Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

cant run hijackthis

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: cant run hijackthis

Unread postby Trigger » September 30th, 2009, 8:35 am

the computer has been alittle slow and firefox has been crashing
Trigger
Regular Member
 
Posts: 55
Joined: September 16th, 2009, 7:05 am
Advertisement
Register to Remove

Re: cant run hijackthis

Unread postby Wingman » October 1st, 2009, 10:50 am

Hi Trigger,

It appears that you posted an old HJT log... please run HJT again and produce a new log. Sorry, I should have reminded you...
Remember this:
Vista Advice Please Note:
The programs I ask you to run need to be run in Administrator Mode by... Right clicking the program file & selecting: Run as Administrator.
Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program.
When prompted, please select: Allow. Reference: User Account Control (UAC) and Running as Administrator

Please read these instructions carefully before executing and then perform the steps, in the order given.
lf, you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem.

Step 1.
Post a New HJT Log
  1. Start HijackThis... Right-click and choose "Run as Administrator"
    Located in: C:\Program Files\Trend Micro\hijackthis.exe
    If you are on the "scan & fix stuff" page... Press the "Main Menu"...button.
  2. From the Main Menu... Press the "Do System Scan and Save a Log File"...button.
    When completed...Notepad will open with the new "hijackthis.log" file contents.
Copy/paste the entire (hijackthis.log) file contents in your next reply.

Step 2.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. New HJT log
  3. How is the computer behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: cant run hijackthis

Unread postby Trigger » October 1st, 2009, 2:16 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:14:16 AM, on 10/2/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
E:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
E:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
E:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
E:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
E:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.malwareremoval.com/forum/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - E:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - E:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - E:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - E:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "e:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AutoStartNPSAgent] E:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - E:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\system32\Skype4COM.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Unknown owner - D:\Avira\AntiVir Desktop\sched.exe (file missing)
O23 - Service: Avira AntiVir Guard (AntiVirService) - Unknown owner - D:\Avira\AntiVir Desktop\avguard.exe (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - E:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Google Update Service (gupdate1c9a391f4bedba5) (gupdate1c9a391f4bedba5) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Unknown owner - D:\Program Files\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Start BT in service - Unknown owner - E:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

--
End of file - 9682 bytes
Trigger
Regular Member
 
Posts: 55
Joined: September 16th, 2009, 7:05 am

Re: cant run hijackthis

Unread postby Trigger » October 5th, 2009, 4:49 pm

Hi Wingman
1. Any problem executing the instructions? no its all been gonig very smoothly
2. New HJT log, in previous reply i hope thats a new log its got the right date
3. How is the computer behaving? it has been running good with IE but i like using FF and it keeps crashing, not too sure on whats going on there maybe you could shed some light on the problem.

Cheers for all your help so far :D
Trigger
Regular Member
 
Posts: 55
Joined: September 16th, 2009, 7:05 am

Re: cant run hijackthis

Unread postby Wingman » October 5th, 2009, 7:39 pm

Hello Trigger,
I apologize for the delay getting back to you... my cable / ISP was out all weekend as was just recently restored. I'll get back to you as soon as possible. :)
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: cant run hijackthis

Unread postby Trigger » October 5th, 2009, 7:43 pm

Wingman wrote:my cable / ISP was out


they didn't have malware did they :?: :lol:
Trigger
Regular Member
 
Posts: 55
Joined: September 16th, 2009, 7:05 am

Re: cant run hijackthis

Unread postby Wingman » October 6th, 2009, 1:22 pm

Hello Trigger,
There are remnants of several anti-virus programs remaining on your computer. These should be removed as they can possibly interfere with other security programs.

Please do not run any "fix" programs and/or remove any files unless instructed to do so, by me. I need to see what's present in order to properly diagnose the problem(s) and recommend corrective actions. Thanks.

Please read these instructions carefully before executing and then perform the steps, in the order given.
lf, you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem.

Step 1.
ERUNT - Emergency Recovery Utility NT
Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.
This is a free program that allows you to keep a complete backup of your registry and restore it when needed.

ERUNT utility program
Download:

  1. Please download ERUNT...by Lars Hederer. Save it to your desktop.
  2. Double-click erunt-setup-exe to run the install process. Install ERUNT by following the prompts.
  3. Use the default install settings... say "NO" to the section that asks you to add ERUNT to the Start-Up folder. You can enable this later.
  4. Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  5. Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is fine.
  6. Make sure the first two check boxes are selected.
  7. Click on OK ... then click on "YES" to create the folder.
Run:
This will create a full backup of your registry... ERUNT can be used to restore the registry from this backup, if needed.
  1. Please navigate to Start >> All Programs >> ERUNT.
  2. Click on OK within the pop-up menu.
  3. In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  4. Next click on "OK"... at the prompt... reply "Yes".
    After a short duration the Registry backup is complete! pop-up message will appear.
  5. Now click on "OK". A registry backup has now been created.
< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!

Step 2.
Norton Removal Tool
There are remnants of Norton Security products on your computer. These are not necessary and can possibly cause interference with other
security products.
  1. Please download Norton Removal Tool
    Save it to your desktop.
  2. Double click on Norton_Removal_Tool.exe to start the process.
    If using Vista, you must right click (Norton_Removal_Tool.exe) and choose "Run As Administrator".
  3. Follow program prompts, to remove the Norton product.
  4. Reboot your computer nomally.

Step 3.
Manual Removal of Avira AntiVir
Taken from the Avira Knowledge Base - Problem Details - #135 - Instructions for manual uninstallation
Manual uninstallation of AntiVir software version 8 or 9 is necessary, only if the normal procedure using Control Panel -> Add/Remove Programs (Windows XP/ 2000) or -> Programs and Features (Windows Vista) does not work.
If you plan on reinstalling Avira AntiVir... continue, otherwise skip to step 3.
  1. From Avira's Download section... Select and download the desired Avira software. Save it to your desktop.
  2. Save a copy of the license file HBEDV.KEY in a separate directory, or keep at hand the 25-character Activation Code (not necessary for Avira AntiVir Personal FREE).
  3. Please download Avira's RegistryCleaner: registrycleaner.zip, save it to your desktop.
  4. Start Windows Vista/XP/2000 in Safe Mode (normally done by continuously pressing the F8 key during the PC boot process).
  5. In Windows Explorer open the directory C:\Program Files\ (Windows Vista/XP/2000) and delete all existing AntiVir directories completely.
    In case you created a custom directory during AntiVir's installation, delete it.
    ...\AntiVir ...\
    ...\Avira ...\
    Note: if you are not allowed to delete the above mentioned directories, rename the AntiVir directory first. Then, after a restart in Safe Mode, you will be able to delete it.
  6. In Windows Explorer, open the directory C:\Documents and Settings\All Users\Application Data\ (Windows XP/2000) or C:\ProgramData\ (Windows Vista) and delete the existing AntiVir directories located there.
    If the Application Data folder is hidden, go to Tools -> Folder Options -> View and select the option "Show hidden files and folders".
    ...\AntiVir ...\
    ...\Avira ...\
  7. Unzip and run the RegistryCleaner program with the file RegCleaner.exe on Windows Vista/XP/2000.
    If using Vista, right click (RegCleaner.exe) and choose "Run As Administrator".
  8. Click on "Scan for keys", select/activate the option "select all"
  9. Click on Delete.
  10. Reboot your computer in Normal Mode.
    This last step is only needed if you have chosen to install Avira AntiVir on you computer (again)
  11. Install the chosen Avira AntiVir software, you downloaded earlier, following the prompts.

Step 4.
AVG Remover
You will be asked to restart your computer. Please save your work and any important data prior to running AVG Remover.
AVG Remover should be the last option used... in case the AVG uninstallation / repair installation process, has failed repeatedly.
Warning:
The AVG Remover utility removes all parts of the AVG installation on your computer, including registry items, installation and user files on your disk, etc. All AVG user settings will be removed after the uninstallation, as well as the Virus Vault content and other items related to AVG installation and use!
  1. Please download the appropriate tool, for the version of AVG, you have installed:
    AVG Remover(32bit) or AVG Remover(64bit). Save it to your desktop.
  2. Double click on avgremover.exe or avgremoverx64.exe to begin the removal process.
    If using Vista, you must right click (avgremover.exe or avgremoverx64.exe) and choose "Run As Administrator".
  3. Follow the program prompts...
    If asked to reboot your machine, please do so, to continue and/or complete the removal process.

Step 5.
No Anti-virus Software Installed!
Even before removing the old remnants of previously installed products, Looking over your log ... there was NO evidence of anti-virus software installed and providing real-time protection.. This puts you at serious risk.
Anti-virus software will help detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Anti-virus software can scan the computer memory and disk drives for malicious code.
They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories.
To protect your computer from infection...download a (free for personal use) anti-virus program from one these reliable vendors NOW!

1) Antivir PersonalEdition Classic- Free anti-virus software for Windows. Detects and removes more than 50,000 viruses. Free support.
2) avast! 4 Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition - Free edition of the AVG anti-virus program for Windows.

Once the new AV program is installed, check for any updates, then run a full scan on your system.
Please post the results of that scan in your next reply.


It is strongly recommended that you run only one antivirus program at a time.
Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.


Step 6
RSIT (Random's System Information Tool)
Using /info switch
  1. Ensure rsit.exe is on your desktop <--- Important!
  2. Click the Windows Start > All programs > Accessories then Run
  3. Copy/paste the following into the run box... then click OK
    "%userprofile%\desktop\rsit.exe" /info
  4. Click Continue at the disclaimer screen
  5. Once it has finished, two logs will open, log.txt (<<will be maximized) and info.txt (<<will be minimized)
  6. Copy & paste the contents of both logs in your next reply

Step 7.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. Removal tools executed?
  3. New Anti-virus program scan results
  4. RSIT new log.txt and info.txt file contents
  5. How is the computer behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: cant run hijackthis

Unread postby Trigger » October 7th, 2009, 1:54 am

Hi wingman,
1.Any problem executing the instructions? no all good
2.Removal tools executed? yes but unsure if they worked cause i still have agv folder on my hdd they say they were uninstalled
3.New Anti-virus program scan results, i went with Avira again. here is the results



Avira AntiVir Personal
Report file date: Wednesday, October 07, 2009 14:46

Scanning for 1780400 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista
Windows version : (Service Pack 1) [6.0.6001]
Boot mode : Normally booted
Username : SYSTEM
Computer name : USER-PC

Version information:
BUILD.DAT : 9.0.0.407 17961 Bytes 7/29/2009 10:34:00
AVSCAN.EXE : 9.0.3.7 466689 Bytes 7/21/2009 04:36:16
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 01:58:26
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 02:35:50
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 01:58:54
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 03:30:38
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 6/24/2009 00:21:44
ANTIVIR2.VDF : 7.1.6.50 4333568 Bytes 9/29/2009 04:45:04
ANTIVIR3.VDF : 7.1.6.80 320512 Bytes 10/6/2009 04:45:04
Engineversion : 8.2.1.33
AEVDF.DLL : 8.1.1.2 106867 Bytes 10/7/2009 04:45:18
AESCRIPT.DLL : 8.1.2.35 483707 Bytes 10/7/2009 04:45:16
AESCN.DLL : 8.1.2.5 127346 Bytes 10/7/2009 04:45:16
AERDL.DLL : 8.1.3.2 479604 Bytes 10/7/2009 04:45:16
AEPACK.DLL : 8.2.0.0 422261 Bytes 10/7/2009 04:45:14
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 7/23/2009 00:59:40
AEHEUR.DLL : 8.1.0.166 2003319 Bytes 10/7/2009 04:45:14
AEHELP.DLL : 8.1.7.0 237940 Bytes 10/7/2009 04:45:10
AEGEN.DLL : 8.1.1.67 364916 Bytes 10/7/2009 04:45:10
AEEMU.DLL : 8.1.1.0 393587 Bytes 10/7/2009 04:45:06
AECORE.DLL : 8.1.8.1 184693 Bytes 10/7/2009 04:45:06
AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 05:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/11/2008 23:48:00
AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 01:32:16
AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 05:34:30
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 01:32:10
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 06:05:42
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 01:37:10
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 06:03:50
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/1/2009 23:21:34
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 01:32:12
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 06:40:00
RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/17/2009 01:19:50

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: d:\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, E:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +PCK,+SPR,

Start of the scan: Wednesday, October 07, 2009 14:46

Starting search for hidden objects.
The driver could not be initialized.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'VSSVC.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'STOPzilla.exe' - '1' Module(s) have been scanned
Scan process 'HPQBAM08.EXE' - '1' Module(s) have been scanned
Scan process 'HPQSTE08.EXE' - '1' Module(s) have been scanned
Scan process 'NMIndexStoreSvr.exe' - '1' Module(s) have been scanned
Scan process 'UI0Detect.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexingService.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'NPSAgent.exe' - '1' Module(s) have been scanned
Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'ACDaemon.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'fsui.exe' - '1' Module(s) have been scanned
Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'StartSkysolSvc.exe' - '1' Module(s) have been scanned
Scan process 'SeaPort.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'FsUsbExService.Exe' - '1' Module(s) have been scanned
Scan process 'fsssvc.exe' - '1' Module(s) have been scanned
Scan process 'BTNtService.exe' - '1' Module(s) have been scanned
Scan process 'ACService.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'GoogleCrashHandler.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SZServer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
72 processes with 72 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '48' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Qoobox\Quarantine\C\Windows\System32\drivers\MSIVXmevwscqsornsixincigrkqvltqxnvcqp.sys.vir
[DETECTION] Is the TR/CryptRedol.77824.1 Trojan
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8BW9101A\StmOCX[1].cab
[0] Archive type: CAB (Microsoft)
--> StmOCX.inf
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
Begin scan in 'D:\'
Begin scan in 'E:\' <BYTIE>

Beginning disinfection:
C:\Qoobox\Quarantine\C\Windows\System32\drivers\MSIVXmevwscqsornsixincigrkqvltqxnvcqp.sys.vir
[DETECTION] Is the TR/CryptRedol.77824.1 Trojan
[NOTE] The file was moved to '4b15268f.qua'!


End of the scan: Wednesday, October 07, 2009 15:25
Used time: 34:36 Minute(s)

The scan has been done completely.

16155 Scanned directories
349123 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
1 Files cannot be scanned
349121 Files not concerned
1974 Archives were scanned
3 Warnings
2 Notes


4.RSIT new log.txt and info.txt file contents, everytime i go to use the command line that you gave me it dissaperes from my desktop and dosent do anything
5.How is the computer behaving?
still the same but now as i'm typing in this reply the box keeps scrolling one line above where im typing if i press a letter on my keyboard it jumps up then down again after i've stopped typing
Trigger
Regular Member
 
Posts: 55
Joined: September 16th, 2009, 7:05 am

Re: cant run hijackthis

Unread postby Wingman » October 8th, 2009, 12:57 pm

Hello Trigger,
There are different RSIT instruction below... please note the changes before executing them. Good job hanging in there. :)
As far as the typing issue... if this is a laptop computer, you can try adjusting the controls for the Touchpad. Sometimes the sensitivity is too high and even though you may not touch the pad while typing, it picks up a signal... causing the cursor to move to undesired locations.

For the AVG folder, please check in Control Panel, Programs and Features to see if there is an entry (still) for AVG... if not, then the AVG folder is leftover from the uninstall and would be OK to manually delete.

There are several other things that I would now like to address. (1)STOPzilla. I would strongly recommend uninstalling this product.(2)Your Firefox issue and (3) some things that will improve your computer response time.

Please do not run any "fix" programs and/or remove any files unless instructed to do so, by me. I need to see what's present in order to properly diagnose the problem(s) and recommend corrective actions. Thanks.

Please read these instructions carefully before executing and then perform the steps, in the order given.
lf, you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem.

Step 1.
Uninstall Programs
I need you to uninstall some program(s).
  1. Click on Start...then... Click the Start Search box on the Start Menu.
  2. Copy and paste the value below, into the open text entry box:
    control appwiz.cpl
      Depending on your current view setting ...
    • Double click on Programs and Features.
    • Under Programs, click on Uninstall a program.
  3. Locate the following program(s):
    STOPzilla
  4. Select the program and click on Uninstall to uninstall it.
  5. When finished... Close the Control Panel window.

Step 2.
For your Firefox problem... You could try starting Firefox in Safe Mode to help diagnose any problems...
  1. Use the Start Search box in Windows Vista... and then entering the following in the text field:
    "%PROGRAMFILES%\Mozilla Firefox\firefox.exe" -safe-mode
  2. Then click OK... Firefox should start, with the Safe Mode dialog box presented.

Step 3.
There are some contributing factors you have or more accurately, don't have, that can be a source of the computer being sluggish or even causing some applications to hang or crash.
(1) You have a very small hard drive with little available space remaining. System drive C: has 2 GB (15%) free of 15 GB. Some processes or programs require at least 15% of disk drive space be made available before they will execute, like System Restore. Other applications make use of temporary files that require additional space while they are running, in addition to any use of the system page file.
I have posted some things you can look at, to help reduce disk space usage, as well as some maintenance tips.

(2) You are also severely limited on the amount of RAM installed.
Even though Microsoft's Windows Vista recommended system requirements indicate Vista (Home Basic) will run on as little as 512mb, it is advisable to have at least 1 to 2 gb to run Vista, without having tremendous lag time. RAM has gotten cheaper and you could use Crucial Memory Advisor™ tool to scan your system and determine what kind and how much memory you could purchase and install. Adding additional memory is one of the most cost effective ways to increase your computer's performance.

Try these things to free up space on your hard drive.

1. Go to Control Panel... Double click on Programs and Features.
Review the programs installed. Uninstall-remove any that are no longer needed/used.

2. Go to (your browser) or Control Panel (Internet Options)
Delete Cookies, Delete files, Delete History

3. Perform Disk Cleanup
The Windows Vista Disk Cleanup tool is located under the Performance Information and Tools icon in the Control Panel. Navigate to Control Panel | Performance Information and Tools and click the Open Disk Cleanup link on the left hand side of the window

4. Reduce the amount of space allocated for System Restore Points...if being used.
Right click My Computer, choose Properties...select the System Restore tab...use the slider to re-allocate the amount of space.

5. If you have a lot of Media files...pictures, videos, music...
Review these files...deleting those no longer wanted. Copy (move) remaining files to other storage medium.
CD, DVD, USB external device or hard drive.

6. Delete the Uninstall folders/files
If updates from Microsoft (Auto Updates- Security Updates, etc.) have been installed and do not cause any problems with your system...and you never want to uninstall the update. You can delete the "Uninstall" folders from the Windows directory, these have a name like... $NtUninstallKB896424$

7. Once you have removed all the programs and files you can...
Run a Disk Defrag...this won't increase space but it will defragment the drive after all the removals.

8. Use a couple free small utility programs to clean up leftover files
Clean old files from the areas you just cleaned and files left over from various applications, you might not be aware of.
These utilities should be used just prior to logging off - shutting down your computer...to minimize the junk file left on your system
and also mark the index files for deletion on next logon... you can not delete these files, while logged on.
Two often recommended programs... CCleaner... or Temp File Cleaner (TFC.exe)...by Old Timer

Step 4.
RSIT (Random's System Information Tool)
You should still have this program on your desktop. If so, just ignore the download instructions.
Please download RSIT by random/random... save it to your desktop.

In order for both info and log files to be produced again, I need you to delete the existing RSIT folder:
  1. C:\RSIT <-- delete this entire folder , then...
  2. Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
  3. Please read the disclaimer... click on Continue.
    RSIT will start running. When done... 2 (Notepad) text files...will be produced.
    The first one, "C:\RSIT\log.txt", will be maximized... the second one, "C:\RSIT\info.txt", will be minimized.
  4. Please post both... "log.txt" and "info.txt", file contents in your next reply.
    (These logs can be lengthy, so post 1 log per reply please.)

Step 5.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. STOPzilla uninstalled?
  3. Firefox working better?
  4. Any hard drive space recommendations performed?
  5. RSIT new log.txt and info.txt file contents.
  6. How is the computer behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: cant run hijackthis

Unread postby Trigger » October 10th, 2009, 12:52 am

hi wingman i did everything you recommended had no problems with anything and it all is working much better the only thing is i cant seem to find where my disk space is going? ive uninstalled everything i dont need and ran the programs you suggested and i had about 1gig free space yesterday and now it seems to be going missing by the minute i'm not to sure on some of the other programs that i need (or widows needs)maybe you can give me an idea on what windows needs, i'll provide you with an uninstall list shortly. i had no problem with uninstalling STOPzilla, Avira has an annoying habit of pop-ups wanting me to upgade to pro or something like that i might try another program that you recommended. FF is going ok so far had no prob in safe mode. i put in another 1 gig of ram. RSIT info and log .txt posted in next reply. oh and i only have windows installed on c: i have to seperate partitions for other programs, music And photos, is there anyway we can make c: bigger?
Trigger.
Last edited by Trigger on October 10th, 2009, 12:56 am, edited 1 time in total.
Trigger
Regular Member
 
Posts: 55
Joined: September 16th, 2009, 7:05 am

Re: cant run hijackthis

Unread postby Trigger » October 10th, 2009, 12:53 am

Logfile of random's system information tool 1.06 (written by random/random)
Run by User at 2009-10-10 14:23:39
Microsoft® Windows Vista™ Home Basic Service Pack 1
System drive C: has 565 MB (4%) free of 15 GB
Total RAM: 1917 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:23:50 PM, on 10/10/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
E:\Program Files\HP\HP Software Update\hpwuSchd2.exe
D:\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
E:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
E:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Users\User\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\User.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.malwareremoval.com/forum/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - E:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "e:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [avgnt] "D:\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - E:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Update Service (gupdate1c9a391f4bedba5) (gupdate1c9a391f4bedba5) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: NBService - Unknown owner - D:\Program Files\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

--
End of file - 5998 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
Windows Live Family Safety Browser Helper Class - C:\Program Files\Windows Live\Family Safety\fssbho.dll [2009-02-06 61808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - E:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-09-19 4702208]
"fssui"=C:\Program Files\Windows Live\Family Safety\fsui.exe [2009-02-06 454000]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-02-18 13683232]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2009-02-18 92704]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"HP Software Update"=E:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"Malwarebytes Anti-Malware (reboot)"=e:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"avgnt"=D:\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 3 months======

2009-10-10 14:23:39 ----DC---- C:\rsit
2009-10-10 14:23:39 ----DC---- \rsit
2009-10-07 04:28:32 ----DC---- C:\Program Files\ERUNT
2009-10-04 01:30:31 ----C---- C:\Windows\system32\MpSigStub.exe
2009-09-30 09:25:41 ----DC---- C:\Users\User\AppData\Roaming\Malwarebytes
2009-09-30 08:56:03 ----AC---- C:\Windows\system32\CF14287.exe
2009-09-30 08:56:00 ----AC---- C:\Windows\system32\swsc.exe
2009-09-29 10:46:46 ----DC---- C:\Windows\temp
2009-09-29 10:45:38 ----SHDC---- C:\$RECYCLE.BIN
2009-09-29 10:45:38 ----SHDC---- \$RECYCLE.BIN
2009-09-27 03:10:44 ----AC---- C:\Windows\system32\tzres.dll
2009-09-26 16:47:37 ----AC---- C:\Windows\system32\jscript.dll
2009-09-26 16:47:27 ----AC---- C:\Windows\system32\TCPSVCS.EXE
2009-09-26 16:47:27 ----AC---- C:\Windows\system32\ROUTE.EXE
2009-09-26 16:47:27 ----AC---- C:\Windows\system32\NETSTAT.EXE
2009-09-26 16:47:27 ----AC---- C:\Windows\system32\netiohlp.dll
2009-09-26 16:47:27 ----AC---- C:\Windows\system32\MRINFO.EXE
2009-09-26 16:47:27 ----AC---- C:\Windows\system32\HOSTNAME.EXE
2009-09-26 16:47:27 ----AC---- C:\Windows\system32\finger.exe
2009-09-26 16:47:27 ----AC---- C:\Windows\system32\ARP.EXE
2009-09-26 16:47:26 ----AC---- C:\Windows\system32\netevent.dll
2009-09-26 16:46:13 ----AC---- C:\Windows\system32\wlanmsm.dll
2009-09-26 16:46:12 ----AC---- C:\Windows\system32\wlansvc.dll
2009-09-26 16:46:12 ----AC---- C:\Windows\system32\wlansec.dll
2009-09-26 16:46:12 ----AC---- C:\Windows\system32\L2SecHC.dll
2009-09-26 16:46:06 ----AC---- C:\Windows\system32\t2embed.dll
2009-09-26 16:46:06 ----AC---- C:\Windows\system32\fontsub.dll
2009-09-26 16:46:06 ----AC---- C:\Windows\system32\atmfd.dll
2009-09-26 16:46:05 ----AC---- C:\Windows\system32\dciman32.dll
2009-09-26 16:45:45 ----AC---- C:\Windows\system32\WMVCORE.DLL
2009-09-26 16:45:44 ----AC---- C:\Windows\system32\mf.dll
2009-09-26 16:45:36 ----AC---- C:\Windows\system32\atl.dll
2009-09-26 16:45:31 ----AC---- C:\Windows\system32\wkssvc.dll
2009-09-26 16:45:15 ----AC---- C:\Windows\system32\mshtml.dll
2009-09-26 16:45:14 ----AC---- C:\Windows\system32\ieframe.dll
2009-09-26 16:45:12 ----AC---- C:\Windows\system32\wininet.dll
2009-09-26 16:45:12 ----AC---- C:\Windows\system32\urlmon.dll
2009-09-26 16:45:12 ----AC---- C:\Windows\system32\msfeeds.dll
2009-09-26 16:45:12 ----AC---- C:\Windows\system32\iertutil.dll
2009-09-26 16:45:11 ----AC---- C:\Windows\system32\occache.dll
2009-09-26 16:45:11 ----AC---- C:\Windows\system32\iedkcs32.dll
2009-09-26 16:45:10 ----AC---- C:\Windows\system32\ieUnatt.exe
2009-09-26 16:45:10 ----AC---- C:\Windows\system32\ieui.dll
2009-09-26 16:45:10 ----AC---- C:\Windows\system32\iepeers.dll
2009-09-26 16:45:09 ----AC---- C:\Windows\system32\msfeedssync.exe
2009-09-26 16:45:09 ----AC---- C:\Windows\system32\msfeedsbs.dll
2009-09-26 16:45:09 ----AC---- C:\Windows\system32\jsproxy.dll
2009-09-26 16:45:09 ----AC---- C:\Windows\system32\iesysprep.dll
2009-09-26 16:45:09 ----AC---- C:\Windows\system32\iesetup.dll
2009-09-26 16:45:09 ----AC---- C:\Windows\system32\iernonce.dll
2009-09-26 16:45:09 ----AC---- C:\Windows\system32\ie4uinit.exe
2009-09-26 16:45:05 ----AC---- C:\Windows\system32\mstscax.dll
2009-09-26 16:44:58 ----AC---- C:\Windows\system32\avifil32.dll
2009-09-26 16:44:45 ----AC---- C:\Windows\system32\wmp.dll
2009-09-26 16:44:44 ----AC---- C:\Windows\system32\wmpdxm.dll
2009-09-26 16:44:43 ----AC---- C:\Windows\system32\spwmp.dll
2009-09-26 16:44:42 ----AC---- C:\Windows\system32\dxmasf.dll
2009-09-26 16:44:41 ----AC---- C:\Windows\system32\wmploc.DLL
2009-09-26 16:41:51 ----AC---- C:\Windows\system32\Apphlpdm.dll
2009-09-26 16:41:49 ----AC---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-09-26 13:41:42 ----AC---- C:\Windows\zip.exe
2009-09-26 13:41:42 ----AC---- C:\Windows\SWXCACLS.exe
2009-09-26 13:41:42 ----AC---- C:\Windows\SWSC.exe
2009-09-26 13:41:42 ----AC---- C:\Windows\SWREG.exe
2009-09-26 13:41:42 ----AC---- C:\Windows\sed.exe
2009-09-26 13:41:42 ----AC---- C:\Windows\NIRCMD.exe
2009-09-26 13:41:42 ----AC---- C:\Windows\grep.exe
2009-09-26 13:41:39 ----DC---- C:\Windows\ERDNT
2009-09-26 13:41:03 ----DC---- C:\Qoobox
2009-09-26 13:41:03 ----DC---- \Qoobox
2009-09-24 07:54:46 ----AC---- C:\RootRepeal report 09-24-09 (07-54-46).txt
2009-09-24 07:54:46 ----AC---- \RootRepeal report 09-24-09 (07-54-46).txt
2009-09-20 16:54:16 ----DC---- C:\Program Files\Trend Micro
2009-09-19 15:07:37 ----AC---- C:\MGtools.exe
2009-09-19 15:07:37 ----AC---- \MGtools.exe
2009-09-16 09:04:13 ----DC---- C:\Program Files\Common Files\iS3
2009-09-06 22:26:18 ----DC---- C:\Windows\BDOSCAN8
2009-09-05 21:32:40 ----AC---- C:\Windows\PhotoSnapViewer.INI
2009-08-26 04:23:34 ----DC---- C:\Windows\Sun
2009-08-25 13:03:00 ----DC---- C:\Users\User\AppData\Roaming\KodakCredentialStore
2009-08-25 12:59:43 ----DC---- C:\Users\User\AppData\Roaming\Skinux
2009-08-25 12:58:10 ----ASHC---- C:\Users\User\AppData\Roaming\desktop.ini
2009-08-25 12:57:27 ----DC---- C:\Users\User\AppData\Roaming\ArcSoft
2009-08-25 12:55:54 ----DC---- C:\Program Files\Common Files\ArcSoft
2009-08-25 12:55:00 ----DC---- C:\Program Files\Kodak
2009-08-25 12:52:50 ----DC---- C:\Program Files\Common Files\Kodak
2009-08-25 12:51:30 ----DC---- C:\Program Files\Common Files\MSSoap
2009-08-25 09:31:05 ----AC---- C:\Windows\NeroDigital.ini
2009-08-24 22:21:48 ----DC---- C:\Users\User\AppData\Roaming\AVG8
2009-08-08 21:22:08 ----DC---- C:\Program Files\MarkAnyContentSAFER
2009-08-08 21:06:31 ----DC---- C:\Windows\system32\Samsung_USB_Drivers
2009-08-08 21:05:07 ----AC---- C:\Windows\system32\FsUsbExDevice.Dll
2009-08-08 21:05:07 ----A---- C:\Windows\system32\FsUsbExService.Exe
2009-08-08 21:03:52 ----DC---- C:\Users\User\AppData\Roaming\Samsung
2009-07-17 09:46:17 ----AC---- C:\Windows\ODBC.INI

======List of files/folders modified in the last 3 months======

2009-10-10 14:20:27 ----DC---- C:\Windows\Prefetch
2009-10-10 14:19:37 ----HDC---- C:\Program Files\InstallShield Installation Information
2009-10-10 14:19:36 ----SHDC---- C:\Windows\Installer
2009-10-10 14:19:35 ----DC---- C:\Config.Msi
2009-10-10 14:19:35 ----DC---- \Config.Msi
2009-10-10 14:18:44 ----SHD---- C:\System Volume Information
2009-10-10 14:18:44 ----SHD---- \System Volume Information
2009-10-10 14:17:07 ----RDC---- C:\Program Files
2009-10-10 14:17:07 ----RDC---- \Program Files
2009-10-10 14:09:34 ----DC---- C:\Windows\System32
2009-10-10 14:09:34 ----DC---- C:\Windows\inf
2009-10-10 14:09:34 ----AC---- C:\Windows\system32\PerfStringBackup.INI
2009-10-10 14:04:25 ----DC---- C:\Windows
2009-10-10 14:04:25 ----DC---- \Windows
2009-10-10 13:51:16 ----DC---- C:\Windows\system32\catroot
2009-10-10 04:21:03 ----DC---- C:\Program Files\Common Files\microsoft shared
2009-10-10 04:19:07 ----DC---- C:\Windows\system32\drivers
2009-10-10 04:17:57 ----DC---- C:\Windows\system32\catroot2
2009-10-10 04:13:10 ----DC---- C:\Windows\Debug
2009-10-09 14:39:28 ----SDC---- C:\Windows\Downloaded Program Files
2009-10-09 13:56:23 ----DC---- C:\Program Files\Google
2009-10-09 13:50:53 ----DC---- C:\ProgramData
2009-10-09 13:50:53 ----DC---- \ProgramData
2009-10-09 13:48:33 ----DC---- C:\Program Files\Common Files
2009-10-09 13:42:50 ----DC---- C:\Windows\Tasks
2009-10-09 13:39:53 ----DC---- C:\Program Files\Common Files\Adobe
2009-10-09 13:39:53 ----DC---- C:\Program Files\Adobe
2009-10-07 14:02:13 ----DC---- C:\Program Files\Common Files\Symantec Shared
2009-09-30 08:56:03 ----DC---- C:\Windows\system32\en-US
2009-09-29 10:44:50 ----AC---- C:\Windows\system.ini
2009-09-29 10:42:42 ----DC---- C:\Windows\AppPatch
2009-09-27 03:35:52 ----D---- C:\Windows\rescache
2009-09-27 03:32:12 ----D---- C:\Windows\winsxs
2009-09-27 03:18:45 ----DC---- C:\Program Files\Microsoft Silverlight
2009-09-27 03:17:14 ----DC---- C:\Windows\system32\migration
2009-09-27 03:17:14 ----DC---- C:\Program Files\Windows Mail
2009-09-27 03:17:13 ----DC---- C:\Program Files\Windows Media Player
2009-09-27 03:17:13 ----DC---- C:\Program Files\Internet Explorer
2009-09-27 03:09:35 ----DC---- C:\Windows\Microsoft.NET
2009-09-26 14:04:35 ----DC---- C:\Windows\system32\config
2009-09-25 04:12:07 ----DC---- C:\Windows\Logs
2009-09-20 16:52:03 ----DC---- C:\Windows\system32\Tasks
2009-09-16 09:00:17 ----DC---- C:\Windows\system32\DRVSTORE
2009-09-08 19:55:24 ----DC---- C:\Windows\Minidump
2009-08-28 14:38:22 ----AC---- C:\Windows\system32\mrt.exe
2009-08-25 12:55:00 ----DC---- C:\Windows\Help
2009-08-25 12:54:17 ----RSDC---- C:\Windows\assembly
2009-08-24 22:39:06 ----SDC---- C:\Users\User\AppData\Roaming\Microsoft
2009-07-17 09:47:23 ----RSDC---- C:\Windows\Fonts
2009-07-17 09:41:08 ----DC---- C:\Windows\system

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\D:\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-07-28 55656]
R2 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-02-06 55280]
R3 DM9102; CNet PRO200 PCI Fast Ethernet NT Driver ; C:\Windows\system32\DRIVERS\DM9PCI5.SYS [2002-10-29 33280]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2008-11-14 36608]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-09-19 1959832]
R3 NVENETFD;NVIDIA nForce 10/100 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2008-08-01 1052704]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-02-18 7765504]
S1 Avgfwfd;AVG network filter service; C:\Windows\system32\DRIVERS\avgfwd6x.sys [2009-08-24 23832]
S3 2WIREPCP;2Wire USB; C:\Windows\system32\DRIVERS\2WirePCP.sys [2007-03-23 60768]
S3 BlueletAudio;Bluetooth Audio Service; C:\Windows\system32\DRIVERS\blueletaudio.sys []
S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\Windows\system32\DRIVERS\BlueletSCOAudio.sys []
S3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys []
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-21 19456]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-21 131584]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-21 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-21 36864]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2008-07-22 15600]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-21 49664]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-21 8192]
S3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2008-03-31 51200]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 VComm;Virtual Serial port driver; C:\Windows\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:\Windows\System32\Drivers\VcommMgr.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; D:\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; D:\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 fsssvc;Windows Live Family Safety; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-02-18 207392]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S2 gupdate1c9a391f4bedba5;Google Update Service (gupdate1c9a391f4bedba5); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-13 133104]
S3 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe []
S3 NBService;NBService; D:\Program Files\Nero 7\Nero BackItUp\NBService.exe []
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]

-----------------EOF-----------------
Trigger
Regular Member
 
Posts: 55
Joined: September 16th, 2009, 7:05 am

Re: cant run hijackthis

Unread postby Trigger » October 10th, 2009, 12:57 am

info.txt logfile of random's system information tool 1.06 2009-10-10 14:23:51

======Uninstall list======

32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Avira AntiVir Personal - Free Antivirus-->D:\Avira\AntiVir Desktop\setup.exe /REMOVE
CCleaner (remove only)-->"e:\Program Files\CCleaner\uninst.exe"
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
DM9XInst-->c:\Program Files\DAVICOM\DM9XInst\uninst2k.exe {D9E09B07-6C95-11D5-AEBB-00606E910201} PCI\ Win2k
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore-->MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock-->MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt-->MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
e-tax 2009-->MsiExec.exe /X{0A8C7880-F199-4807-ABD4-6E695B71A3D7}
fflink-->MsiExec.exe /I{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3-->E:\Program Files\HP\Digital Imaging\{D77D43B5-ED55-426b-B67B-E21F804F6102}\setup\hpzscr01.exe -datfile hposcr27.dat -onestop
HP Imaging Device Functions 10.0-->E:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Smart Web Printing-->E:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Update-->MsiExec.exe /X{11B83AD3-7A46-4C2E-A568-9505981D4C6F}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
Kodak EasyShare software-->C:\ProgramData\Kodak\EasyShareSetup\$SETUP_140001_328bb14\Setup.exe /APR-REMOVE
Malwarebytes' Anti-Malware-->"e:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft IPsec Diagnostic Tool-->MsiExec.exe /X{931DCC98-DA00-4908-8356-FB822088E278}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.5.3)-->e:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
netbrdg-->MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OGA Notifier 1.7.0105.35.0-->MsiExec.exe /I{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x9 -removeonly
SAMSUNG Mobile Modem Driver Set-->C:\Windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software-->C:\Windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\Windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\Windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
skin0001-->MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
staticcr-->MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TestDrive Client-->MsiExec.exe /X{36C9E08A-BE2B-40A0-83C5-576748F7B777}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Windows Driver Package - 2Wire (2WIREPCP) Net (03/22/2007 2.0)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\2wirepcp.inf_2b7726ce\2wirepcp.inf
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Family Safety-->MsiExec.exe /X{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}
Windows Live Mail-->MsiExec.exe /I{63C1109E-D977-49ED-BCE3-D00D0BF187D6}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Photo Gallery-->MsiExec.exe /X{3C52E7DA-C431-4239-B66B-1BF703D5B194}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Live Sync-->MsiExec.exe /X{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}
Windows Live Toolbar-->MsiExec.exe /X{995F1E2E-F542-4310-8E1D-9926F5A279B3}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}

======Hosts File======

::1 localhost

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: User-PC
Event Code: 49
Message: Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
Record Number: 83178
Source Name: volmgr
Time Written: 20091010040415.226830-000
Event Type: Error
User:

Computer Name: User-PC
Event Code: 36
Message: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
Record Number: 83183
Source Name: volsnap
Time Written: 20091010040437.909375-000
Event Type: Error
User:

Computer Name: User-PC
Event Code: 15016
Message: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.
Record Number: 83187
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20091010040444.727213-000
Event Type: Error
User:

Computer Name: User-PC
Event Code: 7022
Message: The HP CUE DeviceDiscovery Service service hung on starting.
Record Number: 83254
Source Name: Service Control Manager
Time Written: 20091010040623.000000-000
Event Type: Error
User:

Computer Name: User-PC
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
Avgfwfd
BTHidMgr
Record Number: 83255
Source Name: Service Control Manager
Time Written: 20091010040623.000000-000
Event Type: Error
User:

=====Application event log=====

Computer Name: User-PC
Event Code: 10007
Message: Application or service 'BlueSoleil Hid Service' could not be restarted.
Record Number: 29999
Source Name: Microsoft-Windows-RestartManager
Time Written: 20091009181907.975942-000
Event Type: Error
User: User-PC\User

Computer Name: User-PC
Event Code: 64
Message: Certificate for local system with Thumbprint 4e 7c 54 42 2a 43 1a db de 20 36 77 0e b2 fa 58 fb 58 cd 44 is about to expire or already expired.
Record Number: 30012
Source Name: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Time Written: 20091009195641.000000-000
Event Type: Warning
User:

Computer Name: User-PC
Event Code: 64
Message: Certificate for local system with Thumbprint 4e 7c 54 42 2a 43 1a db de 20 36 77 0e b2 fa 58 fb 58 cd 44 is about to expire or already expired.
Record Number: 30036
Source Name: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Time Written: 20091010040554.000000-000
Event Type: Warning
User:

Computer Name: User-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 30038
Source Name: Microsoft-Windows-WMI
Time Written: 20091010040611.000000-000
Event Type: Error
User:

Computer Name: User-PC
Event Code: 11
Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Record Number: 30041
Source Name: Microsoft-Windows-CAPI2
Time Written: 20091010040630.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: User-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 26628
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091010042349.636813-000
Event Type: Audit Failure
User:

Computer Name: User-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 26629
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091010042349.670813-000
Event Type: Audit Failure
User:

Computer Name: User-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 26630
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091010042349.711813-000
Event Type: Audit Failure
User:

Computer Name: User-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 26631
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091010042349.745813-000
Event Type: Audit Failure
User:

Computer Name: User-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 26632
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091010042349.786813-000
Event Type: Audit Failure
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Windows\Microsoft.NET\Framework\v2.0.50727;C:\Program Files\QuickTime\QTSystem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE

-----------------EOF-----------------
Trigger
Regular Member
 
Posts: 55
Joined: September 16th, 2009, 7:05 am

Re: cant run hijackthis

Unread postby Wingman » October 10th, 2009, 5:22 pm

Hello Trigger,
Great job hanging in there and getting these things accomplished... RAM looks real good now. :)
Yes, Avira does pop-up a request window, for updating to the purchased version... the "price you pay" for free.

Regarding your "disappearing space" concern, what programs you need and what programs Windows needs and how to make your C:\ partition larger...
The Malware Removal forum deals with removing malware. The space issue could be malware related and we'll find out. As far as the other issues... I suggest you try a PC troubleshooting forum...AFTER we are finished.
Please do not seek assistance for other issues, until it is determined that there is nothing more we can do as far as malware removal. Doing so could complicate matters tremendously!
These sites have a variety of (volunteer) experts, that are better equipped to investigate and resolve these kinds of issues. Registration is free, it only takes a few minutes. :)
The Elder Geek on Windows
BleepingComputer.com
WhattheTech...formerly TomCoyote

Some questions to answer, so I'll know how to proceed:
1. Do you want or need the BitDefender Online Scanner buttons or menu item on your browser?
2. Same question for Spybot Search and Destroy...

Step 1.
Malwarebytes' Anti-Malware
It apears, that you already have this program installed.
  1. Please start MBAM (Malwarebytes' Anti-Malware). Right click on the MBAM .exe file and "Run as Administrator".
  2. Press the Update tab.. then press the Check for Updates...button.
    Once any updates are installed or you get the message that you are up-to-date
  3. Press the Scanner tab...
  4. Select QUICK SCAN... then press the Scan...button. This scan takes a few minutes, so please be patient.
    When the scan finishes... if anything is found...
  5. Check everything to be removed, except the System Volume entries.
  6. Let MBAM remove what it can... if there are files to be deleted on reboot... please reboot the machine so MBAM can finish the removal.
    If you rebooted, then you'll need to start MBAM again.
  7. Press the LOG... tab. Locate the most current log file.
Please copy and paste the most recent log (from this new run) in your next reply.
Note: The MBAM logs can be located: x:\Documents and Settings\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\Logs
x:\ should be replaced with the appropriate drive reference.

Step 2.
Run Full Avira AntiVir scan
Run as Administrator...
  1. Start Avira AntiVir... and check for updates.
  2. Once updated ... run a FULL scan on all drives. This will probably take a long time.
  3. When scan is finished, please post the results in your next reply.


Step 3.
RSIT (Random's System Information Tool)
You should still have this program on your desktop. If so, just ignore the download instructions.
Please download RSIT by random/random... save it to your desktop.

In order for both info and log files to be produced again, I need you to delete the existing RSIT folder:
  1. C:\RSIT <-- delete this entire folder , then...
  2. Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
  3. Please read the disclaimer... click on Continue.
    RSIT will start running. When done... 2 (Notepad) text files...will be produced.
    The first one, "C:\RSIT\log.txt", will be maximized... the second one, "C:\RSIT\info.txt", will be minimized.
  4. Please post both... "log.txt" and "info.txt", file contents in your next reply.
    (These logs can be lengthy, so post 1 log per reply please.)

Step 4.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. Answers to my 2 questions.
  3. MBAM scan results.
  4. Avira full scan results?
  5. RSIT new log.txt and info.txt file contents.
  6. How is the computer behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: cant run hijackthis

Unread postby Trigger » October 11th, 2009, 11:54 pm

hey wingman, answers to your 2 q's no i dont need/want either of those programs i dont think they work. scan results are in next few posts. i've had a bit of trouble with avira when i do a scan it kept on getting stuck at 34-35.6% and sometimes even just restarting the computer automaticly and so not finishing the scan, i have no idea whats going on with that. as for the computer behaving its not doing too bad, java is asking to be updated and i think thats causing problems with my wifes facebook games everytime she gets on she has a problem, but i dont go for the games and i have no problem. thanks for your advice on the space issue on my hard drive and i'll be droppin in on one of those forums when i'm finished here :)


Malwarebytes' Anti-Malware 1.41
Database version: 2939
Windows 6.0.6001 Service Pack 1

10/11/2009 10:00:50 AM
mbam-log-2009-10-11 (10-00-50).txt

Scan type: Quick Scan
Objects scanned: 84912
Time elapsed: 3 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Trigger
Regular Member
 
Posts: 55
Joined: September 16th, 2009, 7:05 am

Re: cant run hijackthis

Unread postby Trigger » October 11th, 2009, 11:55 pm

Logfile of random's system information tool 1.06 (written by random/random)
Run by User at 2009-10-12 13:36:53
Microsoft® Windows Vista™ Home Basic Service Pack 1
System drive C: has 3 GB (18%) free of 15 GB
Total RAM: 1917 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:36:58 PM, on 10/12/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
E:\Program Files\HP\HP Software Update\hpwuSchd2.exe
D:\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
E:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
E:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\User\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\User.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.malwareremoval.com/forum/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - E:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "e:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [avgnt] "D:\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - E:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Update Service (gupdate1c9a391f4bedba5) (gupdate1c9a391f4bedba5) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: NBService - Unknown owner - D:\Program Files\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

--
End of file - 5822 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
Windows Live Family Safety Browser Helper Class - C:\Program Files\Windows Live\Family Safety\fssbho.dll [2009-02-06 61808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - E:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-09-19 4702208]
"fssui"=C:\Program Files\Windows Live\Family Safety\fsui.exe [2009-02-06 454000]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-02-18 13683232]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2009-02-18 92704]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"HP Software Update"=E:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"Malwarebytes Anti-Malware (reboot)"=e:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"avgnt"=D:\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 3 months======

2009-10-12 13:36:53 ----DC---- C:\rsit
2009-10-12 13:36:53 ----DC---- \rsit
2009-10-07 04:28:32 ----DC---- C:\Program Files\ERUNT
2009-10-04 01:30:31 ----C---- C:\Windows\system32\MpSigStub.exe
2009-09-30 09:25:41 ----DC---- C:\Users\User\AppData\Roaming\Malwarebytes
2009-09-30 08:56:03 ----AC---- C:\Windows\system32\CF14287.exe
2009-09-30 08:56:00 ----AC---- C:\Windows\system32\swsc.exe
2009-09-29 10:46:46 ----DC---- C:\Windows\temp
2009-09-29 10:45:38 ----SHDC---- C:\$RECYCLE.BIN
2009-09-29 10:45:38 ----SHDC---- \$RECYCLE.BIN
2009-09-27 03:10:44 ----AC---- C:\Windows\system32\tzres.dll
2009-09-26 16:47:37 ----AC---- C:\Windows\system32\jscript.dll
2009-09-26 16:47:27 ----AC---- C:\Windows\system32\TCPSVCS.EXE
2009-09-26 16:47:27 ----AC---- C:\Windows\system32\ROUTE.EXE
2009-09-26 16:47:27 ----AC---- C:\Windows\system32\NETSTAT.EXE
2009-09-26 16:47:27 ----AC---- C:\Windows\system32\netiohlp.dll
2009-09-26 16:47:27 ----AC---- C:\Windows\system32\MRINFO.EXE
2009-09-26 16:47:27 ----AC---- C:\Windows\system32\HOSTNAME.EXE
2009-09-26 16:47:27 ----AC---- C:\Windows\system32\finger.exe
2009-09-26 16:47:27 ----AC---- C:\Windows\system32\ARP.EXE
2009-09-26 16:47:26 ----AC---- C:\Windows\system32\netevent.dll
2009-09-26 16:46:13 ----AC---- C:\Windows\system32\wlanmsm.dll
2009-09-26 16:46:12 ----AC---- C:\Windows\system32\wlansvc.dll
2009-09-26 16:46:12 ----AC---- C:\Windows\system32\wlansec.dll
2009-09-26 16:46:12 ----AC---- C:\Windows\system32\L2SecHC.dll
2009-09-26 16:46:06 ----AC---- C:\Windows\system32\t2embed.dll
2009-09-26 16:46:06 ----AC---- C:\Windows\system32\fontsub.dll
2009-09-26 16:46:06 ----AC---- C:\Windows\system32\atmfd.dll
2009-09-26 16:46:05 ----AC---- C:\Windows\system32\dciman32.dll
2009-09-26 16:45:45 ----AC---- C:\Windows\system32\WMVCORE.DLL
2009-09-26 16:45:44 ----AC---- C:\Windows\system32\mf.dll
2009-09-26 16:45:36 ----AC---- C:\Windows\system32\atl.dll
2009-09-26 16:45:31 ----AC---- C:\Windows\system32\wkssvc.dll
2009-09-26 16:45:15 ----AC---- C:\Windows\system32\mshtml.dll
2009-09-26 16:45:14 ----AC---- C:\Windows\system32\ieframe.dll
2009-09-26 16:45:12 ----AC---- C:\Windows\system32\wininet.dll
2009-09-26 16:45:12 ----AC---- C:\Windows\system32\urlmon.dll
2009-09-26 16:45:12 ----AC---- C:\Windows\system32\msfeeds.dll
2009-09-26 16:45:12 ----AC---- C:\Windows\system32\iertutil.dll
2009-09-26 16:45:11 ----AC---- C:\Windows\system32\occache.dll
2009-09-26 16:45:11 ----AC---- C:\Windows\system32\iedkcs32.dll
2009-09-26 16:45:10 ----AC---- C:\Windows\system32\ieUnatt.exe
2009-09-26 16:45:10 ----AC---- C:\Windows\system32\ieui.dll
2009-09-26 16:45:10 ----AC---- C:\Windows\system32\iepeers.dll
2009-09-26 16:45:09 ----AC---- C:\Windows\system32\msfeedssync.exe
2009-09-26 16:45:09 ----AC---- C:\Windows\system32\msfeedsbs.dll
2009-09-26 16:45:09 ----AC---- C:\Windows\system32\jsproxy.dll
2009-09-26 16:45:09 ----AC---- C:\Windows\system32\iesysprep.dll
2009-09-26 16:45:09 ----AC---- C:\Windows\system32\iesetup.dll
2009-09-26 16:45:09 ----AC---- C:\Windows\system32\iernonce.dll
2009-09-26 16:45:09 ----AC---- C:\Windows\system32\ie4uinit.exe
2009-09-26 16:45:05 ----AC---- C:\Windows\system32\mstscax.dll
2009-09-26 16:44:58 ----AC---- C:\Windows\system32\avifil32.dll
2009-09-26 16:44:45 ----AC---- C:\Windows\system32\wmp.dll
2009-09-26 16:44:44 ----AC---- C:\Windows\system32\wmpdxm.dll
2009-09-26 16:44:43 ----AC---- C:\Windows\system32\spwmp.dll
2009-09-26 16:44:42 ----AC---- C:\Windows\system32\dxmasf.dll
2009-09-26 16:44:41 ----AC---- C:\Windows\system32\wmploc.DLL
2009-09-26 16:41:51 ----AC---- C:\Windows\system32\Apphlpdm.dll
2009-09-26 16:41:49 ----AC---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-09-26 13:41:42 ----AC---- C:\Windows\zip.exe
2009-09-26 13:41:42 ----AC---- C:\Windows\SWXCACLS.exe
2009-09-26 13:41:42 ----AC---- C:\Windows\SWSC.exe
2009-09-26 13:41:42 ----AC---- C:\Windows\SWREG.exe
2009-09-26 13:41:42 ----AC---- C:\Windows\sed.exe
2009-09-26 13:41:42 ----AC---- C:\Windows\NIRCMD.exe
2009-09-26 13:41:42 ----AC---- C:\Windows\grep.exe
2009-09-26 13:41:39 ----DC---- C:\Windows\ERDNT
2009-09-26 13:41:03 ----DC---- C:\Qoobox
2009-09-26 13:41:03 ----DC---- \Qoobox
2009-09-24 07:54:46 ----AC---- C:\RootRepeal report 09-24-09 (07-54-46).txt
2009-09-24 07:54:46 ----AC---- \RootRepeal report 09-24-09 (07-54-46).txt
2009-09-20 16:54:16 ----DC---- C:\Program Files\Trend Micro
2009-09-19 15:07:37 ----AC---- C:\MGtools.exe
2009-09-19 15:07:37 ----AC---- \MGtools.exe
2009-09-16 09:04:13 ----DC---- C:\Program Files\Common Files\iS3
2009-09-06 22:26:18 ----DC---- C:\Windows\BDOSCAN8
2009-09-05 21:32:40 ----AC---- C:\Windows\PhotoSnapViewer.INI
2009-08-26 04:23:34 ----DC---- C:\Windows\Sun
2009-08-25 13:03:00 ----DC---- C:\Users\User\AppData\Roaming\KodakCredentialStore
2009-08-25 12:59:43 ----DC---- C:\Users\User\AppData\Roaming\Skinux
2009-08-25 12:58:10 ----ASHC---- C:\Users\User\AppData\Roaming\desktop.ini
2009-08-25 12:57:27 ----DC---- C:\Users\User\AppData\Roaming\ArcSoft
2009-08-25 12:55:54 ----DC---- C:\Program Files\Common Files\ArcSoft
2009-08-25 12:55:00 ----DC---- C:\Program Files\Kodak
2009-08-25 12:52:50 ----DC---- C:\Program Files\Common Files\Kodak
2009-08-25 12:51:30 ----DC---- C:\Program Files\Common Files\MSSoap
2009-08-25 09:31:05 ----AC---- C:\Windows\NeroDigital.ini
2009-08-24 22:21:48 ----DC---- C:\Users\User\AppData\Roaming\AVG8
2009-08-08 21:22:08 ----DC---- C:\Program Files\MarkAnyContentSAFER
2009-08-08 21:06:31 ----DC---- C:\Windows\system32\Samsung_USB_Drivers
2009-08-08 21:05:07 ----AC---- C:\Windows\system32\FsUsbExDevice.Dll
2009-08-08 21:05:07 ----A---- C:\Windows\system32\FsUsbExService.Exe
2009-08-08 21:03:52 ----DC---- C:\Users\User\AppData\Roaming\Samsung
2009-07-17 09:46:17 ----AC---- C:\Windows\ODBC.INI

======List of files/folders modified in the last 3 months======

2009-10-12 13:34:51 ----SHD---- C:\System Volume Information
2009-10-12 13:34:51 ----SHD---- \System Volume Information
2009-10-12 13:34:14 ----DC---- C:\Windows\Prefetch
2009-10-12 12:12:45 ----DC---- C:\Windows\System32
2009-10-12 12:12:45 ----DC---- C:\Windows\inf
2009-10-12 12:12:45 ----AC---- C:\Windows\system32\PerfStringBackup.INI
2009-10-12 11:01:50 ----SHDC---- C:\Windows\Installer
2009-10-12 11:01:50 ----DC---- C:\Config.Msi
2009-10-12 11:01:50 ----DC---- \Config.Msi
2009-10-12 10:59:42 ----DC---- C:\Program Files\Windows Live
2009-10-12 10:58:52 ----D---- C:\Windows\winsxs
2009-10-12 10:58:50 ----RDC---- C:\Program Files
2009-10-12 10:58:50 ----RDC---- \Program Files
2009-10-12 10:47:51 ----DC---- C:\ProgramData
2009-10-12 10:47:51 ----DC---- \ProgramData
2009-10-10 14:19:37 ----HDC---- C:\Program Files\InstallShield Installation Information
2009-10-10 14:04:25 ----DC---- C:\Windows
2009-10-10 14:04:25 ----DC---- \Windows
2009-10-10 13:51:16 ----DC---- C:\Windows\system32\catroot
2009-10-10 04:21:03 ----DC---- C:\Program Files\Common Files\microsoft shared
2009-10-10 04:19:07 ----DC---- C:\Windows\system32\drivers
2009-10-10 04:17:57 ----DC---- C:\Windows\system32\catroot2
2009-10-10 04:13:10 ----DC---- C:\Windows\Debug
2009-10-09 14:39:28 ----SDC---- C:\Windows\Downloaded Program Files
2009-10-09 13:56:23 ----DC---- C:\Program Files\Google
2009-10-09 13:48:33 ----DC---- C:\Program Files\Common Files
2009-10-09 13:42:50 ----DC---- C:\Windows\Tasks
2009-10-09 13:39:53 ----DC---- C:\Program Files\Common Files\Adobe
2009-10-09 13:39:53 ----DC---- C:\Program Files\Adobe
2009-10-07 14:02:13 ----DC---- C:\Program Files\Common Files\Symantec Shared
2009-09-30 08:56:03 ----DC---- C:\Windows\system32\en-US
2009-09-29 10:44:50 ----AC---- C:\Windows\system.ini
2009-09-29 10:42:42 ----DC---- C:\Windows\AppPatch
2009-09-27 03:35:52 ----D---- C:\Windows\rescache
2009-09-27 03:18:45 ----DC---- C:\Program Files\Microsoft Silverlight
2009-09-27 03:17:14 ----DC---- C:\Windows\system32\migration
2009-09-27 03:17:14 ----DC---- C:\Program Files\Windows Mail
2009-09-27 03:17:13 ----DC---- C:\Program Files\Windows Media Player
2009-09-27 03:17:13 ----DC---- C:\Program Files\Internet Explorer
2009-09-27 03:09:35 ----DC---- C:\Windows\Microsoft.NET
2009-09-26 14:04:35 ----DC---- C:\Windows\system32\config
2009-09-25 04:12:07 ----DC---- C:\Windows\Logs
2009-09-20 16:52:03 ----DC---- C:\Windows\system32\Tasks
2009-09-16 09:00:17 ----DC---- C:\Windows\system32\DRVSTORE
2009-09-08 19:55:24 ----DC---- C:\Windows\Minidump
2009-08-28 14:38:22 ----AC---- C:\Windows\system32\mrt.exe
2009-08-25 12:55:00 ----DC---- C:\Windows\Help
2009-08-25 12:54:17 ----RSDC---- C:\Windows\assembly
2009-08-24 22:39:06 ----SDC---- C:\Users\User\AppData\Roaming\Microsoft
2009-07-17 09:47:23 ----RSDC---- C:\Windows\Fonts
2009-07-17 09:41:08 ----DC---- C:\Windows\system

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\D:\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-07-28 55656]
R2 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-02-06 55280]
R3 DM9102; CNet PRO200 PCI Fast Ethernet NT Driver ; C:\Windows\system32\DRIVERS\DM9PCI5.SYS [2002-10-29 33280]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-09-19 1959832]
R3 NVENETFD;NVIDIA nForce 10/100 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2008-08-01 1052704]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-02-18 7765504]
S1 Avgfwfd;AVG network filter service; C:\Windows\system32\DRIVERS\avgfwd6x.sys [2009-08-24 23832]
S3 2WIREPCP;2Wire USB; C:\Windows\system32\DRIVERS\2WirePCP.sys [2007-03-23 60768]
S3 BlueletAudio;Bluetooth Audio Service; C:\Windows\system32\DRIVERS\blueletaudio.sys []
S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\Windows\system32\DRIVERS\BlueletSCOAudio.sys []
S3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys []
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-21 19456]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-21 131584]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-21 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-21 36864]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2008-11-14 36608]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2008-07-22 15600]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-21 49664]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-21 8192]
S3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2008-03-31 51200]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 VComm;Virtual Serial port driver; C:\Windows\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:\Windows\System32\Drivers\VcommMgr.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; D:\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; D:\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 fsssvc;Windows Live Family Safety; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-02-18 207392]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S2 gupdate1c9a391f4bedba5;Google Update Service (gupdate1c9a391f4bedba5); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-13 133104]
S3 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe []
S3 NBService;NBService; D:\Program Files\Nero 7\Nero BackItUp\NBService.exe []
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]

-----------------EOF-----------------
Trigger
Regular Member
 
Posts: 55
Joined: September 16th, 2009, 7:05 am
Advertisement
Register to Remove

PreviousNext

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 399 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware