
2009-09-26 16:41:51 ----AC---- C:\Windows\system32\Apphlpdm.dll
2009-09-26 16:41:49 ----AC---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-09-26 13:41:42 ----AC---- C:\Windows\zip.exe
2009-09-26 13:41:42 ----AC---- C:\Windows\SWXCACLS.exe
2009-09-26 13:41:42 ----AC---- C:\Windows\SWSC.exe
2009-09-26 13:41:42 ----AC---- C:\Windows\SWREG.exe
2009-09-26 13:41:42 ----AC---- C:\Windows\sed.exe
2009-09-26 13:41:42 ----AC---- C:\Windows\NIRCMD.exe
2009-09-26 13:41:42 ----AC---- C:\Windows\grep.exe
2009-09-26 13:41:39 ----DC---- C:\Windows\ERDNT
2009-09-26 13:41:03 ----DC---- C:\Qoobox
2009-09-26 13:41:03 ----DC---- \Qoobox
2009-09-24 07:54:46 ----AC---- C:\RootRepeal report 09-24-09 (07-54-46).txt
2009-09-24 07:54:46 ----AC---- \RootRepeal report 09-24-09 (07-54-46).txt
2009-09-20 16:54:16 ----DC---- C:\Program Files\Trend Micro
2009-09-19 15:07:37 ----AC---- C:\MGtools.exe
2009-09-19 15:07:37 ----AC---- \MGtools.exe
2009-09-16 09:04:13 ----DC---- C:\Program Files\Common Files\iS3
2009-09-06 22:26:18 ----DC---- C:\Windows\BDOSCAN8
2009-09-05 21:32:40 ----AC---- C:\Windows\PhotoSnapViewer.INI
2009-08-26 04:23:34 ----DC---- C:\Windows\Sun
2009-08-25 13:03:00 ----DC---- C:\Users\User\AppData\Roaming\KodakCredentialStore
2009-08-25 12:59:43 ----DC---- C:\Users\User\AppData\Roaming\Skinux
2009-08-25 12:58:10 ----ASHC---- C:\Users\User\AppData\Roaming\desktop.ini
2009-08-25 12:57:27 ----DC---- C:\Users\User\AppData\Roaming\ArcSoft
2009-08-25 12:55:54 ----DC---- C:\Program Files\Common Files\ArcSoft
2009-08-25 12:55:00 ----DC---- C:\Program Files\Kodak
2009-08-25 12:52:50 ----DC---- C:\Program Files\Common Files\Kodak
2009-08-25 12:51:30 ----DC---- C:\Program Files\Common Files\MSSoap
2009-08-25 09:31:05 ----AC---- C:\Windows\NeroDigital.ini
2009-08-24 22:21:48 ----DC---- C:\Users\User\AppData\Roaming\AVG8
2009-08-08 21:22:08 ----DC---- C:\Program Files\MarkAnyContentSAFER
2009-08-08 21:06:31 ----DC---- C:\Windows\system32\Samsung_USB_Drivers
2009-08-08 21:05:07 ----AC---- C:\Windows\system32\FsUsbExDevice.Dll
2009-08-08 21:05:07 ----A---- C:\Windows\system32\FsUsbExService.Exe
2009-08-08 21:03:52 ----DC---- C:\Users\User\AppData\Roaming\Samsung
2009-07-17 09:46:17 ----AC---- C:\Windows\ODBC.INI

======List of files/folders modified in the last 3 months======

2009-10-16 04:22:22 ----DC---- C:\Windows\Prefetch
2009-10-16 02:19:28 ----SHD---- C:\System Volume Information
2009-10-16 02:19:28 ----SHD---- \System Volume Information
2009-10-14 13:57:02 ----DC---- C:\Windows\System32
2009-10-14 13:57:02 ----DC---- C:\Windows\inf
2009-10-14 13:57:02 ----AC---- C:\Windows\system32\PerfStringBackup.INI
2009-10-14 13:46:29 ----SHDC---- C:\Windows\Installer
2009-10-14 13:46:29 ----DC---- C:\Config.Msi
2009-10-14 13:46:29 ----DC---- \Config.Msi
2009-10-14 13:46:12 ----AC---- C:\Windows\system32\deploytk.dll
2009-10-14 13:44:52 ----RDC---- C:\Program Files
2009-10-14 13:44:52 ----RDC---- \Program Files
2009-10-14 13:42:17 ----DC---- C:\Program Files\Common Files
2009-10-12 10:59:42 ----DC---- C:\Program Files\Windows Live
2009-10-12 10:58:52 ----D---- C:\Windows\winsxs
2009-10-12 10:47:51 ----DC---- C:\ProgramData
2009-10-12 10:47:51 ----DC---- \ProgramData
2009-10-10 14:19:37 ----HDC---- C:\Program Files\InstallShield Installation Information
2009-10-10 14:04:25 ----DC---- C:\Windows
2009-10-10 14:04:25 ----DC---- \Windows
2009-10-10 13:51:16 ----DC---- C:\Windows\system32\catroot
2009-10-10 04:21:03 ----DC---- C:\Program Files\Common Files\microsoft shared
2009-10-10 04:19:07 ----DC---- C:\Windows\system32\drivers
2009-10-10 04:17:57 ----DC---- C:\Windows\system32\catroot2
2009-10-10 04:13:10 ----DC---- C:\Windows\Debug
2009-10-09 14:39:28 ----SDC---- C:\Windows\Downloaded Program Files
2009-10-09 13:56:23 ----DC---- C:\Program Files\Google
2009-10-09 13:42:50 ----DC---- C:\Windows\Tasks
2009-10-09 13:39:53 ----DC---- C:\Program Files\Common Files\Adobe
2009-10-09 13:39:53 ----DC---- C:\Program Files\Adobe
2009-10-07 14:02:13 ----DC---- C:\Program Files\Common Files\Symantec Shared
2009-09-30 08:56:03 ----DC---- C:\Windows\system32\en-US
2009-09-29 10:44:50 ----AC---- C:\Windows\system.ini
2009-09-29 10:42:42 ----DC---- C:\Windows\AppPatch
2009-09-27 03:35:52 ----D---- C:\Windows\rescache
2009-09-27 03:18:45 ----DC---- C:\Program Files\Microsoft Silverlight
2009-09-27 03:17:14 ----DC---- C:\Windows\system32\migration
2009-09-27 03:17:14 ----DC---- C:\Program Files\Windows Mail
2009-09-27 03:17:13 ----DC---- C:\Program Files\Windows Media Player
2009-09-27 03:17:13 ----DC---- C:\Program Files\Internet Explorer
2009-09-27 03:09:35 ----DC---- C:\Windows\Microsoft.NET
2009-09-26 14:04:35 ----DC---- C:\Windows\system32\config
2009-09-25 04:12:07 ----DC---- C:\Windows\Logs
2009-09-20 16:52:03 ----DC---- C:\Windows\system32\Tasks
2009-09-16 09:00:17 ----DC---- C:\Windows\system32\DRVSTORE
2009-09-08 19:55:24 ----DC---- C:\Windows\Minidump
2009-08-28 14:38:22 ----AC---- C:\Windows\system32\mrt.exe
2009-08-25 12:55:00 ----DC---- C:\Windows\Help
2009-08-25 12:54:17 ----RSDC---- C:\Windows\assembly
2009-08-24 22:39:06 ----SDC---- C:\Users\User\AppData\Roaming\Microsoft
2009-07-17 09:47:23 ----RSDC---- C:\Windows\Fonts
2009-07-17 09:41:08 ----DC---- C:\Windows\system

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\D:\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-07-28 55656]
R2 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-02-06 55280]
R3 DM9102; CNet PRO200 PCI Fast Ethernet NT Driver ; C:\Windows\system32\DRIVERS\DM9PCI5.SYS [2002-10-29 33280]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-09-19 1959832]
R3 NVENETFD;NVIDIA nForce 10/100 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2008-08-01 1052704]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-02-18 7765504]
S1 Avgfwfd;AVG network filter service; C:\Windows\system32\DRIVERS\avgfwd6x.sys [2009-08-24 23832]
S3 2WIREPCP;2Wire USB; C:\Windows\system32\DRIVERS\2WirePCP.sys [2007-03-23 60768]
S3 BlueletAudio;Bluetooth Audio Service; C:\Windows\system32\DRIVERS\blueletaudio.sys []
S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\Windows\system32\DRIVERS\BlueletSCOAudio.sys []
S3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys []
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-21 19456]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-21 131584]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-21 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-21 36864]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2008-11-14 36608]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2008-07-22 15600]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-21 49664]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-21 8192]
S3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2008-03-31 51200]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 VComm;Virtual Serial port driver; C:\Windows\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:\Windows\System32\Drivers\VcommMgr.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; D:\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; D:\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 fsssvc;Windows Live Family Safety; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-02-18 207392]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S2 gupdate1c9a391f4bedba5;Google Update Service (gupdate1c9a391f4bedba5); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-13 133104]
S3 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe []
S3 NBService;NBService; D:\Program Files\Nero 7\Nero BackItUp\NBService.exe []
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]

-----------------EOF-----------------
Trigger
Regular Member
 
Posts: 55
Joined: September 16th, 2009, 7:05 am

Re: cant run hijackthis

Unread postby Trigger » October 16th, 2009, 2:45 am

info.txt logfile of random's system information tool 1.06 2009-10-16 04:25:41

======Uninstall list======

32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Avira AntiVir Personal - Free Antivirus-->D:\Avira\AntiVir Desktop\setup.exe /REMOVE
CCleaner (remove only)-->"e:\Program Files\CCleaner\uninst.exe"
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
DM9XInst-->c:\Program Files\DAVICOM\DM9XInst\uninst2k.exe {D9E09B07-6C95-11D5-AEBB-00606E910201} PCI\ Win2k
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore-->MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock-->MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt-->MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
e-tax 2009-->MsiExec.exe /X{0A8C7880-F199-4807-ABD4-6E695B71A3D7}
fflink-->MsiExec.exe /I{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3-->E:\Program Files\HP\Digital Imaging\{D77D43B5-ED55-426b-B67B-E21F804F6102}\setup\hpzscr01.exe -datfile hposcr27.dat -onestop
HP Imaging Device Functions 10.0-->E:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Smart Web Printing-->E:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Update-->MsiExec.exe /X{11B83AD3-7A46-4C2E-A568-9505981D4C6F}
Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
Kodak EasyShare software-->C:\ProgramData\Kodak\EasyShareSetup\$SETUP_140001_328bb14\Setup.exe /APR-REMOVE
Malwarebytes' Anti-Malware-->"e:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft IPsec Diagnostic Tool-->MsiExec.exe /X{931DCC98-DA00-4908-8356-FB822088E278}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.5.3)-->e:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
netbrdg-->MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OGA Notifier 1.7.0105.35.0-->MsiExec.exe /I{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x9 -removeonly
SAMSUNG Mobile Modem Driver Set-->C:\Windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software-->C:\Windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\Windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\Windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
skin0001-->MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
staticcr-->MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Windows Driver Package - 2Wire (2WIREPCP) Net (03/22/2007 2.0)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\2wirepcp.inf_2b7726ce\2wirepcp.inf
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Family Safety-->MsiExec.exe /X{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}
Windows Live Mail-->MsiExec.exe /I{63C1109E-D977-49ED-BCE3-D00D0BF187D6}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Photo Gallery-->MsiExec.exe /X{3C52E7DA-C431-4239-B66B-1BF703D5B194}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}

======Hosts File======

::1 localhost

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: User-PC
Event Code: 7031
Message: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Record Number: 84090
Source Name: Service Control Manager
Time Written: 20091015181840.000000-000
Event Type: Error
User:

Computer Name: User-PC
Event Code: 7031
Message: The Windows Live Family Safety service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
Record Number: 84091
Source Name: Service Control Manager
Time Written: 20091015181840.000000-000
Event Type: Error
User:

Computer Name: User-PC
Event Code: 15016
Message: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.
Record Number: 84122
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20091015182027.747324-000
Event Type: Error
User:

Computer Name: User-PC
Event Code: 7022
Message: The HP CUE DeviceDiscovery Service service hung on starting.
Record Number: 84188
Source Name: Service Control Manager
Time Written: 20091015182208.000000-000
Event Type: Error
User:

Computer Name: User-PC
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
Avgfwfd
BTHidMgr
Record Number: 84192
Source Name: Service Control Manager
Time Written: 20091015182208.000000-000
Event Type: Error
User:

=====Application event log=====

Computer Name: User-PC
Event Code: 64
Message: Certificate for local system with Thumbprint 4e 7c 54 42 2a 43 1a db de 20 36 77 0e b2 fa 58 fb 58 cd 44 is about to expire or already expired.
Record Number: 30394
Source Name: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Time Written: 20091015115119.000000-000
Event Type: Warning
User:

Computer Name: User-PC
Event Code: 11
Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Record Number: 30415
Source Name: Microsoft-Windows-CAPI2
Time Written: 20091015181911.000000-000
Event Type: Error
User:

Computer Name: User-PC
Event Code: 64
Message: Certificate for local system with Thumbprint 4e 7c 54 42 2a 43 1a db de 20 36 77 0e b2 fa 58 fb 58 cd 44 is about to expire or already expired.
Record Number: 30437
Source Name: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Time Written: 20091015182138.000000-000
Event Type: Warning
User:

Computer Name: User-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 30439
Source Name: Microsoft-Windows-WMI
Time Written: 20091015182208.000000-000
Event Type: Error
User:

Computer Name: User-PC
Event Code: 11
Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Record Number: 30442
Source Name: Microsoft-Windows-CAPI2
Time Written: 20091015182233.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: User-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 27072
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091015182540.009524-000
Event Type: Audit Failure
User:

Computer Name: User-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 27073
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091015182540.043524-000
Event Type: Audit Failure
User:

Computer Name: User-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 27074
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091015182540.076524-000
Event Type: Audit Failure
User:

Computer Name: User-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 27075
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091015182540.109524-000
Event Type: Audit Failure
User:

Computer Name: User-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 27076
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091015182540.142524-000
Event Type: Audit Failure
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Windows\Microsoft.NET\Framework\v2.0.50727;C:\Program Files\QuickTime\QTSystem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE

-----------------EOF-----------------
Trigger
Regular Member
 
Posts: 55
Joined: September 16th, 2009, 7:05 am

Re: cant run hijackthis

Unread postby Trigger » October 16th, 2009, 2:45 am

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=1ed0b52572007648903717759f8e5b94
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-10-16 05:20:56
# local_time=2009-10-16 03:20:56 (+1000, E. Australia Standard Time)
# country="United States"
# lang=9
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=1797 61 100 100 886969015247
# compatibility_mode=5889 61 66 100 547876766231841
# scanned=85404
# found=2
# cleaned=0
# scan_time=1569
E:\Downloads\gamingharbor_installer.exe a variant of Win32/Adware.DoubleD.AB application 00000000000000000000000000000000 I
E:\Downloads\setup.exe a variant of Win32/Kryptik.AKL trojan 00000000000000000000000000000000 I
Trigger
Regular Member
 
Posts: 55
Joined: September 16th, 2009, 7:05 am

Re: cant run hijackthis

Unread postby Wingman » October 17th, 2009, 11:50 am

Hello Trigger,

ESET showed 2 files that need to be removed. We'll remove them now using OTM. We'll also remove the entry that causes Java to look for updates, so hopefully your wife's Facebook issue will be resolved.

Please do not run any "fix" programs and/or remove any files unless instructed to do so, by me. I need to see what's present in order to properly diagnose the problem(s) and recommend corrective actions. Thanks.

Please read these instructions carefully before executing and then perform the steps, in the order given.
lf, you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem.

Step 1.
OTM
You should still have this program on your desktop... if so, please ignore the downlaod instructions.
  1. Please download OTM.exe...by Old Timer. Save it to your desktop.
  2. Right click on OTM.exe and select Run As Administrator to run it. If Windows UAC prompts, please allow it.
  3. Please copy and paste the text in the Code box below, into OTM (1).
    Please refer to the OTM screen image below, for reference.
    Warning: Do not type it out... errors could damage your machine.
    Code: Select all
    :Processes
    
    :Reg
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"=-
    
    :Files
    E:\Downloads\gamingharbor_installer.exe
    E:\Downloads\setup.exe 
    
    :Commands
    [EmptyTemp]
    [Reboot]


    Please refer to this image to use OTM.

    Image
  4. Click on MoveIt! (2)
  5. The end results of the processing will be in 2 places:
    • The Results window on the right side of the OTM screen.
    • A log (text) file created in "C:\_OTM\MovedFiles\mmddyyyy_hhmmss.log"
  6. Copy all the text from the Results window... Open Notepad, paste the OTM results into the Notepad file, save it on your desktop.
  7. Click Exit (3) when done.
  8. Please paste the entire content from the OTM (Results) window (Notepad file) or the OTM log file, in your next reply.
NOTE: If your computer did not automatically reboot... please reboot it (normally) now!

Step 2.
RegSearch ... by Bobbi Flekman © 2005-2007 ... Written by F. Staal
  1. Please download regsearch.zip and save it to your desktop.
  2. To unzip a zipped file, simply double-click the file, and Vista will open it like it would a folder, showing you the contents inside.
  3. Click the Extract all files... button, just above the file list.
    You’ll be asked to choose a location to store the files (the default is the same location that your current zipped file is).
  4. Please set the extract location = to your desktop. Make sure the Show extracted files when complete box is CHECKED.
  5. Click the Extract button.
  6. Right-click on regsearch.exe, select Run As Administrator, to run it.
  7. Copy and paste the following text (one at a time, one entry per line) into the "Enter search strings (case independent) and click OK..." section (red highlighted area in the screenshot below).
    Code: Select all
     Avgfwfd    
    avgfwd6x.sys
    
    Image

  8. Make sure all the check boxes in the "Search" section are checked (blue outlined section in the screenshot above).
  9. Click OK.
  10. When done, a text file will be created and automatically opened called: "RegSearch.txt".
    File can be found on your desktop or whatever folder RegSearch was extracted to originally.
Please copy and paste the contents of RegSearch.txt in your next reply.

Step 3.
Command Line Search
I need you to perform a file search on your computer... please follow these steps:
  1. Press the Start button ...then press Run.
      If you do not have the RUN command on your Vista Start Menu:
    • Click the Start Search box on the Start Menu.
  2. Copy/paste the following command into the text entry box.
    cmd /c dir C:\*.* /L /A /B /S|Find "tcpip.sys" >> "%userprofile%\desktop\fileloc.txt"
  3. Press the "OK"...button
  4. A file called "fileloc.txt" will appear on your Desktop. The command window will eventually close.
  5. Double click on this file... Notepad or Wordpad should open.
Please copy/paste the contents of the fileloc.txt file...in your next reply.

Step 4.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. OTM Results or OTM log file contents
  3. RegSearch.txt file contents.
  4. fileloc.txt file contents.
  5. How is the computer behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14115
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: cant run hijackthis

Unread postby Trigger » October 18th, 2009, 12:35 am

All processes killed
========== PROCESSES ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
========== FILES ==========
E:\Downloads\gamingharbor_installer.exe moved successfully.
E:\Downloads\setup.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: User
->Temp folder emptied: 36801689 bytes
->Temporary Internet Files folder emptied: 1956012 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 32012288 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 7208 bytes
RecycleBin emptied: 24576 bytes

Total Files Cleaned = 67.52 mb


OTM by OldTimer - Version 3.0.0.6 log created on 10182009_141030

Files moved on Reboot...

Registry entries deleted on Reboot...
Trigger
Regular Member
 
Posts: 55
Joined: September 16th, 2009, 7:05 am

Re: cant run hijackthis

Unread postby Trigger » October 18th, 2009, 12:37 am

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0

; Results at 10/18/2009 2:19:47 PM for strings:
; 'avgfwd6x.sys'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgfwfd]
; Contents of value:
; system32\DRIVERS\avgfwd6x.sys
"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
52,00,49,00,56,00,45,00,52,00,53,00,5c,00,61,00,76,00,67,00,66,00,77,00,64,\
00,36,00,78,00,2e,00,73,00,79,00,73,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Services\Avgfwfd]
; Contents of value:
; system32\DRIVERS\avgfwd6x.sys
"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
52,00,49,00,56,00,45,00,52,00,53,00,5c,00,61,00,76,00,67,00,66,00,77,00,64,\
00,36,00,78,00,2e,00,73,00,79,00,73,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avgfwfd]
; Contents of value:
; system32\DRIVERS\avgfwd6x.sys
"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
52,00,49,00,56,00,45,00,52,00,53,00,5c,00,61,00,76,00,67,00,66,00,77,00,64,\
00,36,00,78,00,2e,00,73,00,79,00,73,00,00,00

; End Of The Log...
Last edited by Trigger on October 18th, 2009, 12:46 am, edited 1 time in total.
Trigger
Regular Member
 
Posts: 55
Joined: September 16th, 2009, 7:05 am
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 24 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware