Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

HiJackThis Log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

HiJackThis Log

Unread postby Vittorio666 » February 11th, 2011, 12:48 am

Ok, So i did some reading and I am very sorry for the stupidity.

My problem is mouse delay(2-3 sec to move my mouse from point a to b). I did a system restore with my factory disc after finding malware and virus's. and i would like to know if anything is wrong with my computer.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:41:30 PM, on 2/10/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19019)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Users\Vittorio\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\Vittorio\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Users\Vittorio\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Vittorio\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Vittorio\Desktop\HiJackThis\HiJackThis.exe
C:\Program Files\Hewlett-Packard\SDP\RemEngine.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Vittorio\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Unknown owner - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Trend Micro RUBotted Service (RUBotSrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: stllssvr - Unknown owner - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 5026 bytes

Start up list:

Adobe Flash Player 9 ActiveX
Adobe Reader 8
DVD Play
Hardware Diagnostic Tools
Heroes of Newerth
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Experience Enhancements
HP Customer Feedback
HP Easy Setup - Frontend
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart Essential 2.0
HP Total Care Advisor
HP Update
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.0
My HP Games
NVIDIA Drivers
Python 2.4.3
RealPlayer
Realtek High Definition Audio Driver
Rhapsody
Rhapsody Player Engine
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Soft Data Fax Modem with SmartCP
Trend Micro AntiVirus
Trend Micro AntiVirus
Trend Micro RUBotted 2.0 Beta
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
WinPcap 4.1.1


Thanks for the help in advance
Vittorio666
Active Member
 
Posts: 9
Joined: February 9th, 2011, 1:01 am
Advertisement
Register to Remove

Re: HiJackThis Log

Unread postby MWR 3 day Mod » February 15th, 2011, 5:43 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: HiJackThis Log

Unread postby Cypher » February 16th, 2011, 8:13 am

Hi.
Checking your logs now be right back.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: HiJackThis Log

Unread postby Cypher » February 16th, 2011, 8:22 am

Hi and welcome to Malware Removal Forum, sorry for the delay in answering your request for help the forum is really busy.
My name is Cypher, and I will be helping you with your malware problems.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • The instructions being given are for YOUR computer and system only!.
    Using these instructions on a different computer, can damage that computer and possibly make it inoperable!
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Absence of symptoms does not mean that everything is clear.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
Backup Made Easy - XP
Backup your data - Vista
Backup your data - windows 7


Vista Advice:
  • All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.
  • Your Operating System in use comes with a inbuilt utility called User Access Control(UAC).
  • When prompted by this with anything I ask you to do carry out please select the option Allow.


Please download Malwarebytes' Anti-Malware and save to your desktop.

  • Right-click mbam-setup.exe And select " Run as administrator " then follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:
    Update Malwarebytes' Anti-Malware
    Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Next.

Download DDS

Please download DDS by sUBs from one of the links below and save it to your desktop.

Link1
Link2

Please disable any anti-malware program that will block scripts from running before running DDS.

  • Right-Click on dds.scr And select " Run as administrator "... and a command window will appear. This is normal.
  • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply


Logs/Information to Post in your Next Reply

  • Malwarebytes log.
  • DDS.txt and Attach.txt logs.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: HiJackThis Log

Unread postby Vittorio666 » February 18th, 2011, 2:29 am

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5743

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

2/17/2011 10:25:26 PM
mbam-log-2011-02-17 (22-25-26).txt

Scan type: Quick scan
Objects scanned: 148319
Time elapsed: 4 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



DDS (Ver_10-12-12.02) - NTFSx86
Run by Vittorio at 22:26:30.92 on Thu 02/17/2011
Internet Explorer: 8.0.6001.19019
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1022.223 [GMT -8:00]

AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Users\Vittorio\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\Vittorio\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Users\Vittorio\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Vittorio\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Vittorio\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
uRun: [Google Update] "c:\users\vittorio\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Trend Micro RUBotted V2.0 Beta] c:\program files\trend micro\rubotted\RUBottedGUI.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-2-10 294608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-2-10 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-2-10 51280]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-2-10 40384]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2011-2-6 21504]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
R2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\RUBotSrv.exe [2011-2-6 439632]
R3 HPKBCCID;HP Keyboard Smart Card Driver;c:\windows\system32\drivers\HPKBCCID.sys [2006-11-7 46976]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [2010-11-25 541800]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2011-02-18 06:26:08 -------- d-----w- c:\progra~2\Trend Micro
2011-02-12 02:44:42 475648 ----a-w- c:\windows\system32\MyDefragScreenSaver_v4.3.1.scr
2011-02-12 02:44:42 1061888 ----a-w- c:\windows\system32\MyDefragScreenSaver_v4.3.1.exe
2011-02-12 02:44:42 -------- d-----w- c:\program files\MyDefrag v4.3.1
2011-02-12 02:25:01 -------- d-----w- c:\program files\CCleaner
2011-02-11 23:30:01 -------- d-----w- c:\users\vittorio\appdata\roaming\Malwarebytes
2011-02-11 23:29:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-11 23:29:54 -------- d-----w- c:\progra~2\Malwarebytes
2011-02-11 23:29:51 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-11 23:29:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-11 09:32:20 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{8f4386ca-1e33-4278-ac78-8bf6185b3a6a}\mpengine.dll
2011-02-11 06:15:10 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-02-11 06:14:53 38848 ----a-w- c:\windows\avastSS.scr
2011-02-11 06:13:52 -------- d-----w- c:\users\vittorio\appdata\local\Trend Micro
2011-02-11 05:29:58 -------- d-----w- c:\users\vittorio\appdata\local\PowerCinema
2011-02-09 05:42:15 388096 ----a-r- c:\users\vittorio\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-02-09 04:39:05 -------- d-----w- c:\program files\Windows Portable Devices
2011-02-09 04:18:14 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2011-02-09 04:18:14 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-02-09 04:18:13 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2011-02-09 04:17:33 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2011-02-09 04:17:31 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2011-02-09 04:17:31 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2011-02-09 04:17:31 252928 ----a-w- c:\windows\system32\dxdiag.exe
2011-02-09 04:17:31 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2011-02-09 04:17:31 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2011-02-09 04:17:30 519680 ----a-w- c:\windows\system32\d3d11.dll
2011-02-09 04:15:51 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-02-09 04:15:51 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-02-09 04:15:51 234496 ----a-w- c:\windows\system32\oleacc.dll
2011-02-09 03:34:50 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-02-09 03:34:09 3602320 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-02-09 03:34:09 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-02-09 03:34:09 1205080 ----a-w- c:\windows\system32\ntdll.dll
2011-02-09 03:33:06 2039808 ----a-w- c:\windows\system32\win32k.sys
2011-02-09 03:31:45 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 03:31:44 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-08 00:09:59 420352 ----a-w- c:\windows\system32\vbscript.dll
2011-02-07 23:41:25 -------- d-----w- c:\windows\system32\eu-ES
2011-02-07 23:41:25 -------- d-----w- c:\windows\system32\ca-ES
2011-02-07 23:41:24 -------- d-----w- c:\windows\system32\vi-VN
2011-02-07 23:18:46 -------- d-----w- c:\windows\system32\EventProviders
2011-02-07 23:16:59 950784 ----a-w- c:\windows\system32\gpedit.dll
2011-02-07 23:15:59 33280 ----a-w- c:\windows\system32\mssprxy.dll
2011-02-07 23:14:56 247808 ----a-w- c:\windows\system32\drvstore.dll
2011-02-06 21:22:19 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2011-02-06 21:22:19 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2011-02-06 21:22:18 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2011-02-06 21:22:16 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2011-02-06 21:20:20 -------- d-----w- c:\program files\Heroes of Newerth
2011-02-06 20:11:54 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2011-02-06 20:00:16 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-02-06 20:00:16 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-02-06 20:00:16 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-02-06 20:00:16 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-02-06 20:00:16 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-02-06 19:57:01 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
2011-02-06 13:54:32 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2011-02-06 13:54:32 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2011-02-06 13:54:13 274944 ----a-w- c:\windows\system32\schannel.dll
2011-02-06 13:54:09 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-06 13:54:09 17920 ----a-w- c:\windows\system32\netevent.dll
2011-02-06 13:54:09 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-02-06 13:54:09 125952 ----a-w- c:\windows\system32\srvsvc.dll
2011-02-06 13:54:09 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-02-06 13:53:50 954752 ----a-w- c:\windows\system32\mfc40.dll
2011-02-06 13:53:50 954288 ----a-w- c:\windows\system32\mfc40u.dll
2011-02-06 13:53:48 66048 ----a-w- c:\program files\windows mail\wabmig.exe
2011-02-06 13:53:48 515584 ----a-w- c:\program files\windows mail\wab.exe
2011-02-06 13:53:48 33280 ----a-w- c:\program files\windows mail\wabfind.dll
2011-02-06 13:53:47 502272 ----a-w- c:\windows\system32\usp10.dll
2011-02-06 13:53:45 413696 ----a-w- c:\windows\system32\odbc32.dll
2011-02-06 13:53:44 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2011-02-06 13:53:44 57344 ----a-w- c:\program files\common files\system\msadc\msadcs.dll
2011-02-06 13:53:44 253952 ----a-w- c:\program files\common files\system\ado\msadox.dll
2011-02-06 13:53:44 241664 ----a-w- c:\program files\common files\system\ado\msadomd.dll
2011-02-06 13:53:44 180224 ----a-w- c:\program files\common files\system\msadc\msadco.dll
2011-02-06 13:52:59 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-02-06 13:52:59 1696256 ----a-w- c:\windows\system32\gameux.dll
2011-02-06 13:52:58 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-02-06 13:52:54 10926592 ----a-w- c:\program files\movie maker\MOVIEMK.dll
2011-02-06 13:52:53 150016 ----a-w- c:\program files\movie maker\MOVIEMK.exe
2011-02-06 13:51:47 1316864 ----a-w- c:\windows\system32\ole32.dll
2011-02-06 13:51:46 339968 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
2011-02-06 13:51:28 157184 ----a-w- c:\windows\system32\t2embed.dll
2011-02-06 13:51:24 2048 ----a-w- c:\windows\system32\tzres.dll
2011-02-06 12:53:32 -------- d-----w- C:\PerfLogs
2011-02-06 12:20:56 604160 ----a-w- c:\windows\system32\sqlceqp30.dll
2011-02-06 12:19:59 523776 ----a-w- c:\windows\system32\clbcatq.dll
2011-02-06 12:18:59 77824 ----a-w- c:\windows\system32\odbccr32.dll
2011-02-06 12:17:53 102400 ----a-w- c:\windows\system32\wbem\mofinstall.dll
2011-02-06 12:17:52 357888 ----a-w- c:\windows\system32\wbemcomn.dll
2011-02-06 12:17:46 139264 ----a-w- c:\windows\system32\SmiInstaller.dll
2011-02-06 12:17:46 129536 ----a-w- c:\windows\system32\sqmapi.dll
2011-02-06 12:17:21 35328 ----a-w- c:\windows\system32\mspatcha.dll
2011-02-06 12:17:21 305152 ----a-w- c:\windows\system32\msdelta.dll
2011-02-06 12:17:21 258560 ----a-w- c:\windows\system32\dpx.dll
2011-02-06 11:35:49 4984 ----a-w- c:\windows\system32\drivers\nvphy.bin
2011-02-06 11:35:49 446464 ----a-w- c:\windows\system32\nvuninst.exe
2011-02-06 11:35:35 0 ----a-w- c:\windows\ativpsrm.bin
2011-02-06 10:36:37 377344 ----a-w- c:\windows\system32\winhttp.dll
2011-02-06 10:34:19 411648 ----a-w- c:\windows\system32\drivers\http.sys
2011-02-06 10:34:19 30720 ----a-w- c:\windows\system32\httpapi.dll
2011-02-06 10:34:19 24064 ----a-w- c:\windows\system32\nshhttp.dll
2011-02-06 09:10:18 -------- d-----w- c:\windows\system32\Service
2011-02-06 08:42:50 -------- d-----w- c:\program files\WinPcap
2011-02-06 08:42:28 -------- d-----w- c:\program files\Trend Micro
2011-02-06 08:13:37 23552 ----a-w- c:\windows\system32\lpk.dll
2011-02-06 08:13:37 10240 ----a-w- c:\windows\system32\dciman32.dll
2011-02-06 07:35:21 61440 ----a-w- c:\windows\system32\winipsec.dll
2011-02-06 07:35:20 272896 ----a-w- c:\windows\system32\polstore.dll
2011-02-06 07:27:25 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2011-02-06 07:27:25 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2011-02-06 07:27:25 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2011-02-06 07:27:25 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2011-02-06 07:27:25 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2011-02-06 07:27:25 105984 ----a-w- c:\windows\system32\netiohlp.dll
2011-02-06 07:27:25 10240 ----a-w- c:\windows\system32\finger.exe
2011-02-06 07:27:24 19968 ----a-w- c:\windows\system32\ARP.EXE
2011-02-06 07:22:35 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2011-02-06 07:22:34 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2011-02-06 07:22:34 65024 ----a-w- c:\windows\system32\wlanapi.dll
2011-02-06 07:22:34 513536 ----a-w- c:\windows\system32\wlansvc.dll
2011-02-06 07:22:34 302592 ----a-w- c:\windows\system32\wlansec.dll
2011-02-06 07:22:34 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2011-02-06 07:22:31 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2011-02-06 07:20:58 1401856 ----a-w- c:\windows\system32\msxml6.dll
2011-02-06 07:20:57 2048 ----a-w- c:\windows\system32\msxml3r.dll
2011-02-06 07:20:56 2048 ----a-w- c:\windows\system32\msxml6r.dll
2011-02-06 07:19:24 218624 ----a-w- c:\windows\system32\msv1_0.dll
2011-02-06 07:17:53 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-02-06 07:17:53 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-02-06 07:17:53 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-06 07:14:58 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2011-02-06 07:14:58 24576 ----a-w- c:\windows\system32\mfpmp.exe
2011-02-06 07:14:58 2048 ----a-w- c:\windows\system32\mferror.dll
2011-02-06 07:06:00 71680 ----a-w- c:\windows\system32\atl.dll
2011-02-06 06:56:52 160256 ----a-w- c:\windows\system32\wkssvc.dll
2011-02-06 06:55:28 53248 ----a-w- c:\windows\system32\tsgqec.dll
2011-02-06 06:55:28 2066432 ----a-w- c:\windows\system32\mstscax.dll
2011-02-06 06:55:28 136192 ----a-w- c:\windows\system32\aaclient.dll
2011-02-06 06:51:23 714240 ----a-w- c:\windows\system32\timedate.cpl
2011-02-06 06:46:05 23040 ----a-w- c:\program files\movie maker\WMM2EXT.dll
2011-02-06 06:46:05 195072 ----a-w- c:\program files\movie maker\WMM2AE.dll
2011-02-06 06:39:52 623616 ----a-w- c:\windows\system32\localspl.dll
2011-02-06 06:35:10 172032 ----a-w- c:\windows\system32\wintrust.dll
2011-02-06 06:33:55 499712 ----a-w- c:\windows\system32\kerberos.dll
2011-02-06 06:33:55 175104 ----a-w- c:\windows\system32\wdigest.dll
2011-02-06 06:33:54 9728 ----a-w- c:\windows\system32\lsass.exe
2011-02-06 06:33:54 72704 ----a-w- c:\windows\system32\secur32.dll
2011-02-06 06:33:54 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2011-02-06 06:33:54 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2011-02-06 06:26:36 6656 ----a-w- c:\windows\system32\kbd106n.dll
2011-02-06 06:23:28 62464 ----a-w- c:\windows\system32\l3codeca.acm
2011-02-06 06:23:28 220672 ----a-w- c:\windows\system32\l3codecp.acm
2011-02-06 06:21:11 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2011-02-06 06:21:11 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2011-02-06 06:21:10 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2011-02-06 06:21:10 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2011-02-06 06:13:19 98304 ----a-w- c:\windows\system32\cabview.dll
2011-02-06 06:10:18 37888 ----a-w- c:\windows\system32\printcom.dll
2011-02-06 06:07:21 14848 ----a-w- c:\windows\system32\wshrm.dll
2011-02-06 06:06:14 43520 ----a-w- c:\windows\system32\msdxm.tlb
2011-02-06 06:06:14 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2011-02-06 06:06:14 18432 ----a-w- c:\windows\system32\amcompat.tlb
2011-02-06 06:06:13 7680 ----a-w- c:\windows\system32\spwmp.dll
2011-02-06 06:06:12 4096 ----a-w- c:\windows\system32\msdxm.ocx
2011-02-06 06:06:12 4096 ----a-w- c:\windows\system32\dxmasf.dll
2011-02-06 06:06:12 107520 ----a-w- c:\program files\windows media player\wmpshare.exe
2011-02-06 06:06:11 107520 ----a-w- c:\program files\windows media player\wmpconfig.exe
2011-02-06 06:04:59 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2011-02-06 06:04:59 332288 ----a-w- c:\windows\system32\msdrm.dll
2011-02-06 06:04:59 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2011-02-06 06:04:58 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2011-02-06 06:04:58 518144 ----a-w- c:\windows\system32\RMActivate.exe
2011-02-06 06:04:58 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2011-02-06 06:04:58 471552 ----a-w- c:\windows\system32\secproc.dll
2011-02-06 06:04:58 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2011-02-06 06:04:58 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2011-02-06 06:02:43 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-02-06 06:02:39 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-02-06 05:21:13 84480 ----a-w- c:\windows\system32\INETRES.dll
2011-02-06 05:20:55 60928 ----a-w- c:\windows\system32\msasn1.dll
2011-02-06 05:20:09 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2011-02-06 05:18:30 243712 ----a-w- c:\windows\system32\rastls.dll
2011-02-06 05:18:12 355328 ----a-w- c:\windows\system32\WSDApi.dll
2011-02-06 05:17:40 -------- d-----w- c:\program files\MSXML 4.0
2011-02-06 02:38:36 -------- d-----w- c:\users\vittorio\appdata\local\Seven Zip
2011-02-06 01:44:06 -------- d-----w- c:\progra~2\Alwil Software
2011-02-06 01:25:35 -------- d-----w- c:\users\vittorio\appdata\local\Google
2011-02-06 01:25:20 -------- d-----w- c:\users\vittorio\appdata\local\Apps
2011-02-06 01:25:19 -------- d-----w- c:\users\vittorio\appdata\local\Deployment
2011-02-06 01:12:46 2421760 ----a-w- c:\windows\system32\wucltux.dll
2011-02-06 01:12:14 87552 ----a-w- c:\windows\system32\wudriver.dll
2011-02-06 01:11:41 171608 ----a-w- c:\windows\system32\wuwebv.dll
2011-02-06 01:11:40 33792 ----a-w- c:\windows\system32\wuapp.exe
2011-02-06 01:04:54 -------- d-----w- c:\progra~2\Cisco Systems
2011-02-06 00:44:37 -------- d-----w- c:\users\vittorio\appdata\local\Hewlett-Packard
2011-02-06 00:42:23 -------- d-----w- c:\users\vittorio\appdata\local\VirtualStore
2011-02-06 00:34:59 -------- d-----w- c:\users\vittorio\appdata\local\Temp
2011-02-06 00:34:59 -------- d-----w- c:\users\vittorio\appdata\local\Microsoft
2011-02-05 14:14:22 -------- d-----w- c:\windows\SMINST
2011-02-05 14:06:41 -------- d-----w- c:\progra~2\Symantec
2011-02-05 14:01:30 753664 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iKernel.dll
2011-02-05 14:01:30 69714 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\ctor.dll
2011-02-05 14:01:30 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe
2011-02-05 14:01:30 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscript.dll
2011-02-05 14:01:30 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iGdi.dll
2011-02-05 14:01:30 184320 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iuser.dll
2011-02-05 14:01:29 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll
2011-02-05 14:00:51 -------- d-----w- c:\progra~2\PC-Doctor
2011-02-05 14:00:20 -------- d-----w- c:\program files\PC-Doctor 5 for Windows
2011-02-05 13:56:58 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
2011-02-05 13:56:58 32592 ----a-w- c:\windows\system32\msonpmon.dll
2011-02-05 13:56:03 -------- d-----w- c:\windows\PCHEALTH
2011-02-05 13:55:08 -------- d-----w- c:\windows\SHELLNEW
2011-02-05 13:47:05 -------- d-----w- c:\program files\common files\xing shared
2011-02-05 13:46:58 -------- d-----w- c:\program files\common files\Real
2011-02-05 13:46:09 569397 ----a-w- c:\program files\internet explorer\plugins\richfx\player\nprfxins.dll
2011-02-05 13:45:31 -------- d---a-w- c:\program files\common files\LS Getting Started
2011-02-05 13:45:10 44544 ----a-w- c:\windows\system32\msxml4a.dll
2011-02-05 13:42:57 -------- d-----w- c:\program files\common files\PX Storage Engine
2011-02-05 13:34:16 -------- d-----w- c:\program files\common files\HP
2011-02-05 13:34:15 -------- d-----w- c:\program files\HP
2011-02-05 13:27:15 -------- d-----w- c:\program files\HP Games
2011-02-05 13:27:15 -------- d-----w- c:\progra~2\WildTangent
2011-02-05 13:18:56 4390912 ----a-w- c:\windows\RtHDVCpl.exe
2011-02-05 13:18:56 339968 ----a-w- c:\windows\system32\SRSTSXT.dll
2011-02-05 13:18:56 1191936 ----a-w- c:\windows\RtlUpd.exe
2011-02-05 13:12:48 8704 ----a-w- c:\windows\system32\hccoin.dll
2011-02-05 13:11:53 61440 ------w- c:\windows\system32\OsdRemove.exe
2011-02-05 13:11:23 253952 ----a-w- c:\windows\system32\cPC_DMIRD.dll
2011-02-05 13:09:30 327680 ----a-w- c:\windows\system32\pythoncom24.dll
2011-02-05 13:09:30 102400 ----a-w- c:\windows\system32\pywintypes24.dll
2011-02-05 13:09:09 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-02-05 13:09:09 1060864 ----a-w- c:\windows\system32\mfc71.dll
2011-02-05 13:08:47 -------- d-sh--w- c:\windows\Installer
2011-02-05 13:01:25 -------- d-----w- c:\program files\CONEXANT
2011-02-05 12:56:58 -------- d--h--w- C:\hp
2011-02-05 12:56:50 94208 ----a-w- c:\windows\system32\mdmxsdk.dll
2011-02-05 12:56:50 172032 ----a-w- c:\windows\system32\UCI32m15.dll
2011-02-05 12:56:50 12672 ----a-w- c:\windows\system32\drivers\mdmxsdk.sys
2011-02-05 12:56:30 -------- d-----w- c:\windows\system32\OEM
2011-02-05 12:56:30 -------- d-----w- c:\windows\Panther
2011-02-05 12:56:14 -------- d-sh--w- C:\Boot

==================== Find3M ====================

2011-02-06 12:32:56 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2011-02-06 12:32:54 82432 ----a-w- c:\windows\system32\axaltocm.dll
2011-02-06 05:22:26 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2011-02-06 05:16:57 91136 ----a-w- c:\windows\system32\avifil32.dll
2011-02-06 05:16:57 82944 ----a-w- c:\windows\system32\mciavi32.dll
2011-02-06 05:16:57 65024 ----a-w- c:\windows\system32\avicap32.dll
2011-02-06 05:16:57 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2011-02-06 05:16:57 31744 ----a-w- c:\windows\system32\msvidc32.dll
2011-02-06 05:16:57 22528 ----a-w- c:\windows\system32\msyuv.dll
2011-02-06 05:16:57 13312 ----a-w- c:\windows\system32\msrle32.dll
2011-02-06 05:16:57 1314816 ----a-w- c:\windows\system32\quartz.dll
2011-02-06 05:16:57 123904 ----a-w- c:\windows\system32\msvfw32.dll
2011-02-06 05:16:57 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2011-02-06 05:16:30 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2011-02-06 05:16:03 310784 ----a-w- c:\windows\system32\unregmp2.exe
2011-02-05 13:19:26 319456 ----a-w- c:\windows\DIFxAPI.dll
2011-02-05 13:19:23 315392 ----a-w- c:\windows\HideWin.exe
2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24:32 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:44:05 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 13:44:03 797184 ----a-w- c:\windows\system32\FntCache.dll
2010-12-18 06:27:04 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-18 06:22:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 06:22:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-18 06:22:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-12-18 06:22:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-12-18 05:25:26 385024 ----a-w- c:\windows\system32\html.iec
2010-12-18 04:48:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-12-18 04:47:11 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-12-14 14:49:23 1169408 ----a-w- c:\windows\system32\sdclt.exe

============= FINISH: 22:27:05.65 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume1
Install Date: 2/5/2011 5:04:57 AM
System Uptime: 2/17/2011 10:14:53 PM (0 hours ago)

Motherboard: ASUSTek Computer INC. | | IVY
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3600+ | Socket AM2 | 1900/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 141 GiB total, 99.293 GiB free.
D: is FIXED (NTFS) - 8 GiB total, 0.998 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP38: 2/10/2011 10:14:39 PM - avast! Free Antivirus Setup
RP39: 2/11/2011 1:31:36 AM - Windows Update
RP40: 2/12/2011 2:05:33 PM - Scheduled Checkpoint
RP41: 2/14/2011 7:18:22 PM - Scheduled Checkpoint
RP42: 2/15/2011 6:29:06 PM - Scheduled Checkpoint
RP43: 2/16/2011 10:56:20 PM - Scheduled Checkpoint

==== Installed Programs ======================

Adobe Flash Player 9 ActiveX
Adobe Reader 8
avast! Free Antivirus
CCleaner
Google Chrome
Hardware Diagnostic Tools
Heroes of Newerth
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Experience Enhancements
HP Customer Feedback
HP Easy Setup - Frontend
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart Essential 2.0
HP Photosmart Essential2.5
HP Total Care Advisor
HP Update
LightScribe 1.4.142.1
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My HP Games
MyDefrag v4.3.1
NVIDIA Drivers
PSSWCORE
Python 2.4.3
RealPlayer
Realtek High Definition Audio Driver
Rhapsody Player Engine
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Soft Data Fax Modem with SmartCP
Trend Micro RUBotted 2.0 Beta
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
WinPcap 4.1.1

==== Event Viewer Messages From Past Week ========

2/17/2011 10:16:59 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/17/2011 10:15:13 PM, Error: atikmdag [45062] - CRT invalid display type

==== End Of File ===========================
Vittorio666
Active Member
 
Posts: 9
Joined: February 9th, 2011, 1:01 am

Re: HiJackThis Log

Unread postby Cypher » February 18th, 2011, 11:48 am

Hi Vittorio666.
I need you to run another scan for me.

Update Adobe Reader

  • You should Download and Install the newest version of Adobe Reader for reading pdf files.
  • Older versions may have vulnerabilities that malware can use to infect your system.
  • Go Here to download and install Adobe Reader X (10.0.1).
    Note: Uncheck Free McAfee® Security Scan Plus (optional)

Next.

Java SE Runtime Environment (JRE).

Please download from HERE
  • Find Java SE Runtime Environment (JRE) 6 Update 24.
  • Click the Download JRE button to the right.
  • Choose the correct Platform and Multi-language. Next, check the box that says I agree to the Java SE Runtime Environment 6 License Agreement.
  • Click the Continue button.
  • Click on the filename under Windows Offline Installation and save it to your desktop.
  • Close all active windows.
  • Install the program.

Next.

Please download ATF Cleaner to your desktop.

  • Right-click ATF-Cleaner.exe And select " Run as administrator " to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Next.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Hold down Control then click on the following link to open a new window to ESET online scannner
  • Then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


Logs/Information to Post in your Next Reply

  • ESET log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: HiJackThis Log

Unread postby Vittorio666 » February 21st, 2011, 12:29 am

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=af7be0f54aabab48bf85b108d93518a8
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-02-21 04:26:37
# local_time=2011-02-20 08:26:37 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776574 100 100 0 134864603 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=129553
# found=0
# cleaned=0
# scan_time=5365
Vittorio666
Active Member
 
Posts: 9
Joined: February 9th, 2011, 1:01 am

Re: HiJackThis Log

Unread postby Cypher » February 21st, 2011, 5:17 am

Hi Vittorio666.
your latest set of logs appear to be clean!
This is my general post for when your logs show no more signs of malware.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

OTC

Download OTC by Old Timer and save it to your Desktop. This tool will remove all the tools we used to clean your pc.

  • Right-click OTC.exe And select " Run as administrator " to run it.
  • Click the CleanUp! button
  • Select Yes when the Begin cleanup Process? Prompt appears
  • If you are prompted to Reboot during the cleanup, select Yes
  • The tool will delete itself once it finishes, if not delete it by yourself

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

You can now delete any tools we used if they remain on your Desktop.

Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.

Here are some free programs I recommend that could help you improve your computer's security.

I recommend you keep Malwarebytes' Anti-Malware, keep it updated and run it once a week.
I also recommend you keep ATF Cleaner to clean out temp files.

Install SpywareBlaster
Download and install Javacools SpywareBlaster from Here
SpywareBlaster adds a list of ActiveX controls, tracking cookies and sites which will be blocked in either Internet Explorer or Firefox browsers. You need to manually check for updates regularly.

Install SiteAdvisor
SiteAdvisor is a toolbar for Microsoft Internet Explorer and Mozilla Firefox which alerts you if you're about to enter a potentially dangerous website.
You can find more information and download it from Here

Install WinPatrol
As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
For more information, please visit HERE

MVPS Hosts

Install MVPS Hosts File From Here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
You can Find the Tutorial HERE

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Microsoft Windows Update
Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Install the updates immediately if they are found.
To update Windows
Go to Start > All Programs > Windows Update > Check for updates.
To update Office
Open up any Office program.
Go to Help > Check for Updates

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: HiJackThis Log

Unread postby Vittorio666 » February 21st, 2011, 10:57 pm

Well thanks for all your help. It's good to know my computer is safe and running great.
Vittorio666
Active Member
 
Posts: 9
Joined: February 9th, 2011, 1:01 am

Re: HiJackThis Log

Unread postby Cypher » February 22nd, 2011, 6:05 am

Vittorio666 wrote:Well thanks for all your help. It's good to know my computer is safe and running great.

You're most welcome glad we could help.
Good luck and stay safe.
As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 129 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware