Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

My HiJackThis Log - first timer!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

My HiJackThis Log - first timer!

Unread postby bizmarkie » October 1st, 2009, 9:10 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:04:07 AM, on 10/1/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\AVG\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\AVG\avgui.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\AVG\avgscanx.exe
C:\Program Files\AVG\avgcsrvx.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\avgssie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\STacSV.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7822 bytes


I am concerned about malware after using c h annel surfing dot net. . I was having some slow internet speeds and then I also had windows tell me that my Anti virus program had been turned off. ..this just happened again this morning (of course I have not turned it off) I am using AVG Free. These are my only real symptoms. AVG and Windows Defender scans find nothing but Cookies. So maybe I'm ok, but the thing with Windows reporting that my AVG has been turned off is really weird.
bizmarkie
Active Member
 
Posts: 10
Joined: October 1st, 2009, 9:03 am
Advertisement
Register to Remove

Re: My HiJackThis Log - first timer!

Unread postby MWR 3 day Mod » October 5th, 2009, 1:02 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: My HiJackThis Log - first timer!

Unread postby Jack&Jill » October 8th, 2009, 10:23 am

Hello bizmarkie,

Welcome to Malware Removal. I am Jack&Jill, and I will be helping you out.

Before we go further, there are a few things that I would like to make clear so that we are share the same understanding.
  • Please observe and follow these Forum Rules.
  • As I am currently training at Malware Removal, it will take some time for me to go through your logs, please be patient with me.
  • Be assured that any recommendations to you will be done as soon as possible and will be approved by an expert.
  • Reply and keep only to this thread. If you have the same topic elsewhere, please inform me or the other forum so that either can be closed.
  • Any advice is for your computer only and is taken at your own risk. Fixes sometimes will cause unexpected results, but I will do my best to assist you.
  • If you have any doubts or problems during the fix, please stop and ask.
  • If you need to be away for a while during the fix, please let me know.
  • Lack of malware symptoms does not mean your computer is clean. Stick to this topic until I give the All Clear.
  • Do not use or run any tools without supervision as they may cause more harm if improperly used.
  • If you do not reply within 3 days, this topic will be closed.

If you are agreeable to the above, then everything should go smoothly :) . We may begin.
I am working on your log now and will be back the soonest.

At the mean time, please post an Uninstall list
  • Open HijackThis.
  • Go to Open the Misc Tools section by clicking on the box.
  • Under the Systems tools, look for Open Uninstall Manager and click on it.
  • Click Save list... and save the text file in a convenient location.
  • Copy and paste the Uninstall list contents in your reply.
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia

Re: My HiJackThis Log - first timer!

Unread postby bizmarkie » October 8th, 2009, 10:52 am

2009 World Book
Adobe Flash Player 10 ActiveX
Adobe Flash Player 9 ActiveX
Adobe Reader 8.1.4
Adobe Shockwave Player
Adobe Shockwave Player 11
AIM 6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 8.5
Bonjour
Broadcom 802.11 Wireless LAN Adapter
Choice Guard
Chuzzle Deluxe 1.01
CyberLink DVD Suite
CyberLink YouCam
CyberLink YouCam
Disney-Pixar WALL-E
DivX Codec
e-Sword
Handmark PDA Bible
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP Games
HP Help and Support
HP Photosmart Essential 2.5
HP Quick Launch Buttons 6.40 D1
HP QuickPlay 3.7
HP QuickTouch 1.00 D2
HP Smart Web Printing
HP Total Care Advisor
HP Update
HP User Guides 0102
HP Wireless Assistant
HPNetworkAssistant
HPTCSSetup
IDT Audio
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes
Java(TM) 6 Update 15
Java(TM) 6 Update 5
Junk Mail filter update
LabelPrint
Megaman X5
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Excel 97
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MS. PAC-MAN_Quest for the Golden Maze
MSVCRT
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 6.1
Palm Desktop
Power CD DVD Recovery 2.0
Power2Go
PowerDirector
ProtectSmart Hard Drive Protection
QuickPlay SlingPlayer 0.4.6
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek USB 2.0 Card Reader
Serif WebPlus 10
Serif WebPlus 10 Resources
Skype™ 4.0
Synaptics Pointing Device Driver
Tamagotchi
Typing Instructor Deluxe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Viewpoint Media Player
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Mail
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
WinRAR archiver
Xvid 1.2.2 final uninstall
bizmarkie
Active Member
 
Posts: 10
Joined: October 1st, 2009, 9:03 am

Re: My HiJackThis Log - first timer!

Unread postby Jack&Jill » October 9th, 2009, 2:45 am

Hello bizmarkie :),

For Windows Vista, please use right click and select Run as administrator instead of double click to run all the tools I ask you to, or they may not work properly.

Validate Windows
  • Please download MGADiag.exe from Microsoft and save it to a convenient location. Click here.
  • Double click on MGADiag.exe to run it.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in. Save this file and post it in your next reply.

Check for additional security risks
  • Please download CKScanner© by askey127 and save to your desktop. Click here.
  • Double click on CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File. You will be prompted, click OK.
  • Post the contents of ckfiles.txt in your reply, it is located on your desktop.

Please post back:
1. the MGADiag result
2. CKScanner log
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia

Re: My HiJackThis Log - first timer!

Unread postby bizmarkie » October 9th, 2009, 10:06 pm

1. Diagnostic Report (1.9.0011.0):
-----------------------------------------
WGA Data-->
Validation Status: Genuine
Validation Code: 0

Cached Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-27HYQ-XTKW2-WQD8Q
Windows Product Key Hash: U8YEZzymoD4DMyaMb32rPrNIS90=
Windows Product ID: 89578-OEM-7332157-00061
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.0.6002.2.00010300.2.0.003
ID: {1A24F621-8DF1-44BE-B87E-28E5A41D3879}(3)
Is Admin: Yes
TestCab: 0x0
WGA Version: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows Vista (TM) Home Premium
Architecture: 0x00000000
Build lab: 6002.lh_sp2rtm.090410-1830
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: 6.0.6002.16398

WGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{1A24F621-8DF1-44BE-B87E-28E5A41D3879}</UGUID><Version>1.9.0011.0</Version><OS>6.0.6002.2.00010300.2.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-WQD8Q</PKey><PID>89578-OEM-7332157-00061</PID><PIDType>2</PIDType><SID>S-1-5-21-3095822173-2910778775-913943578</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>HP Pavilion dv5 Notebook PC</Model></SYSTEM><BIOS><Manufacturer>Hewlett-Packard</Manufacturer><Version>F.0C</Version><SMBIOSVersion major="2" minor="4"/><Date>20080918000000.000000+000</Date></BIOS><HWID>6F303507018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-MPC</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.0.6002.18005
Name: Windows(TM) Vista, HomePremium edition
Description: Windows Operating System - Vista, OEM_SLP channel
Activation ID: bffdc375-bbd5-499d-8ef1-4f37b61c895f
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 89578-00146-321-500061-02-1033-6001.0000-3252008
Installation ID: 021283000456572525042496993291064692831381910880130044
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43473
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43474
Use License URL: http://go.microsoft.com/fwlink/?LinkID=43476
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43475
Partial Product Key: WQD8Q
License Status: Licensed

HWID Data-->
HWID Hash Current: MgAAAAEAAQABAAIAAQABAAAAAwABAAEAeqgOB45a5Fn+XWwICjHy9PRyCLvSCKxWKoU=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20000
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC HPQOEM SLIC-MPC
FACP HPQOEM SLIC-MPC
HPET HPQOEM SLIC-MPC
BOOT HPQOEM SLIC-MPC
MCFG HPQOEM SLIC-MPC
ASF! HPQOEM SLIC-MPC
SLIC HPQOEM SLIC-MPC
SSDT PmRef CpuPm


2.
CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\hp games\bejeweled 2 deluxe\wtmui_de\sounds\firecrackle.ogg
c:\program files\hp games\bejeweled 2 deluxe\wtmui_default\sounds\firecrackle.ogg
c:\program files\hp games\bejeweled 2 deluxe\wtmui_es\sounds\firecrackle.ogg
c:\program files\hp games\bejeweled 2 deluxe\wtmui_fr\sounds\firecrackle.ogg
c:\program files\hp games\bejeweled 2 deluxe\wtmui_it\sounds\firecrackle.ogg
c:\program files\hp games\blasterball 3\data\art\bitmaps\enemies\boss2_crack.jpg.wkz
c:\program files\hp games\bricks of camelot\audio\firecrack1.ogg
c:\program files\hp games\bricks of camelot\audio\firecrack2.ogg
c:\program files\hp games\bricks of camelot\audio\firecrack3.ogg
c:\program files\hp games\bricks of camelot\audio\firecrack4.ogg
c:\program files\hp games\luxor - quest for the afterlife\data\sound\fx\torch_crackling.ogg
scanner sequence 3.ZZ.11
----- EOF -----
bizmarkie
Active Member
 
Posts: 10
Joined: October 1st, 2009, 9:03 am

Re: My HiJackThis Log - first timer!

Unread postby Jack&Jill » October 11th, 2009, 9:45 am

Hello bizmarkie :),

For Windows Vista, please use right click and select Run as administrator instead of double click to run all the tools I ask you to, or they may not work properly.

Please download OTL© by OldTimer and save it to your desktop. Click here.
  • Double click on OTL.exe to run it.
  • Make sure all the Use SafeList options is checked (ticked). There are five of them.
  • Check Scan All Users.
  • Click on Run Scan at the top left hand corner. This might take a while.
  • When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply. One log per reply please.
    Note: These files are saved as OTL.txt and Extras.txt on the desktop.

Please download SysProt AntiRootkit© by swatkat and save it to your desktop. Click here.
  • Scroll down to the bottom of the page and click on SysProt.zip under the Attachments section to save the file.
  • Unzip it into a folder on your desktop and enter it, then double click on SysProt.exe to start the program.
  • Go to the Log tab and check (tick) all items listed in the Write to log box.
  • Check Hidden Objects Only at the bottom of the window too.
  • Click on the Create Log button on the bottom right.
  • After a few seconds a new window should appear. Select Scan root drive only and click Start.
  • When completed, you will be prompted showing the location of SysProtLog.txt, which is the same folder SysProt.exe was extracted to. Post the contents of the log in your reply.

Please post back:
1. the OTL logs (OTL.txt and Extras.txt)
2. SysProt result
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia

Re: My HiJackThis Log - first timer!

Unread postby bizmarkie » October 11th, 2009, 10:36 am

OTL logfile created on: 10/11/2009 9:03:33 AM - Run 1
OTL by OldTimer - Version 3.0.19.0 Folder = C:\Users\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.66 Gb Available Physical Memory | 82.92% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 46.86 Gb Free Space | 31.44% Space Free | Partition Type: NTFS
Drive D: | 6.48 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP1
Current User Name: Bubba
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/10/11 08:59:55 | 00,520,192 | ---- | M] (OldTimer Tools) -- C:\Users\Desktop\OTL.exe
PRC - [2009/10/03 10:30:00 | 02,023,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\avgtray.exe
PRC - [2009/09/21 16:36:12 | 00,305,440 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/09/21 16:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/08/23 08:37:02 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\avgrsx.exe
PRC - [2009/08/23 08:36:56 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\avgnsx.exe
PRC - [2009/08/23 08:36:50 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\avgwdsvc.exe
PRC - [2009/07/25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/07/17 22:12:12 | 00,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10c.exe
PRC - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/04/11 01:28:15 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exe
PRC - [2009/04/11 01:28:08 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/04/11 01:27:44 | 00,636,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/04/11 01:27:39 | 00,299,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieuser.exe
PRC - [2009/04/11 01:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2009/02/06 18:50:50 | 00,114,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Mail\wlmail.exe
PRC - [2009/02/06 17:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/06/18 12:10:36 | 00,256,536 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2008/06/18 12:10:30 | 00,145,944 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2008/06/18 12:10:20 | 00,170,520 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2008/04/24 01:52:06 | 00,112,008 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
PRC - [2008/04/24 01:51:58 | 00,292,232 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
PRC - [2008/04/24 01:51:14 | 00,468,264 | ---- | M] (CyberLink Corp.) -- C:\Program Files\HP\QuickPlay\QPService.exe
PRC - [2008/04/15 19:54:42 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2008/04/15 19:54:40 | 00,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/15 15:40:10 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
PRC - [2008/04/15 13:18:38 | 00,221,239 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\STacSV.exe
PRC - [2008/03/26 17:26:56 | 00,341,328 | ---- | M] () -- C:\Windows\SMINST\BLService.exe
PRC - [2008/03/18 18:24:58 | 00,019,456 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\Hpservice.exe
PRC - [2008/03/14 10:45:10 | 00,202,032 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
PRC - [2008/02/12 15:05:54 | 00,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe
PRC - [2008/02/07 13:23:34 | 00,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
PRC - [2008/01/25 20:05:30 | 00,148,832 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
PRC - [2008/01/20 21:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2008/01/20 21:25:33 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/20 21:23:32 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/18 06:31:32 | 00,095,528 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
PRC - [2008/01/18 06:31:22 | 01,033,512 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2007/11/20 09:44:58 | 00,488,752 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
PRC - [2007/11/01 20:42:38 | 00,554,288 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
PRC - [2007/09/26 08:34:40 | 00,316,720 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
PRC - [2007/05/16 12:43:04 | 00,677,432 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2007/05/11 03:06:38 | 00,341,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
PRC - [2007/01/09 04:25:00 | 00,272,024 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/09/21 16:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/08/23 08:36:50 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2009/06/05 19:07:28 | 00,250,616 | ---- | M] (WildTangent, Inc.) -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService [On_Demand | Stopped])
SRV - [2009/04/11 01:28:25 | 01,017,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])
SRV - [2009/03/29 23:42:14 | 00,066,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/02/18 13:39:20 | 00,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/02/18 13:38:43 | 00,129,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2009/02/18 13:38:42 | 00,879,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/04/24 01:52:06 | 00,112,008 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe -- (QPSched [Auto | Running])
SRV - [2008/04/24 01:51:58 | 00,292,232 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe -- (QPCapSvc [Auto | Running])
SRV - [2008/04/15 19:54:42 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON [Auto | Running])
SRV - [2008/04/15 15:40:10 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service [Auto | Running])
SRV - [2008/04/15 13:18:38 | 00,221,239 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\STacSV.exe -- (STacSV [Auto | Running])
SRV - [2008/03/26 17:26:56 | 00,341,328 | ---- | M] () -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows [Auto | Running])
SRV - [2008/03/18 18:24:58 | 00,019,456 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\Hpservice.exe -- (hpsrv [Auto | Running])
SRV - [2008/02/12 15:05:54 | 00,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe -- (AESTFilters [Auto | Running])
SRV - [2008/02/07 13:23:34 | 00,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe -- (Com4QLBEx [On_Demand | Running])
SRV - [2008/01/25 20:05:30 | 00,148,832 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex [On_Demand | Running])
SRV - [2008/01/20 21:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])
SRV - [2008/01/20 21:25:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2008/01/20 21:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2007/01/09 04:25:00 | 00,272,024 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo [Auto | Running])
SRV - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
SRV - [2006/11/02 07:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 07:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2009/08/28 19:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) -- C:\Windows\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2009/08/23 08:37:01 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/08/23 08:37:01 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/05/18 14:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) -- C:\Windows\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2009/05/02 08:39:55 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2008/09/27 03:18:05 | 01,207,288 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\DRIVERS\bcmwl6.sys -- (BCM43XX [On_Demand | Running])
DRV - [2008/09/27 03:18:05 | 01,207,288 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\DRIVERS\bcmwl6.sys -- (BCM43XV [On_Demand | Stopped])
DRV - [2008/06/12 13:43:16 | 02,381,312 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\igdkmd32.sys -- (igfx [On_Demand | Running])
DRV - [2008/06/04 12:54:22 | 00,113,664 | ---- | M] (Intel(R) Corporation) -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService [On_Demand | Running])
DRV - [2008/04/21 22:59:04 | 00,062,976 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTSTOR.SYS -- (RTSTOR [On_Demand | Running])
DRV - [2008/04/15 19:53:44 | 00,312,344 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor [Boot | Running])
DRV - [2008/04/15 13:19:54 | 00,378,368 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DRIVERS\stwrt.sys -- (STHDA [On_Demand | Running])
DRV - [2008/04/15 05:05:08 | 00,118,784 | ---- | M] (Realtek Corporation ) -- C:\Windows\System32\DRIVERS\Rtlh86.sys -- (RTL8169 [On_Demand | Running])
DRV - [2008/03/27 14:12:12 | 00,024,424 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt [Boot | Running])
DRV - [2008/03/27 14:11:34 | 00,034,664 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\DRIVERS\Accelerometer.sys -- (Accelerometer [On_Demand | Running])
DRV - [2008/01/24 08:23:12 | 00,052,736 | ---- | M] (ENE TECHNOLOGY INC.) -- C:\Windows\System32\DRIVERS\enecir.sys -- (enecir [On_Demand | Running])
DRV - [2008/01/20 21:23:27 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR [Boot | Running])
DRV - [2008/01/20 21:23:27 | 00,149,560 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Boot | Running])
DRV - [2008/01/20 21:23:27 | 00,031,288 | ---- | M] (LSI Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Boot | Running])
DRV - [2008/01/20 21:23:26 | 00,101,432 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Boot | Running])
DRV - [2008/01/20 21:23:26 | 00,074,808 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Boot | Running])
DRV - [2008/01/20 21:23:26 | 00,040,504 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Boot | Running])
DRV - [2008/01/20 21:23:25 | 00,300,600 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Boot | Running])
DRV - [2008/01/20 21:23:25 | 00,089,656 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Boot | Running])
DRV - [2008/01/20 21:23:24 | 01,122,360 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Boot | Running])
DRV - [2008/01/20 21:23:24 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
DRV - [2008/01/20 21:23:24 | 00,079,928 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Boot | Running])
DRV - [2008/01/20 21:23:23 | 00,654,336 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\VSTCNXT3.SYS -- (winachsf [On_Demand | Stopped])
DRV - [2008/01/20 21:23:23 | 00,235,064 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Boot | Running])
DRV - [2008/01/20 21:23:23 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Boot | Running])
DRV - [2008/01/20 21:23:23 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Boot | Running])
DRV - [2008/01/20 21:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Boot | Running])
DRV - [2008/01/20 21:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Boot | Running])
DRV - [2008/01/20 21:23:23 | 00,079,416 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Boot | Running])
DRV - [2008/01/20 21:23:22 | 00,987,648 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\VSTDPV3.SYS -- (HSF_DPV [On_Demand | Stopped])
DRV - [2008/01/20 21:23:22 | 00,342,584 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Boot | Running])
DRV - [2008/01/20 21:23:22 | 00,200,704 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\VSTAZL3.SYS -- (HSFHWAZL [On_Demand | Stopped])
DRV - [2008/01/20 21:23:21 | 00,422,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Boot | Running])
DRV - [2008/01/20 21:23:21 | 00,102,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Boot | Running])
DRV - [2008/01/20 21:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Boot | Running])
DRV - [2008/01/20 21:23:20 | 00,238,648 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Boot | Running])
DRV - [2008/01/20 21:23:00 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Boot | Running])
DRV - [2008/01/20 21:23:00 | 00,019,000 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Boot | Running])
DRV - [2008/01/20 21:23:00 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Boot | Running])
DRV - [2008/01/18 06:31:26 | 00,196,784 | ---- | M] (Synaptics, Inc.) -- C:\Windows\System32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2007/07/11 12:30:22 | 00,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Windows\System32\DRIVERS\HpqRemHid.sys -- (HpqRemHid [On_Demand | Stopped])
DRV - [2007/06/18 19:12:04 | 00,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Windows\System32\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr [On_Demand | Running])
DRV - [2006/11/02 04:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Boot | Running])
DRV - [2006/11/02 04:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Boot | Running])
DRV - [2006/11/02 04:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Boot | Running])
DRV - [2006/11/02 04:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Boot | Running])
DRV - [2006/11/02 04:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Boot | Running])
DRV - [2006/11/02 04:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Boot | Running])
DRV - [2006/11/02 04:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Boot | Running])
DRV - [2006/11/02 04:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Boot | Running])
DRV - [2006/11/02 04:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Boot | Running])
DRV - [2006/11/02 04:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Boot | Running])
DRV - [2006/11/02 04:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Boot | Running])
DRV - [2006/11/02 03:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [On_Demand | Stopped])
DRV - [2006/11/02 03:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])
DRV - [2006/11/02 03:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])
DRV - [2006/11/02 03:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])
DRV - [2006/11/02 03:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [On_Demand | Stopped])
DRV - [2006/11/02 03:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [On_Demand | Stopped])
DRV - [2006/11/02 02:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [On_Demand | Stopped])
DRV - [2006/11/02 02:30:56 | 00,429,056 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\DRIVERS\nvm60x32.sys -- (NVENETFD [On_Demand | Stopped])
DRV - [2006/11/02 01:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
DRV - [2004/04/13 18:03:46 | 00,016,509 | ---- | M] (Palm, Inc.) -- C:\Windows\System32\drivers\PalmUSBD.sys -- (PalmUSBD [On_Demand | Stopped])
DRV - [2003/10/17 21:33:56 | 00,014,848 | ---- | M] (JEILIN Technology Corp.) -- C:\Windows\System32\jl2005.ax -- (JL2005 [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3095822173-2910778775-913943578-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
IE - HKU\S-1-5-21-3095822173-2910778775-913943578-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-3095822173-2910778775-913943578-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-3095822173-2910778775-913943578-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-3095822173-2910778775-913943578-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3095822173-2910778775-913943578-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3095822173-2910778775-913943578-1000\S-1-5-21-3095822173-2910778775-913943578-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3095822173-2910778775-913943578-1000\S-1-5-21-3095822173-2910778775-913943578-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/11 14:16:19 | 00,000,000 | ---D | M]


O1 HOSTS File: (736 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKU\S-1-5-21-3095822173-2910778775-913943578-1000\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-21-3095822173-2910778775-913943578-1000..\Run: [Aim6] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-3095822173-2910778775-913943578-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/01 03:13:15 | 00,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/09/15 10:08:01 | 00,000,000 | ---D | C] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/09/26 11:46:26 | 00,000,000 | ---D | C] -- C:\ProgramData\Arcade Lab
[2009/10/01 14:09:57 | 00,000,000 | ---D | C] -- C:\ProgramData\NarwhalGames
[2009/10/09 20:58:53 | 00,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2009/09/16 17:30:26 | 00,000,000 | ---D | C] -- C:\Users\Bubba\AppData\Roaming\DNA Digital Media Group
[2009/10/01 14:46:06 | 00,000,000 | ---D | C] -- C:\Users\Bubba\AppData\Local\Oberon Games
[2009/09/29 11:14:32 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/09/29 11:14:30 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/09/15 10:06:43 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/09/16 17:30:25 | 00,000,000 | ---D | C] -- C:\Program Files\Tamagotchi
[2009/10/01 07:49:05 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/10/11 08:59:44 | 00,520,192 | ---- | C] (OldTimer Tools) -- C:\Users\Bubba\Desktop\OTL.exe
[2009/10/09 21:00:21 | 00,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2009/10/02 11:01:04 | 00,195,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2009/10/02 07:52:13 | 02,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2009/10/02 07:52:13 | 01,929,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuaueng.dll
[2009/10/02 07:52:13 | 00,053,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
[2009/10/02 07:52:13 | 00,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2009/10/02 07:51:51 | 00,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2009/10/02 07:51:51 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2009/10/02 07:51:51 | 00,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2009/10/02 07:51:43 | 00,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2009/10/02 07:51:43 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2009/10/01 07:48:26 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\Bubba\Desktop\HJTInstall.exe
[2009/09/15 10:08:43 | 00,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2009/09/15 10:08:43 | 00,026,600 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys
[2009/09/12 10:32:02 | 00,000,000 | ---D | C] -- C:\Users\Bubba\Documents\sermon

========== Files - Modified Within 30 Days ==========

[2009/10/11 09:00:12 | 00,354,396 | ---- | M] () -- C:\Users\Bubba\Desktop\SysProt.zip
[2009/10/11 08:59:55 | 00,520,192 | ---- | M] (OldTimer Tools) -- C:\Users\Bubba\Desktop\OTL.exe
[2009/10/11 08:35:19 | 42,673,000 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/10/11 07:39:13 | 00,000,284 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2009/10/11 07:37:14 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/10/11 07:37:14 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/10/11 07:37:07 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/10/11 07:37:03 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/10/11 07:36:55 | 31,490,90816 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/09 22:55:52 | 03,390,598 | -H-- | M] () -- C:\Users\Bubba\AppData\Local\IconCache.db
[2009/10/09 22:12:25 | 00,023,211 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/10/09 21:01:55 | 00,440,832 | ---- | M] () -- C:\Users\Bubba\Desktop\CKScanner.exe
[2009/10/05 09:21:43 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/10/05 09:21:43 | 00,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/10/05 09:21:43 | 00,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/10/01 10:29:14 | 00,195,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2009/10/01 07:49:07 | 00,001,874 | ---- | M] () -- C:\Users\Bubba\Desktop\HijackThis.lnk
[2009/10/01 07:48:29 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\Bubba\Desktop\HJTInstall.exe
[2009/09/30 22:21:23 | 00,492,629 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/09/29 11:15:06 | 00,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/09/26 22:50:00 | 00,068,096 | ---- | M] () -- C:\Users\Bubba\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/25 22:49:51 | 00,001,545 | ---- | M] () -- C:\Users\Bubba\Documents\Emma Letter.rtf
[2009/09/16 17:30:27 | 00,000,838 | ---- | M] () -- C:\Users\Bubba\Desktop\Tamagotchi.lnk
[2009/09/14 22:41:11 | 00,000,368 | ---- | M] () -- C:\Users\Bubba\Documents\willow thistledown.rtf
[2009/09/12 10:30:12 | 00,993,330 | ---- | M] () -- C:\Users\Bubba\Documents\data.zip
[2009/09/11 11:26:52 | 19,421,1590 | ---- | M] () -- C:\Users\Bubba\Documents\it was never about the audience.zip

========== Files - No Company Name ==========
[2009/10/11 09:00:10 | 00,354,396 | ---- | C] () -- C:\Users\Bubba\Desktop\SysProt.zip
[2009/10/09 21:01:52 | 00,440,832 | ---- | C] () -- C:\Users\Bubba\Desktop\CKScanner.exe
[2009/10/01 07:49:07 | 00,001,874 | ---- | C] () -- C:\Users\Bubba\Desktop\HijackThis.lnk
[2009/09/29 11:15:06 | 00,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/09/16 17:30:27 | 00,000,838 | ---- | C] () -- C:\Users\Bubba\Desktop\Tamagotchi.lnk
[2009/09/14 22:41:11 | 00,000,368 | ---- | C] () -- C:\Users\Bubba\Documents\willow thistledown.rtf
[2009/09/12 10:30:11 | 00,993,330 | ---- | C] () -- C:\Users\Bubba\Documents\data.zip
[2009/09/11 11:22:11 | 19,421,1590 | ---- | C] () -- C:\Users\Bubba\Documents\it was never about the audience.zip
[2009/08/06 13:06:48 | 00,059,904 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2009/08/05 14:25:02 | 00,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/08/05 14:25:02 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/07/25 19:27:20 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/05/09 09:51:20 | 00,000,320 | ---- | C] () -- C:\ProgramData\high.txt
[2008/12/12 23:21:38 | 00,000,680 | ---- | C] () -- C:\Users\Bubba\AppData\Local\d3d9caps.dat
[2008/11/22 11:56:28 | 00,068,096 | ---- | C] () -- C:\Users\Bubba\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/20 14:17:29 | 03,390,598 | -H-- | C] () -- C:\Users\Bubba\AppData\Local\IconCache.db
[2008/11/20 12:42:23 | 00,000,000 | ---- | C] () -- C:\Users\Bubba\AppData\Local\QSwitch.txt
[2008/11/20 12:42:23 | 00,000,000 | ---- | C] () -- C:\Users\Bubba\AppData\Local\DSwitch.txt
[2008/11/20 12:42:23 | 00,000,000 | ---- | C] () -- C:\Users\Bubba\AppData\Local\AtStart.txt
[2008/11/20 12:36:18 | 00,106,768 | ---- | C] () -- C:\Users\Bubba\AppData\Local\GDIPFONTCACHEV1.DAT
[2008/09/19 16:57:34 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/09/19 16:54:18 | 00,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/07/01 03:28:04 | 00,000,372 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/06/12 13:59:22 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008/06/04 12:54:12 | 00,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2006/11/02 07:50:50 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 07:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 05:23:31 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 02:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 04:58:00 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[1996/12/04 01:00:00 | 00,022,016 | ---- | C] () -- C:\Windows\System32\DOCOBJ.DLL
[1996/12/04 01:00:00 | 00,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL
< End of report >
bizmarkie
Active Member
 
Posts: 10
Joined: October 1st, 2009, 9:03 am

Re: My HiJackThis Log - first timer!

Unread postby bizmarkie » October 11th, 2009, 10:38 am

OTL Extras logfile created on: 10/11/2009 9:03:34 AM - Run 1
OTL by OldTimer - Version 3.0.19.0 Folder = C:\Users\Bubba\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.66 Gb Available Physical Memory | 82.92% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 46.86 Gb Free Space | 31.44% Space Free | Partition Type: NTFS
Drive D: | 6.48 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP1
Current User Name: Bubba
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{293660DE-BA92-46E3-83F7-4A82C450A9FB}" = lport=138 | protocol=17 | dir=in | app=system |
"{58242417-531B-4B0A-907E-88495872177C}" = rport=445 | protocol=6 | dir=out | app=system |
"{5B72DA99-8E31-4FCA-A7FE-84A1AFA03371}" = lport=139 | protocol=6 | dir=in | app=system |
"{67DAAA10-264F-4EF1-8CF9-EC8B0E77137C}" = rport=137 | protocol=17 | dir=out | app=system |
"{791F9D53-1127-4585-A482-6ED1AC804901}" = rport=138 | protocol=17 | dir=out | app=system |
"{7DA2272D-2B9B-4E46-B12C-8BCE03E1DD82}" = lport=445 | protocol=6 | dir=in | app=system |
"{A056B0D0-E63F-4B46-BD3D-4C721DB240EF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C425D264-3F04-4DC6-B8A5-A0B27297B2D7}" = rport=139 | protocol=6 | dir=out | app=system |
"{E02FC2F3-6944-45AF-BEEA-E6CB1251E52B}" = lport=137 | protocol=17 | dir=in | app=system |
"{E2F0C400-A1F0-4C89-A2AE-29E3EBC409F7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03C56AAE-2B88-4EA5-8FC2-0351D81F5019}" = dir=in | app=c:\program files\avg\avgnsx.exe |
"{0C7332FC-1AA1-4206-ACBE-F204306BC69D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0DC6FC56-E661-4877-BB7D-0D305A24A12A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{140DFCDC-D6BD-4B7C-8EB3-E2D8FC05D822}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{15DB0D0A-5298-48C6-9EA2-AC18F9393AD7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{209194E6-DCD9-4B10-9A11-209D2CBF680C}" = dir=in | app=c:\program files\avg\avgupd.exe |
"{282D2C7C-C292-42CE-BDD2-9DED70030065}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{2AB47D8F-F62C-47F3-993D-74B2E99E30C7}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{3AC542FE-C117-484C-9636-DF274F990F08}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{46425238-3958-4CBB-B800-4417C78030BB}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{508163DE-DE2A-41CF-90A2-ABD02F029944}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5C2B24D1-E1A2-49E6-8BA8-A1C919EA95CB}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{719C2F9F-6B80-484A-9B97-0AF153993257}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{979FECE1-56E3-48E1-BB50-084EF24CAF9C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AD7A971F-3FB1-4890-BB5C-4267890BBEEB}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{AEFCD7BD-EFDC-4250-ADEB-55539693D5F0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D9D46152-6F11-472C-87ED-198FB57AA091}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{E0321F69-0217-46DB-99E1-85C01A57B4B3}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{F94DF015-B144-4908-8EEB-8F94B8BF3897}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F97D061F-E98E-44B8-AFDA-ABD13335D1C9}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{FDB97E8C-09C8-4474-869A-3F0248DDF2D2}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"TCP Query User{362E8572-D81A-44B8-85D7-D1AEE29BC66C}C:\users\bubba\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\bubba\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{61950AEB-E31A-4DF8-962B-0606894D136C}C:\users\bubba\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\bubba\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{A82E1E44-E7BA-48BB-A096-B9D3E1B77E37}C:\program files\palm\hotsync.exe" = protocol=6 | dir=in | app=c:\program files\palm\hotsync.exe |
"TCP Query User{B194A901-50B8-4372-869B-103A92CDD32B}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"TCP Query User{D90A22FB-70F1-4374-A6D4-3496E59E133E}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{25F6A45F-8F24-4FD7-8278-74722A76BD82}C:\program files\palm\hotsync.exe" = protocol=17 | dir=in | app=c:\program files\palm\hotsync.exe |
"UDP Query User{356FDBEA-CE08-4CE5-9895-F9434C44F5D1}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{79F992B9-23C0-4B76-B40E-1562D886701A}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"UDP Query User{7A1A73E4-39A0-4EF3-B606-AAC67E030ABE}C:\users\bubba\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\bubba\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{B8A60BEA-0663-45B0-A860-C5008862505C}C:\users\bubba\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\bubba\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 15
"{28C3E5E6-5ACA-408D-9A46-089C5334EC97}" = HP Help and Support
"{30DAA715-5032-40F9-A0AE-95C9AEBB3E3F}" = HP QuickTouch 1.00 D2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D1
"{35F83303-C0C0-46B7-B8A8-ADA7C2AC5645}" = muvee autoProducer 6.1
"{380357CA-29F4-4B3C-B401-32C057E6B59B}" = HP Smart Web Printing
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.7
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{601396A6-9CDF-4099-8FCE-76DE38E284A0}" = 2009 World Book
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{685A56F8-75B6-44AD-B3DA-FB0A3266B47C}" = Adobe Flash Player 9 ActiveX
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81B1E96C-AA1A-4BCD-9261-0389F1E2A2FA}" = e-Sword
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C0DF485-DB3E-453C-BFB3-4C47E636ECF9}" = Serif WebPlus 10
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A5CE7175-080D-49AC-B5A3-E7E3502428F5}" = HP Wireless Assistant
"{A869A1DA-9571-4287-B170-4A7246994C84}" = Serif WebPlus 10 Resources
"{AAD72731-807A-4B79-AE05-9190B7002B7B}" = ProtectSmart Hard Drive Protection
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B94C6815-7BCC-4124-AC39-9208A06FFFA7}" = Disney-Pixar WALL-E
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BBBDA3FF-9F8D-4B0C-9214-0F6224D43111}" = Megaman X5
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{d8fea624-4f2c-432d-9a54-6eee9cd1a77e}" = Microsoft Visual C++ 2005 Redistributable
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E89D78B8-28F7-412F-8B26-C684739CBBDC}" = Palm Desktop
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F48098CD-2D66-4861-85EC-DC1D4D09D5F9}" = HP User Guides 0102
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AIM_6" = AIM 6
"AVG8Uninstall" = AVG 8.5
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Chuzzle Deluxe 1.01" = Chuzzle Deluxe 1.01
"Excel" = Microsoft Excel 97
"Handmark PDA Bible" = Handmark PDA Bible
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MS. PAC-MAN_Quest for the Golden Maze" = MS. PAC-MAN_Quest for the Golden Maze
"Power CD DVD Recovery_is1" = Power CD DVD Recovery 2.0
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tamagotchi" = Tamagotchi
"Typing Instructor Deluxe" = Typing Instructor Deluxe
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3095822173-2910778775-913943578-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/4/2009 9:00:37 AM | Computer Name = LAPTOP1 | Source = WinMgmt | ID = 10
Description =

Error - 10/5/2009 8:54:08 AM | Computer Name = LAPTOP1 | Source = WinMgmt | ID = 10
Description =

Error - 10/5/2009 11:50:33 AM | Computer Name = LAPTOP1 | Source = Application Error | ID = 1000
Description = Faulting application wb09d2se.exe, version 9.0.0.55, time stamp 0x49146899,
faulting module QuickTime.qts, version 7.64.17.73, time stamp 0x4aa21f2b, exception
code 0xc0000005, fault offset 0x001c7db9, process id 0x141c, application start time
0x01ca45c85f2e5d56.

Error - 10/6/2009 8:06:11 AM | Computer Name = LAPTOP1 | Source = WinMgmt | ID = 10
Description =

Error - 10/7/2009 8:16:03 AM | Computer Name = LAPTOP1 | Source = WinMgmt | ID = 10
Description =

Error - 10/7/2009 9:50:07 AM | Computer Name = LAPTOP1 | Source = VSS | ID = 8194
Description =

Error - 10/8/2009 8:06:16 AM | Computer Name = LAPTOP1 | Source = WinMgmt | ID = 10
Description =

Error - 10/9/2009 3:09:35 PM | Computer Name = LAPTOP1 | Source = WinMgmt | ID = 10
Description =

Error - 10/10/2009 10:25:11 AM | Computer Name = LAPTOP1 | Source = WinMgmt | ID = 10
Description =

Error - 10/10/2009 2:40:37 PM | Computer Name = LAPTOP1 | Source = Application Error | ID = 1000
Description = Faulting application waterbugs-WT.exe, version 2.2.0.65, time stamp
0x49ee7547, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821,
exception code 0xc0000005, fault offset 0x0003e13d, process id 0x1360, application
start time 0x01ca49d90fef7e3b.

[ System Events ]
Error - 5/21/2009 10:35:42 AM | Computer Name = LAPTOP1 | Source = Service Control Manager | ID = 7000
Description =

Error - 5/21/2009 10:35:42 AM | Computer Name = LAPTOP1 | Source = Service Control Manager | ID = 7022
Description =

Error - 5/22/2009 8:27:51 AM | Computer Name = LAPTOP1 | Source = HTTP | ID = 15016
Description =

Error - 5/22/2009 8:29:21 AM | Computer Name = LAPTOP1 | Source = Service Control Manager | ID = 7000
Description =

Error - 5/22/2009 8:29:21 AM | Computer Name = LAPTOP1 | Source = Service Control Manager | ID = 7022
Description =

Error - 5/23/2009 8:09:49 AM | Computer Name = LAPTOP1 | Source = HTTP | ID = 15016
Description =

Error - 5/23/2009 8:11:21 AM | Computer Name = LAPTOP1 | Source = Service Control Manager | ID = 7000
Description =

Error - 5/23/2009 8:11:21 AM | Computer Name = LAPTOP1 | Source = Service Control Manager | ID = 7022
Description =

Error - 5/23/2009 8:11:21 AM | Computer Name = LAPTOP1 | Source = Service Control Manager | ID = 7022
Description =

Error - 5/23/2009 7:34:37 PM | Computer Name = LAPTOP1 | Source = Service Control Manager | ID = 7011
Description =


< End of report >
bizmarkie
Active Member
 
Posts: 10
Joined: October 1st, 2009, 9:03 am

Re: My HiJackThis Log - first timer!

Unread postby bizmarkie » October 11th, 2009, 10:39 am

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_iaStor.sys
Service Name: ---
Module Base: 8E800000
Module End: 8E8CE000
Hidden: Yes

******************************************************************************************
******************************************************************************************
No SSDT Hooks found

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No IRP Hooks found

******************************************************************************************
******************************************************************************************
Ports:
Local Address: LAPTOP1:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: LAPTOP1:49157
Remote Address: LOCALHOST:27015
Type: TCP
Process: C:\Program Files\iTunes\iTunesHelper.exe
State: ESTABLISHED

Local Address: LAPTOP1:27015
Remote Address: LOCALHOST:49157
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
State: ESTABLISHED

Local Address: LAPTOP1:27015
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
State: LISTENING

Local Address: LAPTOP1:18080
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\AVG\avgnsx.exe
State: LISTENING

Local Address: LAPTOP1:13128
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\AVG\avgnsx.exe
State: LISTENING

Local Address: LAPTOP1:10080
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\AVG\avgnsx.exe
State: LISTENING

Local Address: LAPTOP1:5354
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: LISTENING

Local Address: LAPTOP1:49156
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\services.exe
State: LISTENING

Local Address: LAPTOP1:49155
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\lsass.exe
State: LISTENING

Local Address: LAPTOP1:49154
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: LAPTOP1:49153
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: LAPTOP1:49152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\wininit.exe
State: LISTENING

Local Address: LAPTOP1:5357
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: LAPTOP1:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: LAPTOP1:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: LAPTOP1:50521
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: LAPTOP1:5353
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: LAPTOP1:SSDP
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: LAPTOP1:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: LAPTOP1:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: LAPTOP1:60336
Remote Address: NA
Type: UDP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: NA

Local Address: LAPTOP1:53682
Remote Address: NA
Type: UDP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: NA

Local Address: LAPTOP1:50524
Remote Address: NA
Type: UDP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: NA

Local Address: LAPTOP1:50523
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: LAPTOP1:50522
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: LAPTOP1:SSDP
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: LAPTOP1:58236
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: LAPTOP1:57315
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: LAPTOP1:49152
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: LAPTOP1:LLMNR
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: LAPTOP1:IPSEC-MSFT
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: LAPTOP1:UPNP-DISCOVERY
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: LAPTOP1:UPNP-DISCOVERY
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: LAPTOP1:500
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: LAPTOP1:123
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: C:\System Volume Information\SPP
Status: Access denied

Object: C:\System Volume Information\SystemRestore
Status: Access denied

Object: C:\System Volume Information\tracking.log
Status: Access denied

Object: C:\System Volume Information\{028da10a-b507-11de-81ef-00238b158e46}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{153eda67-adc0-11de-917e-00238b158e46}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{18880a28-b031-11de-8cfe-00238b158e46}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{18880a39-b031-11de-8cfe-00238b158e46}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{5055b9dc-ae87-11de-9a91-00238b158e46}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{5de64aa4-b270-11de-8869-00238b158e46}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{71fe1786-b5a8-11de-aca2-00238b158e46}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{7ba73266-af51-11de-a027-00238b158e46}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{7ba732d6-af51-11de-a027-00238b158e46}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{b5b71c86-b402-11de-ab91-00238b158e46}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{b5b71c8a-b402-11de-ab91-00238b158e46}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{e6524880-b1ad-11de-807b-00238b158e46}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{e92e7405-b33a-11de-83ed-00238b158e46}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl
Status: Access denied
bizmarkie
Active Member
 
Posts: 10
Joined: October 1st, 2009, 9:03 am

Re: My HiJackThis Log - first timer!

Unread postby Jack&Jill » October 13th, 2009, 6:19 am

Hello bizmarkie :),

No signs of malware so far. A bit more and we are done.

I see that you have Viewpoint and/or its components installed on your system. Viewpoint is not malware but considered as foistware since it is installed without consent. For this reason, I recommend you to remove it.

To uninstall Viewpoint
  • Click Start, and then click Control Panel.
  • In Control Panel, double click Add or Remove Programs.
  • In Add or Remove Programs, highlight Viewpoint and its components, click Remove.
  • Close the Add or Remove Programs and the Control Panel windows.

Your Adobe Reader is outdated. Older versions have security vulnerabilities that can be exploited.

Please update your Adobe Reader to the latest.
It is important that you uninstall any previous versions by using Add/Remove Programs in your Control Panel before installing a newer version. Please uninstall:

Adobe Reader 8.1.4

  • Go to the Adobe download page. Click here.
  • If your OS is not the same as stated, click on Different language or operating system? link, or you can click Download if it is and jump to the last step below.
  • Choose an OS by clicking on Select an OS... box and change the language if you want by clicking English below Select a language title.
  • Press Continue.
  • Click the Download now button and save the file to a convenient location after selecting the latest version. Allow if prompted.
  • Run the downloaded file to continue with the installation.

Your Java Runtime Environment is outdated. Older versions have security vulnerabilities that can be exploited.

Please update JRE to the latest.
It is important that you uninstall any previous versions by using Add/Remove Programs in your Control Panel before installing a newer version. Please uninstall:

Java(TM) 6 Update 15
Java(TM) 6 Update 5


  • Go to the Java SE download page. Click here.
  • Look for Java SE Runtime Environment (JRE) 6 Update 16. Click the Download button to the right.
  • Select Windows from the drop-down list for Platform.
  • Check I agree to the Java SE Runtime Environment 6u16 with JavaFX 1 License Agreement after reading it, and click Continue. The page will refresh.
  • Under the Windows Offline Installation title, click on the link which says jre-6u16-windows-i586.exe and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then, from your desktop, double-click on the download to install the newest version. Reboot your computer.

You may also remove Adobe Flash Player 9 ActiveX using Add/Remove Programs in your Control Panel and download the latest from here.

We need to disable Windows Defender real-time protection temporarily as it will interfere with the fix.
  • Go to Start > All Programs > Windows Defender.
  • Click on Tools at the top.
  • Under Settings, click on Options.
  • Under Automatic scanning, uncheck (untick) Automatically scan my computer (recommended) box.
  • Under Real-time protection options, uncheck Use real-time protection (recommended) box. Scroll down if you do not see it.
  • Click on the Save button at the bottom right hand corner and close the window.
Remember to enable it after the fix.

Fix with OTL
  • Double click on OTL.exe to run it.
  • Copy and paste the following text into the white box below Custom Scans/Fixes:
    Code: Select all
    :otl
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O3 - HKU\S-1-5-21-3095822173-2910778775-913943578-1000\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
  • Click Run Fix.
  • Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.
  • Enable back your security softwares as soon as you completed the OTL fix steps.

Please download ATF (Atribune Temp File) Cleaner© by Atribune from one of the links below and save it to your desktop.

Link 1
Link 2
Link 3

Run ATF Cleaner
  • Double-click ATF Cleaner.exe to open it.
  • Click Run if prompted.
  • At the bottom of the list, check (tick) Select All.
  • Note: If you would like to keep your cookies, please uncheck this option as it will remove all cookies, including the useful ones you may want to keep.
  • Then click the Empty Selected button.
  • Firefox:
    • Click Firefox at the top and choose: Select All. Uncheck the cookies option if you want to keep them.
    • Click the Empty Selected button.
    • Note: If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.

Do an online scan with ESET Online Scanner.
Please be patient as scanning will take quite some time. If you have problem running the scan, you might want to disable any real time protection that you have.
  • Click here to go to ESET Online Scanner page.
  • Click on ESET Online Scanner. A new window will open.
    For FireFox user, you will need to download and install esetsmartinstaller_enu.exe. Click on it and save the file to a convenient location. Double click on it to install and a new window will open.
  • After reading through the Terms of Use, check YES, I accept the Terms of Use and click Start to begin scan.
  • You will be prompted to install an ActiveX Control from ESET. Please install.
  • At the Computer scan settings section, uncheck (untick) Remove found threats and then check Scan archives.
  • Now, click on Advanced settings and make sure all these are checked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click on Scan to proceed.
  • Click Finish and close the window.
  • Navigate to C:\Program Files\ESET\ESET Online Scanner using Windows Explorer and look for log.txt.
  • Post the contents of log.txt in your reply.

Please post back:
1. OTL fix log
2. ESET online scan result
3. new HijackThis log
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia

Re: My HiJackThis Log - first timer!

Unread postby bizmarkie » October 14th, 2009, 7:31 pm

The ESET online scan would not run. I agreed to the terms and clicked on Start. . . a new window opened, but it was blank with a tiny white rectangle containing a red X in the top left corner. Here are the other logs you requested. I uninstalled/installed all the things you instructed in your last post.

1)
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_USERS\S-1-5-21-3095822173-2910778775-913943578-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.

OTL by OldTimer - Version 3.0.19.0 log created on 10142009_182112

2)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:28:49 PM, on 10/14/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\AVG\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\notepad.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\avgssie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\STacSV.exe

--
End of file - 7894 bytes
bizmarkie
Active Member
 
Posts: 10
Joined: October 1st, 2009, 9:03 am

Re: My HiJackThis Log - first timer!

Unread postby Jack&Jill » October 16th, 2009, 9:33 pm

Hello bizmarkie :),

For Windows Vista, please use right click and select Run as administrator instead of double click to run all the tools I ask you to, or they may not work properly.

Please download Malwarebytes' Anti-Malware (MBAM)© from Malwarebytes and save it to your desktop. Click here.

Run MBAM
  • Double click on mbam-setup.exe and follow the prompts to install the program.
  • At the end of installation, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • MBAM will now check for updates. If your firewall prompts, please allow it. If you can't update it, select the Update tab. Under Update mirror, select one of the websites and click on Check for Updates.
  • Upon completion of update and loading, select the Scanner tab. Click on Perform full scan, then click on Scan.
  • Leave the default options as it is and click on Start Scan.
  • If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process.
  • When done, you will be prompted. Click OK, then click on Show Results.
  • Check (tick) all items except items in the C:\System Volume Information folder and click on Remove Selected.
  • After it has removed the items, a log in Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.

If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware. If you receive an (Error Loading) error on reboot, please reboot a second time . It is normal for this error to occur once and does not need to be reported unless it returns on future reboots.

Please post back:
1. the MBAM result
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia

Re: My HiJackThis Log - first timer!

Unread postby bizmarkie » October 17th, 2009, 5:03 pm

Malwarebytes' Anti-Malware 1.41
Database version: 2971
Windows 6.0.6002 Service Pack 2

10/17/2009 4:02:46 PM
mbam-log-2009-10-17 (16-02-46).txt

Scan type: Full Scan (C:\|)
Objects scanned: 405737
Time elapsed: 2 hour(s), 1 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
bizmarkie
Active Member
 
Posts: 10
Joined: October 1st, 2009, 9:03 am

Re: My HiJackThis Log - first timer!

Unread postby Jack&Jill » October 19th, 2009, 5:54 am

Hello bizmarkie :),

Congratulations, you are All Clear to go. If you have any more problems, please let me know.

For Windows Vista, please use right click and select Run as administrator instead of double click to run all the tools I ask you to, or they may not work properly.

Now we need to clear out the programs we have been using to clean up your computer. They are not suitable for general malware removal and could cause damage if used inappropriately.
  • Run OTL by double clicking on OTL.exe. Click on CleanUp at the upper right corner, proceed to reboot if prompted.
  • Delete the CKScanner.exe file, the SysProt.zip file and the Sysprot folder on your desktop.
  • Delete any logs on the desktop.
  • Uninstall HijackThis
    • Open HijackThis.
    • Go to Open the Misc Tools section by clicking on the box.
    • Scroll down until the bottom and under the Uninstall HijackThis section, click on Uninstall HijackThis & exit button.
    • Click Yes if prompted.

Some tips to help you stay clean and safe:

1. Keep your Windows up to date. Enable Automatic Updates to always update the latest security patches from Microsoft, or you can download from the Microsoft website. Otherwise, your computer will be vulnerable to new exploits or malwares.

2. Keep your Antivirus program updated regularly, it is a must for constant protection against viruses.

3. Keep Malwarebytes' Anti-Malware and use it occasionally. It is a new and powerful anti-malware tool, totally free but for real-time protection you will have to pay a small one-time fee.

4. Install WinPatrol, a great protection program that helps you monitor for unwanted files or applications.

5. Install SiteHound or Web of Trust (WOT). SiteHound and WOT keeps you from dangerous websites with warnings and blockings.

6. Keep all your softwares updated. Visit Secunia Software Inspector to find out if any updates required.

7. Install a third party firewall if you do not have one for additional defense against internet dangers. Built-in Windows firewall can only keep nasties from breaking in, but unable to protect against any malwares from sending information out. Some recommended firewalls are Online Armor, Outpost and PC Tools. More information on firewalls. Please keep only one FW installed.

8. If you have been a victim of malware before, Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

9. Also look up How to prevent malware: By miekiemoes and So how did I get infected in the first place? By Tony Klein.

Safe surfing.
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 291 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware