Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

HiJackThis Log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: HiJackThis Log

Unread postby Westbound » May 13th, 2010, 9:50 am

Heres the combofix log :)

ComboFix 10-05-11.06 - Lewis 13/05/2010 14:28:42.1.2 - x86
Running from: c:\users\Lewis\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor
c:\programdata\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk
c:\windows\system32\1330106359.dat
c:\windows\system32\AbaleZip.dll
c:\windows\system32\senekascbgtsrq.dat
c:\windows\system32\senekavwedokmp.dat
c:\windows\system32\system

Infected copy of c:\windows\system32\drivers\i8042prt.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-04-13 to 2010-05-13 )))))))))))))))))))))))))))))))
.

2010-05-13 13:39 . 2010-05-13 13:39 -------- dc----w- c:\users\Lewis\AppData\Local\temp
2010-05-13 13:39 . 2010-05-13 13:39 -------- dc----w- c:\users\Guest\AppData\Local\temp
2010-05-13 13:39 . 2010-05-13 13:39 -------- dc----w- c:\users\Default\AppData\Local\temp
2010-05-12 18:34 . 2010-05-12 19:12 -------- dc----w- c:\users\Lewis\AppData\Local\Temp(32)
2010-05-12 18:23 . 2010-05-12 18:34 -------- dc----w- C:\ComboFix(1)
2010-05-10 19:24 . 2010-05-10 19:24 655360 -c--a-w- c:\users\Lewis\AppData\Roaming\Spotify\Gracenote\gnsdk_sdkmanager.dll
2010-05-10 19:24 . 2010-05-10 19:24 282624 -c--a-w- c:\users\Lewis\AppData\Roaming\Spotify\Gracenote\gnsdk_musicid_file.dll
2010-05-10 19:24 . 2010-05-10 19:24 208896 -c--a-w- c:\users\Lewis\AppData\Roaming\Spotify\Gracenote\gnsdk_dsp.dll
2010-05-10 12:09 . 2010-05-10 12:09 93056 -c--a-w- C:\fwlcapod.sys
2010-05-10 11:45 . 2010-05-13 11:50 0 -c--a-w- c:\users\Lewis\AppData\Local\prvlcl.dat
2010-05-08 16:06 . 2010-05-08 16:08 -------- dc----w- C:\AdobeTemp
2010-05-04 15:04 . 2010-05-04 15:04 -------- dc----w- c:\users\Lewis\AppData\Roaming\Panda Security
2010-05-04 15:03 . 2010-05-04 15:03 -------- dc----w- c:\program files\Panda Security
2010-05-04 14:51 . 2010-05-04 14:51 -------- dc----w- c:\users\Lewis\AppData\Roaming\CheckPoint
2010-05-04 14:40 . 2010-05-04 14:40 144 -c--a-w- c:\windows\system32\lkfl.dat
2010-05-04 14:40 . 2010-05-04 15:00 -------- dc----w- c:\program files\CheckPoint
2010-05-04 14:38 . 2010-05-04 14:38 -------- dc----w- c:\programdata\CheckPoint
2010-05-01 21:25 . 2010-05-01 21:25 -------- dc----w- c:\users\Lewis\AppData\Roaming\AVG9
2010-05-01 06:34 . 2010-05-01 06:34 -------- dc----w- C:\WTablet
2010-04-30 17:24 . 2010-04-30 17:24 -------- dc----w- c:\program files\Trend Micro
2010-04-30 16:36 . 2010-04-30 16:36 -------- dc----w- c:\programdata\SUPERAntiSpyware.com
2010-04-30 16:35 . 2010-04-30 17:28 -------- dc----w- c:\program files\SUPERAntiSpyware
2010-04-29 12:23 . 2010-04-29 12:23 -------- dc----w- c:\program files\iPod
2010-04-29 12:23 . 2010-04-29 12:24 -------- dc----w- c:\program files\iTunes
2010-04-29 11:17 . 2007-11-05 02:15 1140056 -c----w- c:\programdata\HP\Installer\Temp\hpzmsi01.exe
2010-04-29 10:13 . 2010-04-29 10:13 0 -c--a-w- c:\programdata\AVG Security Toolbar\IEToolbar.dll
2010-04-29 09:58 . 2010-04-29 09:58 -------- dc----w- c:\users\Lewis\AppData\Local\AVG Security Toolbar
2010-04-29 09:52 . 2010-04-29 09:52 -------- dc----w- C:\$AVG
2010-04-29 09:51 . 2010-04-29 09:51 12464 -c--a-w- c:\windows\system32\avgrsstx.dll
2010-04-29 09:51 . 2010-04-29 09:51 216200 -c--a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-29 09:51 . 2010-04-29 09:51 29512 -c--a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-04-29 09:51 . 2010-05-13 09:00 -------- dc----w- c:\windows\system32\drivers\Avg
2010-04-29 09:51 . 2010-04-29 10:13 -------- dc----w- c:\programdata\AVG Security Toolbar
2010-04-29 09:50 . 2010-04-29 09:50 25096 -c--a-w- c:\windows\system32\drivers\AVGIDSvx.sys
2010-04-29 09:50 . 2010-04-29 09:50 52872 -c--a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-04-29 09:50 . 2010-04-29 09:50 242896 -c--a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-29 09:50 . 2010-04-29 09:50 24856 -c--a-w- c:\windows\system32\drivers\avgfwd6x.sys
2010-04-29 09:49 . 2010-04-29 09:49 -------- dc----w- c:\program files\AVG
2010-04-29 09:48 . 2010-04-29 13:36 -------- dc----w- c:\programdata\avg9
2010-04-29 08:42 . 2010-04-29 09:28 -------- dc----w- c:\programdata\Norton
2010-04-28 14:45 . 2010-04-28 14:45 73000 -c--a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-04-28 09:20 . 2010-04-28 09:32 -------- dc----w- c:\users\Lewis\AppData\Local\hcgflxxkg
2010-04-28 07:54 . 2010-04-29 11:19 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-28 07:54 . 2010-04-29 20:11 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-28 07:54 . 2010-04-29 11:19 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys
2010-04-27 19:34 . 2010-05-12 19:16 -------- dc----w- c:\users\Lewis\AppData\Roaming\881C5D5D406B957D4BF6DD90B42CCB8A
2010-04-23 15:21 . 2010-04-23 15:23 24805112 -c--a-w- c:\programdata\Birdstep Technology\EasyConnect\Update\3Connect_Flasher_Huawei.exe
2010-04-16 09:54 . 2010-04-16 09:54 -------- dc----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-14 06:29 . 2010-02-18 14:07 904576 -c--a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-14 06:29 . 2010-02-18 13:30 200704 -c--a-w- c:\windows\system32\iphlpsvc.dll
2010-04-14 06:29 . 2010-02-18 11:28 25088 -c--a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-14 06:29 . 2010-02-23 11:10 212992 -c--a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 06:29 . 2010-02-23 11:10 79360 -c--a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 06:29 . 2010-02-23 11:10 106496 -c--a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 06:29 . 2010-02-18 14:07 3600776 -c--a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 06:29 . 2010-02-18 14:07 3548040 -c--a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 06:29 . 2010-03-05 14:01 420352 -c--a-w- c:\windows\system32\vbscript.dll
2010-04-14 06:23 . 2009-12-23 11:33 172032 -c--a-w- c:\windows\system32\wintrust.dll
2010-04-14 06:23 . 2010-01-13 17:34 98304 -c--a-w- c:\windows\system32\cabview.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-13 13:25 . 2009-08-11 15:55 -------- dc----w- c:\users\Lewis\AppData\Roaming\WTablet
2010-05-13 09:16 . 2009-09-09 10:30 -------- dc----w- c:\users\Lewis\AppData\Roaming\Spotify
2010-05-12 19:58 . 2009-08-27 20:34 -------- dc----w- c:\programdata\Rosetta Stone
2010-05-12 19:23 . 2009-08-27 22:14 116240 -c--a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-05-12 19:16 . 2009-08-18 14:40 -------- dc----w- c:\programdata\HP Product Assistant
2010-05-08 16:11 . 2008-10-06 08:22 -------- dc-h--w- c:\program files\InstallShield Installation Information
2010-05-08 16:11 . 2009-06-26 13:15 -------- dc----w- c:\program files\VSTplugins
2010-05-08 16:08 . 2009-01-23 17:15 -------- dc----w- c:\program files\Common Files\Adobe
2010-05-04 21:32 . 2009-01-24 14:13 -------- dc----w- c:\users\Lewis\AppData\Roaming\BitTorrent
2010-05-03 20:22 . 2009-01-23 17:35 1356 -c--a-w- c:\users\Lewis\AppData\Local\d3d9caps.dat
2010-05-02 10:02 . 2009-10-26 17:46 139924 -c-ha-w- c:\windows\system32\mlfcache.dat
2010-04-30 17:28 . 2009-01-31 16:18 -------- dc----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-29 12:23 . 2009-01-23 20:18 -------- dc----w- c:\program files\Common Files\Apple
2010-04-29 12:18 . 2009-01-23 20:20 -------- dc----w- c:\program files\Bonjour
2010-04-29 11:37 . 2008-10-06 08:48 -------- dc----w- c:\programdata\WildTangent
2010-04-29 11:20 . 2009-07-07 16:37 -------- dc----w- c:\users\Lewis\AppData\Roaming\InstallShield
2010-04-29 11:12 . 2009-02-14 13:13 10848 -c--a-w- c:\users\Lewis\AppData\Roaming\wklnhst.dat
2010-04-18 18:28 . 2009-01-23 20:21 -------- dc----w- c:\users\Lewis\AppData\Roaming\Apple Computer
2010-04-17 14:30 . 2009-02-16 15:29 256 -c--a-w- c:\windows\system32\pool.bin
2010-04-16 09:51 . 2009-06-05 00:02 -------- dc----w- c:\program files\QuickTime
2010-04-15 06:34 . 2006-11-02 11:18 -------- dc----w- c:\program files\Windows Mail
2010-04-15 06:21 . 2009-01-23 18:07 -------- dc----w- c:\programdata\Microsoft Help
2010-04-11 09:34 . 2009-02-08 19:30 -------- dc----w- c:\users\Lewis\AppData\Roaming\LimeWire
2010-04-08 12:20 . 2010-04-08 12:20 91424 -c--a-w- c:\windows\system32\dnssd.dll
2010-04-08 12:20 . 2010-04-08 12:20 107808 -c--a-w- c:\windows\system32\dns-sd.exe
2010-04-07 18:23 . 2009-01-24 19:56 -------- dc----w- c:\programdata\FLEXnet
2010-04-07 18:22 . 2010-04-07 18:22 -------- dc----w- c:\program files\Rosetta Stone
2010-04-07 18:22 . 2010-04-07 18:21 -------- dc----w- c:\programdata\RosettaStoneLtdBackup
2010-03-23 10:29 . 2010-03-23 10:29 -------- dc----w- c:\users\Lewis\AppData\Roaming\Malwarebytes
2010-03-23 10:29 . 2010-03-23 10:29 -------- dc----w- c:\programdata\Malwarebytes
2010-02-25 11:32 . 2010-02-25 11:32 56 -c-ha-w- c:\windows\system32\ezsidmv.dat
2010-02-24 09:16 . 2009-10-03 09:35 181632 -c----w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39 . 2010-03-31 08:52 916480 -c--a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 08:52 109056 -c--a-w- c:\windows\system32\iesysprep.dll
2010-02-23 06:33 . 2010-03-31 08:52 71680 -c--a-w- c:\windows\system32\iesetup.dll
2010-02-23 04:55 . 2010-03-31 08:52 133632 -c--a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06 . 2010-03-12 08:17 24064 -c--a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-12 08:17 30720 -c--a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-12 08:17 411648 -c--a-w- c:\windows\system32\drivers\http.sys
2010-02-18 11:17 . 2008-10-06 08:52 588472 -c--a-w- c:\windows\system32\ezsvc7x.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 -c--a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 -c--a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-10-06 17:07 . 2008-10-06 17:07 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-02-23 13:04 1664256 -c--a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-22 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-22 92704]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-02 75008]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2008-09-19 615696]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):c5,4f,94,5b,08,f2,ca,01

R2 BrowserRasAuto;Computer Browser BrowserRasAuto;c:\windows\system32\admparsek.exe [x]
R2 ehSchediphlpsvc;Windows Media Center Scheduler Service ehSchediphlpsvc;c:\windows\system32\Ahmbedk.exe [x]
R2 WUSB54GSVC;WUSB54GSVC;c:\program files\WUSB54G Wireless-G Adapter\WLService.exe WUSB54G.exe [x]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-02-23 369920]
R3 icsak;icsak;c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [x]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2008-10-06 15656]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-01 691696]
S0 AVGIDSErHrvtx;AVG9IDSErHr;c:\windows\System32\Drivers\AVGIDSvx.sys [2010-04-29 25096]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-04-29 52872]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2010-04-29 24856]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-04-29 216200]
S1 AvgTdiX;AVG Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-04-29 242896]
S2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-04-29 916760]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-04-29 308064]
S2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [2010-04-29 2325816]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe AVGIDSAgent [x]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2008-12-11 2749736]
S3 AVGIDSDrivervtx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSDriver.sys [2010-04-29 122376]
S3 AVGIDSFiltervtx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSFilter.sys [2010-04-29 30216]
S3 AVGIDSShimvtx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys [2010-04-29 27144]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cndt
uInternet Settings,ProxyOverride = <local>;*.local
uInternet Settings,ProxyServer = http=127.0.0.1:5555
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\users\Lewis\AppData\Roaming\Mozilla\Firefox\Profiles\jg50e0ld.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ig?hl=en&source=iglk
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
.
------- File Associations -------
.
.txt=
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-HPAdvisor - c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
HKCU-Run-AdobeBridge - (no file)
AddRemove-PC-Doctor for Windows - c:\program files\PC-Doctor for Windows\uninst.exe
AddRemove-RETAS!PRO STYLOS HD 2.1E DEMO - c:\program files\CELSYS\RETAS!PRO HD DEMO\STYLOS HD DEMO\Uninst.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-13 14:39
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:9d,3a,06,d5,93,e6,c1,8c,ab,fb,ec,26,ef,e3,1c,b1,e9,e2,71,2b,c3,
c5,9e,78,94,a9,f5,45,87,70,e2,af,aa,e7,ab,09,13,05,cc,3a,c9,ff,d2,b9,ef,a9,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:9d,3a,06,d5,93,e6,c1,8c,ab,fb,ec,26,ef,e3,1c,b1,e9,e2,71,2b,c3,
c5,9e,78,94,a9,f5,45,87,70,e2,af,aa,e7,ab,09,13,05,cc,3a,c9,ff,d2,b9,ef,a9,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-05-13 14:42:01
ComboFix-quarantined-files.txt 2010-05-13 13:41

Pre-Run: 171,396,800,512 bytes free
Post-Run: 171,237,646,336 bytes free

- - End Of File - - DE269B65A6D6412197CFA808D9D0126E
Westbound
Active Member
 
Posts: 13
Joined: May 4th, 2010, 12:39 pm
Advertisement
Register to Remove

Re: HiJackThis Log

Unread postby melboy » May 13th, 2010, 1:22 pm

Hi


COMBOFIX-Script
A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.


  • Please open Notepad and copy and paste the text present inside the code box below:

    Code: Select all
    DDS::
    uInternet Settings,ProxyOverride = <local>;*.local
    uInternet Settings,ProxyServer = http=127.0.0.1:5555
    
    DirLook::
    c:\users\Lewis\AppData\Local\hcgflxxkg
    
    

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • If you need help to disable your protection programs see here.
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


=======================


If you have problems accessing the Internet after running the above script:

Open Internet Explorer go to: Tools > Internet Options > Connections Tab > Lan Settings > Under Proxy server, uncheck use a proxy server > OK > Apply > OK

If you use Firefox go to Tools > Options... > Advanced Tab > Network Tab > Under Connection click Settings > Under Configure Proxies to access the Internet, Set it to No Proxy > OK
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: HiJackThis Log

Unread postby Westbound » May 14th, 2010, 3:32 pm

Heres the log chief.

ComboFix 10-05-13.04 - Lewis 14/05/2010 19:54:17.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2942.1913 [GMT 1:00]
Running from: c:\users\Lewis\Desktop\ComboFix.exe
Command switches used :: c:\users\Lewis\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2010-04-14 to 2010-05-14 )))))))))))))))))))))))))))))))
.

2010-05-14 19:01 . 2010-05-14 19:01 -------- dc----w- c:\users\Lewis\AppData\Local\temp
2010-05-14 19:01 . 2010-05-14 19:01 -------- dc----w- c:\users\Public\AppData\Local\temp
2010-05-14 19:01 . 2010-05-14 19:01 -------- dc----w- c:\users\Guest\AppData\Local\temp
2010-05-14 19:01 . 2010-05-14 19:01 -------- dc----w- c:\users\Default\AppData\Local\temp
2010-05-14 14:54 . 2010-01-28 12:34 112640 -c--a-w- c:\windows\system32\drivers\ewusbnet.sys
2010-05-14 14:54 . 2010-01-28 12:34 102912 -c--a-w- c:\windows\system32\drivers\ewusbmdm.sys
2010-05-14 14:54 . 2008-03-17 09:57 103680 -c--a-w- c:\windows\system32\drivers\ewusbfake.sys
2010-05-14 14:54 . 2008-03-16 12:47 872192 -c--a-w- c:\windows\system32\drivers\mod7700.sys
2010-05-14 14:54 . 2010-01-28 12:34 23424 -c--a-w- c:\windows\system32\drivers\ewdcsc.sys
2010-05-14 14:54 . 2010-01-28 12:34 101120 -c--a-w- c:\windows\system32\drivers\ewusbdev.sys
2010-05-13 16:39 . 2010-01-29 15:40 738816 -c--a-w- c:\windows\system32\inetcomm.dll
2010-05-12 18:34 . 2010-05-12 19:12 -------- dc----w- c:\users\Lewis\AppData\Local\Temp(32)
2010-05-12 18:23 . 2010-05-12 18:34 -------- dc----w- C:\ComboFix(1)
2010-05-10 19:24 . 2010-05-10 19:24 655360 -c--a-w- c:\users\Lewis\AppData\Roaming\Spotify\Gracenote\gnsdk_sdkmanager.dll
2010-05-10 19:24 . 2010-05-10 19:24 282624 -c--a-w- c:\users\Lewis\AppData\Roaming\Spotify\Gracenote\gnsdk_musicid_file.dll
2010-05-10 19:24 . 2010-05-10 19:24 208896 -c--a-w- c:\users\Lewis\AppData\Roaming\Spotify\Gracenote\gnsdk_dsp.dll
2010-05-10 12:09 . 2010-05-10 12:09 93056 -c--a-w- C:\fwlcapod.sys
2010-05-10 11:45 . 2010-05-14 18:50 0 -c--a-w- c:\users\Lewis\AppData\Local\prvlcl.dat
2010-05-08 16:06 . 2010-05-08 16:08 -------- dc----w- C:\AdobeTemp
2010-05-04 15:04 . 2010-05-04 15:04 -------- dc----w- c:\users\Lewis\AppData\Roaming\Panda Security
2010-05-04 15:03 . 2010-05-04 15:03 -------- dc----w- c:\program files\Panda Security
2010-05-04 14:51 . 2010-05-04 14:51 -------- dc----w- c:\users\Lewis\AppData\Roaming\CheckPoint
2010-05-04 14:40 . 2010-05-04 14:40 144 -c--a-w- c:\windows\system32\lkfl.dat
2010-05-04 14:40 . 2010-05-04 15:00 -------- dc----w- c:\program files\CheckPoint
2010-05-04 14:38 . 2010-05-04 14:38 -------- dc----w- c:\programdata\CheckPoint
2010-05-01 21:25 . 2010-05-01 21:25 -------- dc----w- c:\users\Lewis\AppData\Roaming\AVG9
2010-05-01 06:34 . 2010-05-01 06:34 -------- dc----w- C:\WTablet
2010-04-30 17:24 . 2010-04-30 17:24 -------- dc----w- c:\program files\Trend Micro
2010-04-30 16:36 . 2010-04-30 16:36 -------- dc----w- c:\programdata\SUPERAntiSpyware.com
2010-04-30 16:35 . 2010-04-30 17:28 -------- dc----w- c:\program files\SUPERAntiSpyware
2010-04-29 12:23 . 2010-04-29 12:23 -------- dc----w- c:\program files\iPod
2010-04-29 12:23 . 2010-04-29 12:24 -------- dc----w- c:\program files\iTunes
2010-04-29 11:17 . 2007-11-05 02:15 1140056 -c----w- c:\programdata\HP\Installer\Temp\hpzmsi01.exe
2010-04-29 10:13 . 2010-04-29 10:13 0 -c--a-w- c:\programdata\AVG Security Toolbar\IEToolbar.dll
2010-04-29 09:58 . 2010-04-29 09:58 -------- dc----w- c:\users\Lewis\AppData\Local\AVG Security Toolbar
2010-04-29 09:52 . 2010-04-29 09:52 -------- dc----w- C:\$AVG
2010-04-29 09:51 . 2010-04-29 09:51 12464 -c--a-w- c:\windows\system32\avgrsstx.dll
2010-04-29 09:51 . 2010-04-29 09:51 216200 -c--a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-29 09:51 . 2010-04-29 09:51 29512 -c--a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-04-29 09:51 . 2010-05-14 13:49 -------- dc----w- c:\windows\system32\drivers\Avg
2010-04-29 09:51 . 2010-04-29 10:13 -------- dc----w- c:\programdata\AVG Security Toolbar
2010-04-29 09:50 . 2010-04-29 09:50 25096 -c--a-w- c:\windows\system32\drivers\AVGIDSvx.sys
2010-04-29 09:50 . 2010-04-29 09:50 52872 -c--a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-04-29 09:50 . 2010-04-29 09:50 242896 -c--a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-29 09:50 . 2010-04-29 09:50 24856 -c--a-w- c:\windows\system32\drivers\avgfwd6x.sys
2010-04-29 09:49 . 2010-04-29 09:49 -------- dc----w- c:\program files\AVG
2010-04-29 09:48 . 2010-04-29 13:36 -------- dc----w- c:\programdata\avg9
2010-04-29 08:42 . 2010-04-29 09:28 -------- dc----w- c:\programdata\Norton
2010-04-28 14:45 . 2010-04-28 14:45 73000 -c--a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-04-28 09:20 . 2010-04-28 09:32 -------- dc----w- c:\users\Lewis\AppData\Local\hcgflxxkg
2010-04-28 07:54 . 2010-04-29 11:19 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-28 07:54 . 2010-04-29 20:11 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-28 07:54 . 2010-04-29 11:19 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys
2010-04-27 19:34 . 2010-05-12 19:16 -------- dc----w- c:\users\Lewis\AppData\Roaming\881C5D5D406B957D4BF6DD90B42CCB8A
2010-04-23 15:21 . 2010-04-23 15:23 24805112 -c--a-w- c:\programdata\Birdstep Technology\EasyConnect\Update\3Connect_Flasher_Huawei.exe
2010-04-16 09:54 . 2010-04-16 09:54 -------- dc----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-14 18:41 . 2009-08-11 15:55 -------- dc----w- c:\users\Lewis\AppData\Roaming\WTablet
2010-05-14 14:54 . 2009-01-23 17:23 71259 -c--a-w- c:\windows\Huawei ModemsUninstall.exe
2010-05-14 14:54 . 2009-01-23 17:23 -------- dc----w- c:\program files\Huawei Modems
2010-05-13 22:26 . 2006-11-02 11:18 -------- dc----w- c:\program files\Windows Mail
2010-05-13 22:25 . 2009-01-23 18:07 -------- dc----w- c:\programdata\Microsoft Help
2010-05-13 20:26 . 2009-09-09 10:30 -------- dc----w- c:\users\Lewis\AppData\Roaming\Spotify
2010-05-12 19:58 . 2009-08-27 20:34 -------- dc----w- c:\programdata\Rosetta Stone
2010-05-12 19:23 . 2009-08-27 22:14 116240 -c--a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-05-12 19:16 . 2009-08-18 14:40 -------- dc----w- c:\programdata\HP Product Assistant
2010-05-08 16:11 . 2008-10-06 08:22 -------- dc-h--w- c:\program files\InstallShield Installation Information
2010-05-08 16:11 . 2009-06-26 13:15 -------- dc----w- c:\program files\VSTplugins
2010-05-08 16:08 . 2009-01-23 17:15 -------- dc----w- c:\program files\Common Files\Adobe
2010-05-04 21:32 . 2009-01-24 14:13 -------- dc----w- c:\users\Lewis\AppData\Roaming\BitTorrent
2010-05-03 20:22 . 2009-01-23 17:35 1356 -c--a-w- c:\users\Lewis\AppData\Local\d3d9caps.dat
2010-05-02 10:02 . 2009-10-26 17:46 139924 -c-ha-w- c:\windows\system32\mlfcache.dat
2010-04-30 17:28 . 2009-01-31 16:18 -------- dc----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-29 12:23 . 2009-01-23 20:18 -------- dc----w- c:\program files\Common Files\Apple
2010-04-29 12:18 . 2009-01-23 20:20 -------- dc----w- c:\program files\Bonjour
2010-04-29 11:37 . 2008-10-06 08:48 -------- dc----w- c:\programdata\WildTangent
2010-04-29 11:20 . 2009-07-07 16:37 -------- dc----w- c:\users\Lewis\AppData\Roaming\InstallShield
2010-04-29 11:12 . 2009-02-14 13:13 10848 -c--a-w- c:\users\Lewis\AppData\Roaming\wklnhst.dat
2010-04-18 18:28 . 2009-01-23 20:21 -------- dc----w- c:\users\Lewis\AppData\Roaming\Apple Computer
2010-04-17 14:30 . 2009-02-16 15:29 256 -c--a-w- c:\windows\system32\pool.bin
2010-04-16 09:51 . 2009-06-05 00:02 -------- dc----w- c:\program files\QuickTime
2010-04-11 09:34 . 2009-02-08 19:30 -------- dc----w- c:\users\Lewis\AppData\Roaming\LimeWire
2010-04-08 12:20 . 2010-04-08 12:20 91424 -c--a-w- c:\windows\system32\dnssd.dll
2010-04-08 12:20 . 2010-04-08 12:20 107808 -c--a-w- c:\windows\system32\dns-sd.exe
2010-04-07 18:23 . 2009-01-24 19:56 -------- dc----w- c:\programdata\FLEXnet
2010-04-07 18:22 . 2010-04-07 18:22 -------- dc----w- c:\program files\Rosetta Stone
2010-04-07 18:22 . 2010-04-07 18:21 -------- dc----w- c:\programdata\RosettaStoneLtdBackup
2010-03-23 10:29 . 2010-03-23 10:29 -------- dc----w- c:\users\Lewis\AppData\Roaming\Malwarebytes
2010-03-23 10:29 . 2010-03-23 10:29 -------- dc----w- c:\programdata\Malwarebytes
2010-03-05 14:01 . 2010-04-14 06:29 420352 -c--a-w- c:\windows\system32\vbscript.dll
2010-02-25 11:32 . 2010-02-25 11:32 56 -c-ha-w- c:\windows\system32\ezsidmv.dat
2010-02-24 09:16 . 2009-10-03 09:35 181632 -c----w- c:\windows\system32\MpSigStub.exe
2010-02-23 11:10 . 2010-04-14 06:29 212992 -c--a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-23 11:10 . 2010-04-14 06:29 79360 -c--a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-02-23 11:10 . 2010-04-14 06:29 106496 -c--a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-23 06:39 . 2010-03-31 08:52 916480 -c--a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 08:52 109056 -c--a-w- c:\windows\system32\iesysprep.dll
2010-02-23 06:33 . 2010-03-31 08:52 71680 -c--a-w- c:\windows\system32\iesetup.dll
2010-02-23 04:55 . 2010-03-31 08:52 133632 -c--a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06 . 2010-03-12 08:17 24064 -c--a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-12 08:17 30720 -c--a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-12 08:17 411648 -c--a-w- c:\windows\system32\drivers\http.sys
2010-02-18 14:07 . 2010-04-14 06:29 904576 -c--a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-18 14:07 . 2010-04-14 06:29 3600776 -c--a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-18 14:07 . 2010-04-14 06:29 3548040 -c--a-w- c:\windows\system32\ntoskrnl.exe
2010-02-18 13:30 . 2010-04-14 06:29 200704 -c--a-w- c:\windows\system32\iphlpsvc.dll
2010-02-18 11:28 . 2010-04-14 06:29 25088 -c--a-w- c:\windows\system32\drivers\tunnel.sys
2010-02-18 11:17 . 2008-10-06 08:52 588472 -c--a-w- c:\windows\system32\ezsvc7x.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 -c--a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 -c--a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-10-06 17:07 . 2008-10-06 17:07 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\Lewis\AppData\Local\hcgflxxkg ----



((((((((((((((((((((((((((((( SnapShot@2010-05-13_13.39.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-14 06:51 . 2010-05-14 06:51 62976 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90RUS.DLL
+ 2010-05-14 06:51 . 2010-05-14 06:51 46080 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90KOR.DLL
+ 2010-05-14 06:51 . 2010-05-14 06:51 46592 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90JPN.DLL
+ 2010-05-14 06:51 . 2010-05-14 06:51 64512 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90ITA.DLL
+ 2010-05-14 06:51 . 2010-05-14 06:51 66048 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90FRA.DLL
+ 2010-05-14 06:51 . 2010-05-14 06:51 65024 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90ESP.DLL
+ 2010-05-14 06:51 . 2010-05-14 06:51 65024 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90ESN.DLL
+ 2010-05-14 06:51 . 2010-05-14 06:51 56832 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90ENU.DLL
+ 2010-05-14 06:51 . 2010-05-14 06:51 66560 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90DEU.DLL
+ 2010-05-14 06:51 . 2010-05-14 06:51 39936 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90CHT.DLL
+ 2010-05-14 06:51 . 2010-05-14 06:51 38912 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90CHS.DLL
+ 2010-05-14 06:51 . 2010-05-14 06:51 59904 c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf\mfcm90u.dll
+ 2010-05-14 06:51 . 2010-05-14 06:51 59904 c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf\mfcm90.dll
+ 2010-05-13 16:39 . 2010-01-29 13:49 84480 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6002.22325_none_7c10a4356edc41af\INETRES.dll
+ 2006-11-02 07:28 . 2006-11-02 08:48 84480 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6002.18197_none_7b3d56a455f59b03\INETRES.dll
+ 2010-05-13 16:39 . 2010-01-29 13:56 84480 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6001.22621_none_7a26312571b9872f\INETRES.dll
+ 2006-11-02 07:28 . 2006-11-02 08:48 84480 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6001.18416_none_79ac63d2588f4d00\INETRES.dll
+ 2008-01-21 01:58 . 2010-05-14 18:45 80764 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-01-23 17:15 . 2010-05-14 18:45 18736 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-716114793-498096270-2117277640-1000_UserData.bin
+ 2010-01-28 12:34 . 2010-01-28 12:34 23424 c:\windows\System32\DriverStore\FileRepository\ewdcsc.inf_a74cca45\ewdcsc.sys
+ 2008-10-18 15:14 . 2010-05-14 18:41 49152 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-10-18 15:14 . 2010-05-13 13:25 49152 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-10-18 15:17 . 2010-05-14 18:41 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-10-18 15:17 . 2010-05-13 13:25 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-05-19 19:36 . 2010-05-13 07:59 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-05-19 19:36 . 2010-05-14 18:45 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-05-19 19:36 . 2010-05-13 07:59 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-05-19 19:36 . 2010-05-14 18:45 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-05-19 19:36 . 2010-05-13 07:59 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-05-19 19:36 . 2010-05-14 18:45 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-04-21 08:55 . 2010-05-14 18:41 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-04-21 08:55 . 2010-05-13 13:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-04-21 08:55 . 2010-05-13 13:25 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-04-21 08:55 . 2010-05-14 18:41 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-04-21 08:55 . 2010-05-14 18:41 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-04-21 08:55 . 2010-05-13 13:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-29 20:59 . 2010-05-13 22:25 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-11-29 20:59 . 2010-04-15 06:21 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-11-29 20:59 . 2010-04-15 06:21 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-11-29 20:59 . 2010-05-13 22:25 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-11-29 20:59 . 2010-04-15 06:21 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-11-29 20:59 . 2010-05-13 22:25 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2006-11-02 10:25 . 2010-05-14 14:54 51200 c:\windows\inf\infpub.dat
- 2006-11-02 10:25 . 2010-05-04 14:58 51200 c:\windows\inf\infpub.dat
- 2010-05-13 13:24 . 2010-05-13 13:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-05-14 18:41 . 2010-05-14 18:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-05-14 18:41 . 2010-05-14 18:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-05-13 13:24 . 2010-05-13 13:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-05-14 06:51 . 2010-05-14 06:51 655872 c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada\msvcr90.dll
+ 2010-05-14 06:51 . 2010-05-14 06:51 572928 c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada\msvcp90.dll
+ 2010-05-14 06:51 . 2010-05-14 06:51 225280 c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada\msvcm90.dll
+ 2010-05-14 06:47 . 2010-05-14 06:47 161784 c:\windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_e29d1181971ae11e\ATL90.dll
+ 2010-05-13 16:39 . 2010-01-29 16:07 738816 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6002.22325_none_7c10a4356edc41af\inetcomm.dll
+ 2010-05-13 16:39 . 2010-01-29 15:40 738816 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6002.18197_none_7b3d56a455f59b03\inetcomm.dll
+ 2010-05-13 16:39 . 2010-01-29 16:08 738304 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6001.22621_none_7a26312571b9872f\inetcomm.dll
+ 2010-05-13 16:39 . 2010-01-29 16:21 738304 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6001.18416_none_79ac63d2588f4d00\inetcomm.dll
+ 2006-11-02 13:05 . 2010-05-14 18:45 142568 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 10:33 . 2010-05-14 18:47 620676 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-05-13 13:32 620676 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-05-13 13:32 113976 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2010-05-14 18:47 113976 c:\windows\System32\perfc009.dat
+ 2010-01-28 12:34 . 2010-01-28 12:34 101120 c:\windows\System32\DriverStore\FileRepository\ewusbdev.inf_00477997\ewusbdev.sys
+ 2010-01-28 12:34 . 2010-01-28 12:34 102912 c:\windows\System32\DriverStore\FileRepository\ewser2k.inf_d5bb58e3\ewusbmdm.sys
+ 2010-01-28 12:34 . 2010-01-28 12:34 112640 c:\windows\System32\DriverStore\FileRepository\ewnet.inf_3dd1ab44\ewusbnet.sys
+ 2010-01-28 12:34 . 2010-01-28 12:34 102912 c:\windows\System32\DriverStore\FileRepository\ewmdm2k.inf_209ee7cc\ewusbmdm.sys
- 2008-10-18 15:17 . 2010-05-13 13:25 524288 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-18 15:17 . 2010-05-14 18:41 524288 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-05-14 06:47 . 2010-05-14 06:47 228352 c:\windows\Installer\154252.msi
+ 2009-11-29 20:59 . 2010-05-13 22:25 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-11-29 20:59 . 2010-04-15 06:21 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-11-29 20:59 . 2010-04-15 06:21 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-11-29 20:59 . 2010-05-13 22:25 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2009-11-29 20:59 . 2010-04-15 06:21 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2009-11-29 20:59 . 2010-05-13 22:25 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2009-11-29 20:59 . 2010-05-13 22:25 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
- 2009-11-29 20:59 . 2010-04-15 06:21 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2006-11-02 10:25 . 2010-05-14 14:54 143360 c:\windows\inf\infstrng.dat
- 2006-11-02 10:25 . 2010-05-04 14:58 143360 c:\windows\inf\infstrng.dat
- 2006-11-02 10:25 . 2010-05-04 14:58 143360 c:\windows\inf\infstor.dat
+ 2006-11-02 10:25 . 2010-05-14 14:54 143360 c:\windows\inf\infstor.dat
+ 2010-05-14 06:51 . 2010-05-14 06:51 3783672 c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf\mfc90u.dll
+ 2010-05-14 06:51 . 2010-05-14 06:51 3768312 c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf\mfc90.dll
+ 2010-05-13 16:39 . 2010-04-01 11:58 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.22386_none_f4a7b4b181f9b16a\OESpamFilter.dat
+ 2010-05-13 16:39 . 2010-04-01 11:57 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.18245_none_f448574c68bc8885\OESpamFilter.dat
+ 2010-05-13 16:39 . 2010-04-01 11:58 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22673_none_f2c911d784cdf450\OESpamFilter.dat
+ 2010-05-13 16:39 . 2010-04-01 13:20 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18462_none_f24942c86ba92217\OESpamFilter.dat
+ 2010-05-13 16:39 . 2010-01-29 13:49 2836992 c:\windows\winsxs\x86_microsoft-windows-mail-core-dll_31bf3856ad364e35_6.0.6002.22325_none_5ade3b513b99bff2\MSOERES.dll
+ 2010-05-13 16:39 . 2010-01-29 16:08 1616384 c:\windows\winsxs\x86_microsoft-windows-mail-core-dll_31bf3856ad364e35_6.0.6002.22325_none_5ade3b513b99bff2\msoe.dll
+ 2006-11-02 12:34 . 2006-11-02 12:34 2836992 c:\windows\winsxs\x86_microsoft-windows-mail-core-dll_31bf3856ad364e35_6.0.6002.18197_none_5a0aedc022b31946\MSOERES.dll
+ 2010-05-13 16:39 . 2010-01-29 15:40 1616384 c:\windows\winsxs\x86_microsoft-windows-mail-core-dll_31bf3856ad364e35_6.0.6002.18197_none_5a0aedc022b31946\msoe.dll
+ 2010-05-13 16:39 . 2010-01-29 13:57 2836992 c:\windows\winsxs\x86_microsoft-windows-mail-core-dll_31bf3856ad364e35_6.0.6001.22621_none_58f3c8413e770572\MSOERES.dll
+ 2010-05-13 16:39 . 2010-01-29 16:09 1616384 c:\windows\winsxs\x86_microsoft-windows-mail-core-dll_31bf3856ad364e35_6.0.6001.22621_none_58f3c8413e770572\msoe.dll
+ 2006-11-02 12:34 . 2006-11-02 12:34 2836992 c:\windows\winsxs\x86_microsoft-windows-mail-core-dll_31bf3856ad364e35_6.0.6001.18416_none_5879faee254ccb43\MSOERES.dll
+ 2010-05-13 16:39 . 2010-01-29 16:22 1616384 c:\windows\winsxs\x86_microsoft-windows-mail-core-dll_31bf3856ad364e35_6.0.6001.18416_none_5879faee254ccb43\msoe.dll
+ 2006-11-02 10:22 . 2010-05-14 07:07 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2006-11-02 10:22 . 2010-04-15 10:50 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2009-10-16 06:08 . 2009-10-16 06:08 2237952 c:\windows\Installer\dfdebf.msp
- 2009-11-29 20:59 . 2010-04-15 06:21 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-11-29 20:59 . 2010-05-13 22:25 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-08-25 22:50 . 2008-08-25 22:50 2585592 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\VBE6.DLL
+ 2006-11-02 10:24 . 2010-04-30 18:51 32058312 c:\windows\System32\mrt.exe
+ 2009-05-15 16:16 . 2010-05-14 06:51 195146773 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-02-23 13:04 1664256 -c--a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-22 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-22 92704]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-02 75008]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2008-09-19 615696]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):c5,4f,94,5b,08,f2,ca,01

R2 BrowserRasAuto;Computer Browser BrowserRasAuto;c:\windows\system32\admparsek.exe [x]
R2 ehSchediphlpsvc;Windows Media Center Scheduler Service ehSchediphlpsvc;c:\windows\system32\Ahmbedk.exe [x]
R2 WUSB54GSVC;WUSB54GSVC;c:\program files\WUSB54G Wireless-G Adapter\WLService.exe WUSB54G.exe [x]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-02-23 369920]
R3 icsak;icsak;c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [x]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2008-10-06 15656]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-01 691696]
S0 AVGIDSErHrvtx;AVG9IDSErHr;c:\windows\System32\Drivers\AVGIDSvx.sys [2010-04-29 25096]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-04-29 52872]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2010-04-29 24856]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-04-29 216200]
S1 AvgTdiX;AVG Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-04-29 242896]
S2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-04-29 916760]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-04-29 308064]
S2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [2010-04-29 2325816]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe AVGIDSAgent [x]
S2 BecHelperService;BecHelperService;c:\program files\3\3Connect\BecHelperService.exe [2010-01-28 1737464]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2008-12-11 2749736]
S3 AVGIDSDrivervtx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSDriver.sys [2010-04-29 122376]
S3 AVGIDSFiltervtx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSFilter.sys [2010-04-29 30216]
S3 AVGIDSShimvtx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys [2010-04-29 27144]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cndt
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\users\Lewis\AppData\Roaming\Mozilla\Firefox\Profiles\jg50e0ld.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ig?hl=en&source=iglk
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-14 20:01
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:9d,3a,06,d5,93,e6,c1,8c,ab,fb,ec,26,ef,e3,1c,b1,e9,e2,71,2b,c3,
c5,9e,78,94,a9,f5,45,87,70,e2,af,aa,e7,ab,09,13,05,cc,3a,c9,ff,d2,b9,ef,a9,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:9d,3a,06,d5,93,e6,c1,8c,ab,fb,ec,26,ef,e3,1c,b1,e9,e2,71,2b,c3,
c5,9e,78,94,a9,f5,45,87,70,e2,af,aa,e7,ab,09,13,05,cc,3a,c9,ff,d2,b9,ef,a9,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-05-14 20:04:17
ComboFix-quarantined-files.txt 2010-05-14 19:04
ComboFix2.txt 2010-05-13 13:42

Pre-Run: 169,330,937,856 bytes free
Post-Run: 169,369,759,744 bytes free

- - End Of File - - B1620D0725ED4673A256D5076D2CFAE4
Westbound
Active Member
 
Posts: 13
Joined: May 4th, 2010, 12:39 pm

Re: HiJackThis Log

Unread postby melboy » May 14th, 2010, 4:03 pm

Hi

Good - Thanks


Update Java Runtime
You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 20.

  • Go to Sun Java
  • Scroll down to where it says "JDK 6 Update 20 (JDK or JRE)"
  • Click the orange Download JRE button to the right
  • In the Platform box choose Windows.
  • Check the box to Accept License Agreement and click Continue.
  • Click on Windows Offline Installation, click on the link under it which says "jre-6u20-windows-i586.exe" and save the downloaded file to your desktop.
  • Uninstall all old versions of Java via start > control panel > programs and features.
  • Right click on each instance of:
    Java(TM) 6 Update 15
    Java(TM) SE Runtime Environment 6 Update 1
  • Click Uninstall & then follow the prompts to remove the above.
  • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
  • Reboot your computer



TFC

  • Please download TFC by Old Timer to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Right click on TFC.exe and select "Run as Administrator"
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.



Malwarebytes' Anti-Malware (MBAM)

As you have Malwarebytes' Anti-Malware installed on your computer. Could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform Quick scan, then click on Scan
  • When done, you will be prompted. Click OK. If Items are found, then click on Show Results
  • Check all items then click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply.

    The log can also be found here:
    1. C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    2. Or via the Logs tab when the application is started.

Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately.
Failure to reboot will prevent MBAM from removing all the malware.



ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!



Re-run DDS

Please disable any anti-malware program that will block scripts from running before running DDS.
  • Disable any script blocker, and then right click dds.scr and choose "Run as Administrator" to run the tool.
  • When done, Please copy & paste the contents of :
    • DDS.txt
And post it in your next reply.



In your next reply:
  1. Eset Online Scan log
  2. MBAM log
  3. DDS.txt
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: HiJackThis Log

Unread postby melboy » May 16th, 2010, 3:42 pm

Hi Westbound

It has been two days since my last post.

  • Do you still need help?
  • Do you need more time?
  • Are you having problems following my instructions?
  • According to Malware Removal's latest policy, topics can be closed after 3 days without a response. If you do not reply within the next 24 hours, this topic will be closed.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: HiJackThis Log

Unread postby Westbound » May 16th, 2010, 4:36 pm

hey melboy, i will post the logs tonight, very hectic weekend :shock:
Westbound
Active Member
 
Posts: 13
Joined: May 4th, 2010, 12:39 pm

Re: HiJackThis Log

Unread postby melboy » May 16th, 2010, 4:38 pm

Ok.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: HiJackThis Log

Unread postby Westbound » May 17th, 2010, 10:59 am

malwarebytes

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4107

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

16/05/2010 22:34:02
mbam-log-2010-05-16 (22-34-02).txt

Scan type: Quick scan
Objects scanned: 134309
Time elapsed: 6 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Eset

C:\Qoobox\Quarantine\C\Windows\system32\Drivers\i8042prt.sys.vir Win32/Olmarik.ZC trojan


DDS


DDS (Ver_10-03-17.01) - NTFSx86
Run by Lewis at 15:57:32.33 on 17/05/2010
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2942.1494 [GMT 1:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\3\3Connect\BecHelperService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Pen_Tablet.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\conime.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Lewis\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cndt
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe" -delete
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\lewis\appdata\roaming\micros~1\windows\startm~1\programs\startup\deskto~1.lnk - c:\program files\research in motion\blackberry\DesktopMgr.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\update~1.lnk - c:\program files\3\3connect\AutoUpdateSrv.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
AppInit_DLLs: c:\windows\system32\avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\lewis\appdata\roaming\mozilla\firefox\profiles\jg50e0ld.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ig?hl=en&source=iglk
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrvtx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSvx.sys [2010-4-29 25096]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-4-29 52872]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2010-4-29 24856]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-4-29 216200]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-4-29 29512]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-4-29 242896]
R2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-4-29 916760]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-4-29 308064]
R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-4-29 2325816]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-4-29 5888008]
R2 BecHelperService;BecHelperService;c:\program files\3\3connect\BecHelperService.exe [2010-5-14 1737464]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-8-11 2749736]
R3 AVGIDSDrivervtx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_vista\AVGIDSDriver.sys [2010-4-29 122376]
R3 AVGIDSFiltervtx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_vista\AVGIDSFilter.sys [2010-4-29 30216]
R3 AVGIDSShimvtx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_vista\AVGIDSShim.sys [2010-4-29 27144]
S2 BrowserRasAuto;Computer Browser BrowserRasAuto;c:\windows\system32\admparsek.exe srv --> c:\windows\system32\admparsek.exe srv [?]
S2 ehSchediphlpsvc;Windows Media Center Scheduler Service ehSchediphlpsvc;c:\windows\system32\ahmbedk.exe srv --> c:\windows\system32\Ahmbedk.exe srv [?]
S2 WUSB54GSVC;WUSB54GSVC;c:\program files\wusb54g wireless-g adapter\WLService.exe [2009-8-8 41027]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-4-29 369920]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2009-8-11 15656]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-21 16896]

============== File Associations ===============

.txt=

=============== Created Last 30 ================

2010-05-16 21:41:31 0 dc----w- c:\program files\ESET
2010-05-16 20:59:15 0 dc----w- c:\programdata\Sun
2010-05-16 20:59:07 0 dc----w- c:\program files\Sun
2010-05-16 20:58:48 411368 -c--a-w- c:\windows\system32\deployJava1.dll
2010-05-14 19:02:39 0 dcsh--w- C:\$RECYCLE.BIN
2010-05-14 18:50:28 0 dc----w- C:\ComboFix
2010-05-14 14:54:54 872192 -c--a-w- c:\windows\system32\drivers\mod7700.sys
2010-05-14 14:54:54 112640 -c--a-w- c:\windows\system32\drivers\ewusbnet.sys
2010-05-14 14:54:54 103680 -c--a-w- c:\windows\system32\drivers\ewusbfake.sys
2010-05-14 14:54:54 102912 -c--a-w- c:\windows\system32\drivers\ewusbmdm.sys
2010-05-14 14:54:53 23424 -c--a-w- c:\windows\system32\drivers\ewdcsc.sys
2010-05-14 14:54:53 101120 -c--a-w- c:\windows\system32\drivers\ewusbdev.sys
2010-05-13 16:39:03 738816 -c--a-w- c:\windows\system32\inetcomm.dll
2010-05-12 18:23:09 0 dc----w- C:\ComboFix(1)
2010-05-12 16:33:31 98816 -c--a-w- c:\windows\sed.exe
2010-05-12 16:33:31 77312 -c--a-w- c:\windows\MBR.exe
2010-05-12 16:33:31 256512 -c--a-w- c:\windows\PEV.exe
2010-05-12 16:33:31 161792 -c--a-w- c:\windows\SWREG.exe
2010-05-10 12:09:00 93056 -c--a-w- C:\fwlcapod.sys
2010-05-10 11:57:13 176 -c--a-w- c:\users\lewis\defogger_reenable
2010-05-08 16:06:15 0 dc----w- C:\AdobeTemp
2010-05-04 15:04:44 0 dc----w- c:\users\lewis\appdata\roaming\Panda Security
2010-05-04 15:03:22 0 dc----w- c:\program files\Panda Security
2010-05-04 14:51:45 0 dc----w- c:\users\lewis\appdata\roaming\CheckPoint
2010-05-04 14:40:38 144 -c--a-w- c:\windows\system32\lkfl.dat
2010-05-04 14:40:35 0 dc----w- c:\program files\CheckPoint
2010-05-04 14:38:24 0 dc----w- c:\programdata\CheckPoint
2010-05-01 21:25:43 0 dc----w- c:\users\lewis\appdata\roaming\AVG9
2010-05-01 06:34:51 0 dc----w- C:\WTablet
2010-04-30 17:24:59 0 dc----w- c:\program files\Trend Micro
2010-04-30 16:36:53 0 dc----w- c:\programdata\SUPERAntiSpyware.com
2010-04-30 16:35:08 0 dc----w- c:\program files\SUPERAntiSpyware
2010-04-29 12:23:22 0 dc----w- c:\program files\iPod
2010-04-29 12:23:16 0 dc----w- c:\program files\iTunes
2010-04-29 09:52:05 0 dc----w- C:\$AVG
2010-04-29 09:51:47 12464 -c--a-w- c:\windows\system32\avgrsstx.dll
2010-04-29 09:51:46 216200 -c--a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-29 09:51:43 0 dc----w- c:\windows\system32\drivers\Avg
2010-04-29 09:51:40 0 dc----w- c:\programdata\AVG Security Toolbar
2010-04-29 09:50:34 25096 -c--a-w- c:\windows\system32\drivers\AVGIDSvx.sys
2010-04-29 09:50:33 52872 -c--a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-04-29 09:50:32 242896 -c--a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-29 09:50:13 24856 -c--a-w- c:\windows\system32\drivers\avgfwd6x.sys
2010-04-29 09:49:09 0 dc----w- c:\program files\AVG
2010-04-29 09:48:48 0 dc----w- c:\programdata\avg9
2010-04-29 08:42:42 0 dc----w- c:\programdata\Norton
2010-04-28 07:54:18 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-28 07:54:16 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys
2010-04-28 07:54:16 0 dc----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-27 20:03:04 1295 -c--a-w- c:\windows\lsrslt.ini
2010-04-27 19:34:45 0 dc----w- c:\users\lewis\appdata\roaming\881C5D5D406B957D4BF6DD90B42CCB8A

==================== Find3M ====================

2010-05-14 14:54:53 51200 ----a-w- c:\windows\inf\infpub.dat
2010-05-14 14:54:53 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-05-14 14:54:53 143360 ----a-w- c:\windows\inf\infstor.dat
2010-05-14 14:54:29 71259 -c--a-w- c:\windows\Huawei ModemsUninstall.exe
2010-05-12 19:23:50 116240 -c--a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-05-02 10:02:04 139924 -c-ha-w- c:\windows\system32\mlfcache.dat
2010-04-29 11:12:39 10848 -c--a-w- c:\users\lewis\appdata\roaming\wklnhst.dat
2010-04-08 12:20:02 91424 -c--a-w- c:\windows\system32\dnssd.dll
2010-04-08 12:20:02 107808 -c--a-w- c:\windows\system32\dns-sd.exe
2010-03-09 17:21:04 19652 -c--a-w- c:\windows\fonts\LongTime.ttf
2010-03-05 14:01:02 420352 -c--a-w- c:\windows\system32\vbscript.dll
2010-02-24 09:16:06 181632 -c----w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39:13 916480 -c--a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33:45 71680 -c--a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33:45 109056 -c--a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55:36 133632 -c--a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06:41 24064 -c--a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05:14 30720 -c--a-w- c:\windows\system32\httpapi.dll
2010-02-18 14:07:05 3600776 -c--a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-18 14:07:05 3548040 -c--a-w- c:\windows\system32\ntoskrnl.exe
2010-02-18 13:30:03 200704 -c--a-w- c:\windows\system32\iphlpsvc.dll
2010-02-18 11:17:04 588472 -c--a-w- c:\windows\system32\ezsvc7x.dll
2009-11-18 11:51:00 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 -c--a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 -c--a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 -c--a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 -c--a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 -c--a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 -c--a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 -c--a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 -c--a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-07-05 16:50:58 245760 -csha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-10-15 09:13:39 245760 -csha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2008-10-06 17:07:26 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 15:58:58.19 ===============
Westbound
Active Member
 
Posts: 13
Joined: May 4th, 2010, 12:39 pm

Re: HiJackThis Log

Unread postby melboy » May 17th, 2010, 2:52 pm

Your log now appears to be clean.

Your computer was infected with a ROOTKIT. In particular, the TDL3 rootkit, also known as Win32/Alureon. A rootkit is a set of software tools intended for concealing running processes, files or system data from the operating system.

Due to its rootkit functionality, it's impossible to tell what may have been done when the system was compromised.

Therefore it may be prudent to:

  1. Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts.
  2. Change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password)

What are rootkits from Wikipedia

How do I respond to a possible identity theft and how do I prevent it


==========================================================


This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are. If not please continue with the instructions below.



DeFogger Re-enable

To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.



Uninstall Combofix

We Need to Remove ComboFix
  1. Please go to Start (Vista Orb) -> Start Search
  2. Enter "ComboFix /uninstall" (without quotes). Note the space between "ComboFix" and "/uninstall", it needs to be there.
    Image
  3. Press OK (Or hit enter).
  4. Allow ComboFix to remove itself.



OTC by OldTimer

Download OTC by Old Timer and save it to your Desktop.

  • Right click on OTC.exe and select "Run as Administrator"
  • Click the CleanUp! button
  • Select Yes when the Begin cleanup Process? Prompt appears
  • If you are prompted to Reboot during the cleanup, select Yes
  • The tool will delete itself once it finishes, if not delete it by yourself


======================================================================


General Security and Computer Health
Below are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.


Enable UAC

While UAC in Vista is certainly annoying to some extent, it offers some protection for Windows. Here's an explanation.

  1. Click on Start > Control Panel.
  2. Double click on User Accounts.
  3. Under Make changes to your user account, click on Turn User Account Control on or off.
  4. Check (tick) this box: Use User Account Control (UAC) to help protect the computer.
  5. Click OK.

  • Make sure that you keep your antivirus updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
  • Security Updates for Windows, Internet Explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Manually check for Windows updates via Start (Vista Orb) > All Programs > Windows Update > In the left pane, click Check for updates, and then wait while Windows looks for the latest updates for your PC, or visit the Microsoft Update site on a regular basis.
    Note: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.
  • Update Non-Microsoft Programs
    Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.


    Recommended Programs

    I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis.

  • WinPatrol
    As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE.
  • Malwarebytes' Anti-Malware
    Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. As you already have Malwarebytes' Anti-Malware on board I would keep it regularly updated and run regular quick scans with it. (TIP: Cleaning out temp files can reduce scanning times.) You can find a tutorial HERE.
  • Hosts File
    For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE.
  • Firewall
    The Windows firewall in Vista can monitor incoming, AND outgoing traffic. This application from Sphinx-soft can help configure it to suit your needs. Alternatively use a 3rd party firewall from the suggestions below. Make sure your firewall is always enabled while your computer is connected to the internet.
    Note: You should only have one firewall installed at a time. Having more than one firewall installed at once is likely to cause conflicts and may well decrease your overall protection as well as seriously impairing the performance of your PC.
    Suggestions:
    Online Armor Free
    PcTools Firewall (Free)
    Outpost Firewall Free


Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date.

Also please read this great article by Tony Klein So How Did I Get Infected In First Place

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Happy surfing and stay clean!
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: HiJackThis Log

Unread postby Westbound » May 17th, 2010, 3:59 pm

Hey melboy, everything does seem to be running a lot smoother now, I’ve removed/uninstalled everything you have stated to do so, as well as following the pre-precautions and tips to staying safe online.

Thanks for all your help, hopefully with the information I now have, I won’t be back on this website anytime soon :) ha, thanks again.

Westbound
Westbound
Active Member
 
Posts: 13
Joined: May 4th, 2010, 12:39 pm

Re: HiJackThis Log

Unread postby melboy » May 17th, 2010, 4:08 pm

You're welcome.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: HiJackThis Log

Unread postby Gary R » May 17th, 2010, 5:30 pm

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21871
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 15 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware