Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

NEED HELP COMPUTER HAS VIRUSES HJT LOGS ENCLOSED

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

NEED HELP COMPUTER HAS VIRUSES HJT LOGS ENCLOSED

Unread postby georgiemitchell01 » September 14th, 2010, 9:01 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:58:57 AM, on 9/14/2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [isCfgWiz] "c:\Program Files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SYMCUW.exe" -G:{77CCBE0B-A541-49a9-883E-14F8337EC861} -T:Config -REBOOT
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\RunOnce: [PCDrProfiler] C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe -r
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O13 - Gopher Prefix:
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6696 bytes
georgiemitchell01
Active Member
 
Posts: 14
Joined: September 14th, 2010, 8:45 am
Advertisement
Register to Remove

Re: NEED HELP COMPUTER HAS VIRUSES HJT LOGS ENCLOSED

Unread postby deltalima » September 14th, 2010, 2:17 pm

Checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: NEED HELP COMPUTER HAS VIRUSES HJT LOGS ENCLOSED

Unread postby deltalima » September 14th, 2010, 2:29 pm

Hi georgiemitchell01,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your computer problems.

The logs can take some time to research, so please be patient with me.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Please note the following:
  • I will be working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Please Note:
The programs I ask you to run need to be run in Administrator Mode by... Right clicking the program file and selecting: Run as Administrator.
Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program.
When prompted, please select: Allow. Reference: User Account Control (UAC) and Running as Administrator

Uninstall List
  • Open HijackThis.
  • Look under System tools.
  • Click on the Open Uninstall Manager... button.
  • Click on the Save list... button.
  • It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  • Notepad will open. Please copy and paste the contents of this log in your next reply.

MGA Diagnostics
I need you to run a tool... that will aid in determining what additional steps we'll need to perform.
  • Please download this tool from Microsoft.
  • Right click on MGADiag.exe and select Run As Administrator to run it.
  • Click "Run" again...then Click "Continue".
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in. Save this file and post it in your next reply.

CKScanner
Please download CKScanner ... Save it to your desktop.
Make sure that CKScanner.exe is on the your desktop before running the application!
  1. Double-click on the CKScanner.exe icon... then click the Search For Files button.
  2. When the scan is finished (the cursor hourglass disappears) click the Save List To File button.
    A text file will be created on your desktop named "ckfiles.txt"
  3. Click OK at the file saved message box. Double-click on the ckfiles.txt icon on your desktop.
  4. Please copy/paste the contents of ckfiles.txt in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: NEED HELP COMPUTER HAS VIRUSES HJT LOGS ENCLOSED

Unread postby georgiemitchell01 » September 14th, 2010, 2:43 pm

Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.1.0
AppCore
ccCommon
Compatibility Pack for the 2007 Office system
Component Framework
CyberLink DVD Suite Deluxe
Hardware Diagnostic Tools
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
HP Customer Experience Enhancements
HP Customer Feedback
HP Easy Setup - Frontend
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart Essential 2.5
HP Total Care Advisor
HP Update
Intel(R) Graphics Media Accelerator Driver
Java(TM) SE Runtime Environment 6 Update 1
LabelPrint
LightScribe System Software 1.10.16.1
LightScribe Template Labeler
LiveUpdate (Symantec Corporation)
LiveUpdate (Symantec Corporation)
Microsoft Office Home and Student 60 day trial
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.6.8)
muvee autoProducer 6.1
My HP Games
Norton AntiVirus
Norton AntiVirus Help
Norton Confidential Core
Norton Internet Security
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton Protection Center
Power2Go
PowerDirector
Python 2.5
Realtek High Definition Audio Driver
Snapfish Picture Mover
Soft Data Fax Modem with SmartCP
SPBBC 32bit
Symantec Real Time Storage Protection Component
SymNet
WeatherBug Gadget
Yahoo! Toolbar
georgiemitchell01
Active Member
 
Posts: 14
Joined: September 14th, 2010, 8:45 am

Re: NEED HELP COMPUTER HAS VIRUSES HJT LOGS ENCLOSED

Unread postby georgiemitchell01 » September 14th, 2010, 2:48 pm

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-27HYQ-XTKW2-WQD8Q
Windows Product Key Hash: U8YEZzymoD4DMyaMb32rPrNIS90=
Windows Product ID: 89578-OEM-7332157-00061
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.0.6000.2.00010300.0.0.003
ID: {6FF95515-4D28-4FC4-B930-A4A9B5ECF054}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows Vista (TM) Home Premium
Architecture: 0x00000000
Build lab: 6000.vista_ldr.070627-1500
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{6FF95515-4D28-4FC4-B930-A4A9B5ECF054}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6000.2.00010300.0.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-WQD8Q</PKey><PID>89578-OEM-7332157-00061</PID><PIDType>2</PIDType><SID>S-1-5-21-4235805887-3601559779-3078765413</SID><SYSTEM><Manufacturer>Compaq-Presario</Manufacturer><Model>GX617AA-ABA SR5310F</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>5.18 </Version><SMBIOSVersion major="2" minor="4"/><Date>20071120000000.000000+000</Date></BIOS><HWID>78313507018400EA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-CPC</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.0.6000.16509
Name: Windows(TM) Vista, HomePremium edition
Description: Windows Operating System - Vista, OEM_SLP channel
Activation ID: bffdc375-bbd5-499d-8ef1-4f37b61c895f
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 89578-00146-321-500061-02-1033-6000.0000-2572010
Installation ID: 003120778676493876726762284220393714844444036432256592
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkId=57201
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkId=57203
Use License URL: http://go.microsoft.com/fwlink/?LinkId=57205
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkId=57204
Partial Product Key: WQD8Q
License Status: Licensed

Windows Activation Technologies-->
N/A

HWID Data-->
HWID Hash Current: NgAAAAEABAABAAEAAQACAAAAAgABAAEAnJ+OULhWwpdW+kjkqnZ2vRKP8vQURZNrjAesViqF

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20000
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC HPQOEM SLIC-CPC
FACP HPQOEM SLIC-CPC
HPET HPQOEM SLIC-CPC
MCFG HPQOEM SLIC-CPC
OEMB HPQOEM SLIC-CPC
SLIC HPQOEM SLIC-CPC
georgiemitchell01
Active Member
 
Posts: 14
Joined: September 14th, 2010, 8:45 am

Re: NEED HELP COMPUTER HAS VIRUSES HJT LOGS ENCLOSED

Unread postby georgiemitchell01 » September 14th, 2010, 2:56 pm

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11
----- EOF -----
georgiemitchell01
Active Member
 
Posts: 14
Joined: September 14th, 2010, 8:45 am

Re: NEED HELP COMPUTER HAS VIRUSES HJT LOGS ENCLOSED

Unread postby deltalima » September 14th, 2010, 3:05 pm

Hi georgiemitchell01,

Please describe the symptoms that lead you to believe that the computer has a virus.

Security Check
Please download Security Check ... by screen317. Save it to your desktop.
Alternate download site: Link 2
  1. Double click the SecurityCheck.exe icon to begin.
  2. Press the Space Bar when you see the "press any key to continue..." message.
    A Notepad results file will open automatically called checkup.txt
  3. Save "checkup.txt" to your desktop. (This output file is NOT automatically saved!)
  4. Please copy/paste the entire contents of the checkup.txt file into your next reply.

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Right click on OTL.exe and select Run as Administrator.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.
  • Right click the .exe file and select Run as Administrator.. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: NEED HELP COMPUTER HAS VIRUSES HJT LOGS ENCLOSED

Unread postby georgiemitchell01 » September 14th, 2010, 3:20 pm

Results of screen317's Security Check version 0.99.5
Windows Vista (UAC is enabled)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Norton AntiVirus
Norton AntiVirus Help
Norton Internet Security (Symantec Corporation)
Norton Internet Security
Antivirus out of date!
```````````````````````````````
Anti-malware/Other Utilities Check:

HijackThis 2.0.2
Java(TM) SE Runtime Environment 6 Update 1
Adobe Flash Player 10.1.82.76
Adobe Reader 8.1.0
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.8)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
Windows Defender MSASCui.exe
Windows Defender MSASCui.exe
````````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````
georgiemitchell01
Active Member
 
Posts: 14
Joined: September 14th, 2010, 8:45 am

Re: NEED HELP COMPUTER HAS VIRUSES HJT LOGS ENCLOSED

Unread postby georgiemitchell01 » September 14th, 2010, 3:30 pm

OTL logfile created on: 9/14/2010 3:23:29 PM - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\gg\Documents
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16546)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 374.00 Mb Available Physical Memory | 37.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 58.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.55 Gb Total Space | 206.44 Gb Free Space | 92.35% Space Free | Partition Type: NTFS
Drive D: | 9.33 Gb Total Space | 1.26 Gb Free Space | 13.47% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: gg-pc
Current User Name: gg
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\gg\Documents\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\WINDOWS\RtHDVCpl.exe (Realtek Semiconductor)
PRC - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe ()
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\gg\Documents\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (LiveUpdate Notice) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (CLTNetCnService) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (LiveUpdate) -- c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)
SRV - (Automatic LiveUpdate Scheduler) -- c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
SRV - (comHost) -- c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\WINDOWS\System32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (HSXHWBS2) -- C:\WINDOWS\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\System32\drivers\HSX_DP.sys (Conexant Systems, Inc.)
DRV - (igfx) -- C:\WINDOWS\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (ialm) -- C:\WINDOWS\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (SymEvent) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (XAudio) -- C:\WINDOWS\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20071010.023\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20071010.023\NAVENG.SYS (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (IDSvix86) -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20070823.002\IDSvix86.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SymIMMP) -- C:\WINDOWS\System32\drivers\SymIM.sys (Symantec Corporation)
DRV - (SymIM) -- C:\WINDOWS\System32\drivers\SymIM.sys (Symantec Corporation)
DRV - (CO_Mon) -- C:\WINDOWS\System32\drivers\CO_Mon.sys (Symantec Corporation)
DRV - (RTL8169) -- C:\WINDOWS\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (SRTSPL) -- C:\WINDOWS\System32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\System32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\WINDOWS\System32\drivers\srtspx.sys (Symantec Corporation)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\WINDOWS\System32\drivers\E1G60I32.sys (Intel Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4235805887-3601559779-3078765413-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKU\S-1-5-21-4235805887-3601559779-3078765413-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4235805887-3601559779-3078765413-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100127023632
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/14 08:10:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/14 08:09:58 | 000,000,000 | ---D | M]

[2010/09/14 08:10:34 | 000,000,000 | ---D | M] -- C:\Users\gg\AppData\Roaming\Mozilla\Extensions
[2010/09/14 08:10:34 | 000,000,000 | ---D | M] -- C:\Users\gg\AppData\Roaming\Mozilla\Firefox\Profiles\tv5483q9.default\extensions
[2010/09/14 08:09:59 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/14 08:09:59 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] File not found
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [isCfgWiz] c:\Program Files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SYMCUW.exe (Symantec Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4235805887-3601559779-3078765413-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [PCDrProfiler] C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe (PC-Doctor, Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-4235805887-3601559779-3078765413-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\aflowq.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\aflowq.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/26 20:38:42 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/14 15:21:39 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\gg\Documents\OTL.exe
[2010/09/14 14:47:26 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2010/09/14 14:38:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2010/09/14 08:56:56 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/09/14 08:19:03 | 000,000,000 | ---D | C] -- C:\Users\gg\AppData\Roaming\Adobe
[2010/09/14 08:10:15 | 000,000,000 | ---D | C] -- C:\Users\gg\AppData\Local\Mozilla
[2010/09/14 08:10:14 | 000,000,000 | ---D | C] -- C:\Users\gg\AppData\Roaming\Mozilla
[2010/09/14 08:09:55 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/09/14 08:07:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd
[2010/09/14 08:07:56 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2010/09/14 08:06:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\x64
[2010/09/14 08:04:51 | 000,000,000 | ---D | C] -- C:\Users\gg\AppData\Local\Hewlett-Packard
[2010/09/14 08:04:45 | 000,000,000 | ---D | C] -- C:\Users\gg\AppData\Roaming\Macromedia
[2010/09/14 08:04:15 | 000,000,000 | ---D | C] -- C:\Users\gg\AppData\Roaming\Symantec
[2010/09/14 08:03:09 | 000,000,000 | ---D | C] -- C:\Users\gg\AppData\Roaming\Snapfish
[2010/09/14 08:02:45 | 000,000,000 | R--D | C] -- C:\Users\gg\Searches
[2010/09/14 08:02:33 | 000,000,000 | ---D | C] -- C:\Users\gg\AppData\Roaming\Identities
[2010/09/14 08:02:26 | 000,000,000 | R--D | C] -- C:\Users\gg\Contacts
[2010/09/14 08:02:24 | 000,000,000 | ---D | C] -- C:\Users\gg\AppData\Local\VirtualStore
[2010/09/14 08:01:11 | 000,000,000 | ---D | C] -- C:\Users\gg\AppData\Roaming\Hewlett-Packard
[2010/09/14 07:58:25 | 000,000,000 | --SD | C] -- C:\Users\gg\AppData\Roaming\Microsoft
[2010/09/14 07:58:25 | 000,000,000 | R--D | C] -- C:\Users\gg\Videos
[2010/09/14 07:58:25 | 000,000,000 | R--D | C] -- C:\Users\gg\Saved Games
[2010/09/14 07:58:25 | 000,000,000 | R--D | C] -- C:\Users\gg\Pictures
[2010/09/14 07:58:25 | 000,000,000 | R--D | C] -- C:\Users\gg\Music
[2010/09/14 07:58:25 | 000,000,000 | R--D | C] -- C:\Users\gg\Links
[2010/09/14 07:58:25 | 000,000,000 | R--D | C] -- C:\Users\gg\Favorites
[2010/09/14 07:58:25 | 000,000,000 | R--D | C] -- C:\Users\gg\Downloads
[2010/09/14 07:58:25 | 000,000,000 | R--D | C] -- C:\Users\gg\Documents
[2010/09/14 07:58:25 | 000,000,000 | R--D | C] -- C:\Users\gg\Desktop
[2010/09/14 07:58:25 | 000,000,000 | -HSD | C] -- C:\Users\gg\AppData\Local\Temporary Internet Files
[2010/09/14 07:58:25 | 000,000,000 | -HSD | C] -- C:\Users\gg\Templates
[2010/09/14 07:58:25 | 000,000,000 | -HSD | C] -- C:\Users\gg\Start Menu
[2010/09/14 07:58:25 | 000,000,000 | -HSD | C] -- C:\Users\gg\SendTo
[2010/09/14 07:58:25 | 000,000,000 | -HSD | C] -- C:\Users\gg\Recent
[2010/09/14 07:58:25 | 000,000,000 | -HSD | C] -- C:\Users\gg\PrintHood
[2010/09/14 07:58:25 | 000,000,000 | -HSD | C] -- C:\Users\gg\NetHood
[2010/09/14 07:58:25 | 000,000,000 | -HSD | C] -- C:\Users\gg\Documents\My Videos
[2010/09/14 07:58:25 | 000,000,000 | -HSD | C] -- C:\Users\gg\Documents\My Pictures
[2010/09/14 07:58:25 | 000,000,000 | -HSD | C] -- C:\Users\gg\Documents\My Music
[2010/09/14 07:58:25 | 000,000,000 | -HSD | C] -- C:\Users\gg\My Documents
[2010/09/14 07:58:25 | 000,000,000 | -HSD | C] -- C:\Users\gg\Local Settings
[2010/09/14 07:58:25 | 000,000,000 | -HSD | C] -- C:\Users\gg\AppData\Local\History
[2010/09/14 07:58:25 | 000,000,000 | -HSD | C] -- C:\Users\gg\Cookies
[2010/09/14 07:58:25 | 000,000,000 | -HSD | C] -- C:\Users\gg\Application Data
[2010/09/14 07:58:25 | 000,000,000 | -HSD | C] -- C:\Users\gg\AppData\Local\Application Data
[2010/09/14 07:58:25 | 000,000,000 | -H-D | C] -- C:\Users\gg\AppData
[2010/09/14 07:58:25 | 000,000,000 | ---D | C] -- C:\Users\gg\AppData\Local\Temp
[2010/09/14 07:58:25 | 000,000,000 | ---D | C] -- C:\Users\gg\AppData\Local\Microsoft
[2010/09/14 07:58:25 | 000,000,000 | ---D | C] -- C:\Users\gg\AppData\Roaming\Media Center Programs
[2010/09/14 07:54:22 | 002,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2010/09/14 07:54:22 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2010/09/14 07:52:53 | 000,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2010/09/14 07:52:53 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2010/09/14 07:52:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\Templates
[2010/09/14 07:52:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\Start Menu
[2010/09/14 07:52:07 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Videos
[2010/09/14 07:52:07 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Pictures
[2010/09/14 07:52:07 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Music
[2010/09/14 07:52:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favorites
[2010/09/14 07:52:07 | 000,000,000 | -HSD | C] -- C:\Documents and Settings
[2010/09/14 07:52:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\Documents
[2010/09/14 07:52:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop
[2010/09/14 07:52:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\Application Data
[2010/09/14 07:42:39 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/09/14 07:40:32 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[11 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/14 15:22:54 | 000,786,432 | -HS- | M] () -- C:\Users\gg\NTUSER.DAT
[2010/09/14 15:22:10 | 000,000,522 | ---- | M] () -- C:\Users\gg\Desktop\OTL - Shortcut.lnk
[2010/09/14 15:20:54 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\gg\Documents\OTL.exe
[2010/09/14 15:20:18 | 000,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/14 15:20:18 | 000,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/14 15:19:58 | 000,000,546 | ---- | M] () -- C:\Users\gg\Desktop\checkup - Shortcut.lnk
[2010/09/14 15:16:45 | 000,000,562 | ---- | M] () -- C:\Users\gg\Desktop\SecurityCheck - Shortcut.lnk
[2010/09/14 14:52:49 | 000,000,542 | ---- | M] () -- C:\Users\gg\Desktop\CKScanner - Shortcut.lnk
[2010/09/14 14:52:38 | 000,000,566 | ---- | M] () -- C:\Users\gg\Application Data\Microsoft\Internet Explorer\Quick Launch\CKScanner - Shortcut.lnk
[2010/09/14 14:20:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/14 09:22:06 | 000,716,948 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/09/14 09:22:06 | 000,618,410 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/09/14 09:22:06 | 000,103,818 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/09/14 09:21:20 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\UMDF\Msft_User_WpdFs_01_00_00.Wdf
[2010/09/14 08:56:57 | 000,001,880 | ---- | M] () -- C:\Users\gg\Desktop\HijackThis.lnk
[2010/09/14 08:10:06 | 000,001,754 | ---- | M] () -- C:\Users\gg\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/14 08:10:06 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/09/14 08:04:31 | 000,000,949 | ---- | M] () -- C:\Users\gg\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/14 08:03:38 | 000,072,192 | ---- | M] () -- C:\Users\gg\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/09/14 08:02:15 | 000,000,044 | ---- | M] () -- C:\Windows\System\hpsysdrv.dat
[2010/09/14 08:00:00 | 000,001,715 | RHS- | M] () -- C:\Windows\System32\drivers\103C_HP_CPC_GX617AA-ABA SR5310F_YC_0Pres_QMXF808_E81NAv3PrA2_49_ILancaster8_SASUSTeK Computer INC._V1.04_B5.18_T071120_WUH0_L409_M1015_J250_7Intel_8Pentium Dual E2140_91.6_#090804_N10EC8136_Z14F12F20_G80862772.MRK
[2010/09/14 07:59:45 | 000,001,368 | ---- | M] () -- C:\Users\Public\Desktop\Snapfish Photos - First 25 Prints Free.lnk
[2010/09/14 07:59:07 | 000,001,857 | ---- | M] () -- C:\Users\Public\Desktop\Internet & Digital Services.lnk
[2010/09/14 07:58:26 | 000,000,020 | -HS- | M] () -- C:\Users\gg\ntuser.ini
[2010/09/14 07:58:25 | 000,524,288 | -HS- | M] () -- C:\Users\gg\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010/09/14 07:58:25 | 000,524,288 | -HS- | M] () -- C:\Users\gg\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/09/14 07:58:25 | 000,065,536 | -HS- | M] () -- C:\Users\gg\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/09/14 07:54:22 | 002,421,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2010/09/14 07:54:22 | 000,044,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2010/09/14 07:52:53 | 000,171,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2010/09/14 07:52:53 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2010/09/14 07:51:17 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/14 07:43:50 | 1064,689,664 | -HS- | M] () -- C:\hiberfil.sys
[11 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/14 15:22:10 | 000,000,522 | ---- | C] () -- C:\Users\gg\Desktop\OTL - Shortcut.lnk
[2010/09/14 15:19:58 | 000,000,546 | ---- | C] () -- C:\Users\gg\Desktop\checkup - Shortcut.lnk
[2010/09/14 15:16:45 | 000,000,562 | ---- | C] () -- C:\Users\gg\Desktop\SecurityCheck - Shortcut.lnk
[2010/09/14 14:52:49 | 000,000,542 | ---- | C] () -- C:\Users\gg\Desktop\CKScanner - Shortcut.lnk
[2010/09/14 14:52:38 | 000,000,566 | ---- | C] () -- C:\Users\gg\Application Data\Microsoft\Internet Explorer\Quick Launch\CKScanner - Shortcut.lnk
[2010/09/14 08:56:57 | 000,001,880 | ---- | C] () -- C:\Users\gg\Desktop\HijackThis.lnk
[2010/09/14 08:10:06 | 000,001,754 | ---- | C] () -- C:\Users\gg\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/14 08:10:06 | 000,001,730 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/09/14 08:04:31 | 000,000,949 | ---- | C] () -- C:\Users\gg\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/14 08:02:15 | 000,000,044 | ---- | C] () -- C:\Windows\System\hpsysdrv.dat
[2010/09/14 07:59:52 | 000,001,715 | RHS- | C] () -- C:\Windows\System32\drivers\103C_HP_CPC_GX617AA-ABA SR5310F_YC_0Pres_QMXF808_E81NAv3PrA2_49_ILancaster8_SASUSTeK Computer INC._V1.04_B5.18_T071120_WUH0_L409_M1015_J250_7Intel_8Pentium Dual E2140_91.6_#090804_N10EC8136_Z14F12F20_G80862772.MRK
[2010/09/14 07:59:45 | 000,001,368 | ---- | C] () -- C:\Users\Public\Desktop\Snapfish Photos - First 25 Prints Free.lnk
[2010/09/14 07:59:07 | 000,001,857 | ---- | C] () -- C:\Users\Public\Desktop\Internet & Digital Services.lnk
[2010/09/14 07:59:06 | 000,002,063 | ---- | C] () -- C:\Users\Public\Desktop\eBay.lnk
[2010/09/14 07:59:06 | 000,001,993 | ---- | C] () -- C:\Users\Public\Desktop\MSN.lnk
[2010/09/14 07:59:06 | 000,001,871 | ---- | C] () -- C:\Users\Public\Desktop\HP Total Care Advisor.lnk
[2010/09/14 07:58:26 | 000,000,020 | -HS- | C] () -- C:\Users\gg\ntuser.ini
[2010/09/14 07:58:25 | 000,786,432 | -HS- | C] () -- C:\Users\gg\NTUSER.DAT
[2010/09/14 07:58:25 | 000,524,288 | -HS- | C] () -- C:\Users\gg\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010/09/14 07:58:25 | 000,524,288 | -HS- | C] () -- C:\Users\gg\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/09/14 07:58:25 | 000,226,304 | -H-- | C] () -- C:\Users\gg\ntuser.dat.LOG1
[2010/09/14 07:58:25 | 000,065,536 | -HS- | C] () -- C:\Users\gg\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/09/14 07:58:25 | 000,000,258 | ---- | C] () -- C:\Users\gg\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/09/14 07:58:25 | 000,000,240 | ---- | C] () -- C:\Users\gg\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/09/14 07:58:25 | 000,000,000 | -H-- | C] () -- C:\Users\gg\ntuser.dat.LOG2
[2010/09/14 07:38:21 | 1064,689,664 | -HS- | C] () -- C:\hiberfil.sys
[2009/04/30 22:39:36 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2008/03/25 16:56:08 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1461.dll
[2007/11/26 20:28:58 | 000,000,342 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/11/26 20:24:02 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1332.dll
[2007/11/26 20:12:57 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2007/11/26 20:12:57 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
< End of report >
georgiemitchell01
Active Member
 
Posts: 14
Joined: September 14th, 2010, 8:45 am

Re: NEED HELP COMPUTER HAS VIRUSES HJT LOGS ENCLOSED

Unread postby georgiemitchell01 » September 14th, 2010, 3:31 pm

OTL Extras logfile created on: 9/14/2010 3:23:29 PM - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\gg\Documents
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16546)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 374.00 Mb Available Physical Memory | 37.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 58.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.55 Gb Total Space | 206.44 Gb Free Space | 92.35% Space Free | Partition Type: NTFS
Drive D: | 9.33 Gb Total Space | 1.26 Gb Free Space | 13.47% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: gg-pc
Current User Name: gg
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4235805887-3601559779-3078765413-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{33DE25A1-B7B5-44FB-9CD3-DE602B6B122B}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{3FF7C216-69CA-43CE-AE82-828E9182F580}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{4F26F8E9-0132-493D-88FB-7AF277741EB9}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{55AF6BB8-DE7F-471F-965A-E667D123FC47}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{7E01423F-B318-42AC-AF76-5D6ACF47C041}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{B6CE082B-03FC-4E50-9612-CE5B6D44495F}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{D1230E1D-30BB-4C76-9E3E-EF0BEB2AD386}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{029B5901-1F27-4347-9923-E8ACC8F54E15}" = Snapfish Picture Mover
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{3672B097-EA69-4BFE-B92F-29AE6D9D2B34}" = Norton Internet Security
"{3EBA6E7C-3DF6-48AE-B87B-4CAFB2C1C3F7}" = LightScribe Template Labeler
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core
"{62120008-8E1E-4807-860D-A8B48F8552DB}" = Norton Protection Center
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{AFAD41A9-9687-48A3-848F-693C11451433}" = HP Customer Experience Enhancements
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton AntiVirus Help
"{E6CFBFB5-9232-410C-B353-AF6E614B2681}" = LightScribe System Software 1.10.16.1
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{E8C2622C-9FF1-4F60-8008-A0208154F9F3}" = muvee autoProducer 6.1
"{e96b3d28-47d6-43cc-98fd-7069eeab6b11}" = HP Total Care Advisor
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"SymSetup.{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security (Symantec Corporation)
"WildTangent hp Master Uninstall" = My HP Games
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/14/2010 10:41:46 AM | Computer Name = LH-DTF7HYVT6DT6 | Source = WerSvc | ID = 5007
Description =

Error - 9/14/2010 10:51:57 AM | Computer Name = gg-pc | Source = WerSvc | ID = 5007
Description =

[ System Events ]
Error - 9/14/2010 11:02:40 AM | Computer Name = gg-pc | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 9/14/2010 11:02:40 AM | Computer Name = gg-pc | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 9/14/2010 11:02:40 AM | Computer Name = gg-pc | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 9/14/2010 11:02:40 AM | Computer Name = gg-pc | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 9/14/2010 11:02:40 AM | Computer Name = gg-pc | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 9/14/2010 11:02:40 AM | Computer Name = gg-pc | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 9/14/2010 11:02:40 AM | Computer Name = gg-pc | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 9/14/2010 11:02:40 AM | Computer Name = gg-pc | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 9/14/2010 11:02:40 AM | Computer Name = gg-pc | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 9/14/2010 11:02:40 AM | Computer Name = gg-pc | Source = Microsoft-Windows-Servicing | ID = 4375
Description =


< End of report >
georgiemitchell01
Active Member
 
Posts: 14
Joined: September 14th, 2010, 8:45 am

Re: NEED HELP COMPUTER HAS VIRUSES HJT LOGS ENCLOSED

Unread postby georgiemitchell01 » September 14th, 2010, 4:31 pm

everytime i try @ run the last scan it shuts the computer down. the GMER scan.
georgiemitchell01
Active Member
 
Posts: 14
Joined: September 14th, 2010, 8:45 am

Re: NEED HELP COMPUTER HAS VIRUSES HJT LOGS ENCLOSED

Unread postby deltalima » September 14th, 2010, 4:38 pm

Hi georgiemitchell01,

everytime i try @ run the last scan it shuts the computer down. the GMER scan.


OK, please run this alternative scan –

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of the report and paste it in a reply here.

Please describe the symptoms that lead you to believe that the computer has a virus.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: NEED HELP COMPUTER HAS VIRUSES HJT LOGS ENCLOSED

Unread postby georgiemitchell01 » September 14th, 2010, 5:01 pm

Just waiting on the rku scan to finish. i believe that the computer has a virus because my son downloaded a game or something yesterday and all of this stuff popped up and some "anti virus" scan started and wouldnt stop. when i tried to get out of that screen it shut my computer down and when i finally revived it, it wouldnt get online. that one screen kept popping up trying to scan. so i shut the computer down & reset the computer as if i just purchased it. that was the only way i could get online.
georgiemitchell01
Active Member
 
Posts: 14
Joined: September 14th, 2010, 8:45 am

Re: NEED HELP COMPUTER HAS VIRUSES HJT LOGS ENCLOSED

Unread postby deltalima » September 14th, 2010, 5:09 pm

Hi georgiemitchell01,

so i shut the computer down & reset the computer as if i just purchased it. that was the only way i could get online.


That will almost certainly have removed the infection, we will continue the checks to verify that all is clean and make sure everything is updated and secure.

Windows Vista needs to be updated to SP2 and IE to version 7 but we will do this once the computer is clean.

Norton AntiVirus is showing as out of date so we need to update Norton or remove it and install one of the free Antivirus programs.

If you choose to remove Norton then please use Add / Remove to uninstall all Norton products and then

Norton Removal Tool

Please go to the Norton Removal Tool main page Here
  • Under Choose your product: click on the I have Norton >> << link.
  • Please Download and run the Norton Removal Tool then Reboot your computer.

Install Free anti-virus

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors.


Note: You should run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and results in program conflicts and false virus alerts.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: NEED HELP COMPUTER HAS VIRUSES HJT LOGS ENCLOSED

Unread postby georgiemitchell01 » September 14th, 2010, 5:45 pm

I've uninstalled the Norton security system & have downloaded avast.
georgiemitchell01
Active Member
 
Posts: 14
Joined: September 14th, 2010, 8:45 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 37 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware