Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

cant run hijackthis

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: cant run hijackthis

Unread postby Trigger » October 18th, 2009, 12:40 am

c:\windows\erdnt\cache\tcpip.sys
c:\windows\softwaredistribution\download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18005_none_b5098b5e63880c42\tcpip.sys
c:\windows\system32\drivers\tcpip.sys
c:\windows\winsxs\backup\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3_tcpip.sys_3339bd51
c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys
c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys
c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys
c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys
c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys
c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\tcpip.sys
c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys
c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\tcpip.sys
c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\tcpip.sys
Trigger
Regular Member
 
Posts: 55
Joined: September 16th, 2009, 7:05 am
Advertisement
Register to Remove

Re: cant run hijackthis

Unread postby Trigger » October 18th, 2009, 12:45 am

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0

; Results at 10/18/2009 2:43:32 PM for strings:
; 'avgfwfd'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGFWFD]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGFWFD\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGFWFD\0000]
"Service"="Avgfwfd"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGFWFD\0000\Control]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgfwfd]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgfwfd\Linkage]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgfwfd\Parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgfwfd\Parameters\Adapters]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgfwfd\Parameters\Adapters\{31CDCB4E-6651-4A46-8E01-5BDC759DF486}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgfwfd\Parameters\Adapters\{31CDCB4E-6651-4A46-8E01-5BDC759DF486}\{FDDDF6A6-9B8C-4545-BFAF-4ADD56257B8B}-0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgfwfd\Parameters\Adapters\{494B353E-2576-41C2-AC89-C4292C286597}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgfwfd\Parameters\Adapters\{494B353E-2576-41C2-AC89-C4292C286597}\{FDDDF6A6-9B8C-4545-BFAF-4ADD56257B8B}-0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgfwfd\Parameters\Adapters\{7249F57B-9C1A-410C-A0BA-803A7F73C5EB}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgfwfd\Parameters\Adapters\{7249F57B-9C1A-410C-A0BA-803A7F73C5EB}\{FDDDF6A6-9B8C-4545-BFAF-4ADD56257B8B}-0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgfwfd\Parameters\Adapters\{7D965245-1D18-4311-93E7-85170C98C195}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgfwfd\Parameters\Adapters\{7D965245-1D18-4311-93E7-85170C98C195}\{FDDDF6A6-9B8C-4545-BFAF-4ADD56257B8B}-0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgfwfd\Parameters\Adapters\{AC21E6AE-EFDD-439E-86DE-1124994C0D1D}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgfwfd\Parameters\Adapters\{AC21E6AE-EFDD-439E-86DE-1124994C0D1D}\{FDDDF6A6-9B8C-4545-BFAF-4ADD56257B8B}-0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgfwfd\Parameters\Adapters\{AE5C9541-AE38-404A-9CD1-B028A23777E1}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgfwfd\Parameters\Adapters\{AE5C9541-AE38-404A-9CD1-B028A23777E1}\{FDDDF6A6-9B8C-4545-BFAF-4ADD56257B8B}-0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgfwfd\Parameters\Adapters\{B051BBF1-D2E7-4AD6-A1A3-C8676AB2F333}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgfwfd\Parameters\Adapters\{B051BBF1-D2E7-4AD6-A1A3-C8676AB2F333}\{FDDDF6A6-9B8C-4545-BFAF-4ADD56257B8B}-0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgfwfd\Parameters\Adapters\{B7D66861-85B8-4C9A-955E-6E1787047CFD}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgfwfd\Parameters\Adapters\{B7D66861-85B8-4C9A-955E-6E1787047CFD}\{FDDDF6A6-9B8C-4545-BFAF-4ADD56257B8B}-0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgfwfd\Parameters\Adapters\{F1430577-E05B-49CF-80CF-163B4F915EC1}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgfwfd\Parameters\Adapters\{F1430577-E05B-49CF-80CF-163B4F915EC1}\{FDDDF6A6-9B8C-4545-BFAF-4ADD56257B8B}-0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgfwfd\Parameters\NdisAdapters]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgfwfd\Parameters\NdisAdapters\{494B353E-2576-41C2-AC89-C4292C286597}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgfwfd\Parameters\NdisAdapters\{7249F57B-9C1A-410C-A0BA-803A7F73C5EB}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgfwfd\Parameters\NdisAdapters\{7D965245-1D18-4311-93E7-85170C98C195}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgfwfd\Parameters\NdisAdapters\{AC21E6AE-EFDD-439E-86DE-1124994C0D1D}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgfwfd\Parameters\NdisAdapters\{B051BBF1-D2E7-4AD6-A1A3-C8676AB2F333}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgfwfd\Parameters\NdisAdapters\{B7D66861-85B8-4C9A-955E-6E1787047CFD}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgfwfd\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgfwfd\Enum]
"0"="Root\\LEGACY_AVGFWFD\\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Enum\Root\LEGACY_AVGFWFD]

[HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Enum\Root\LEGACY_AVGFWFD\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Enum\Root\LEGACY_AVGFWFD\0000]
"Service"="Avgfwfd"

[HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Services\Avgfwfd]

[HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Services\Avgfwfd\Linkage]

[HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Services\Avgfwfd\Parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Services\Avgfwfd\Parameters\Adapters]

[HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Services\Avgfwfd\Parameters\Adapters\{31CDCB4E-6651-4A46-8E01-5BDC759DF486}]

[HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Services\Avgfwfd\Parameters\Adapters\{31CDCB4E-6651-4A46-8E01-5BDC759DF486}\{FDDDF6A6-9B8C-4545-BFAF-4ADD56257B8B}-0000]

[HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Services\Avgfwfd\Parameters\Adapters\{494B353E-2576-41C2-AC89-C4292C286597}]

[HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Services\Avgfwfd\Parameters\Adapters\{494B353E-2576-41C2-AC89-C4292C286597}\{FDDDF6A6-9B8C-4545-BFAF-4ADD56257B8B}-0000]

[HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Services\Avgfwfd\Parameters\Adapters\{7249F57B-9C1A-410C-A0BA-803A7F73C5EB}]

[HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Services\Avgfwfd\Parameters\Adapters\{7249F57B-9C1A-410C-A0BA-803A7F73C5EB}\{FDDDF6A6-9B8C-4545-BFAF-4ADD56257B8B}-0000]

[HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Services\Avgfwfd\Parameters\Adapters\{7D965245-1D18-4311-93E7-85170C98C195}]

[HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Services\Avgfwfd\Parameters\Adapters\{7D965245-1D18-4311-93E7-85170C98C195}\{FDDDF6A6-9B8C-4545-BFAF-4ADD56257B8B}-0000]

[HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Services\Avgfwfd\Parameters\Adapters\{AC21E6AE-EFDD-439E-86DE-1124994C0D1D}]

[HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Services\Avgfwfd\Parameters\Adapters\{AC21E6AE-EFDD-439E-86DE-1124994C0D1D}\{FDDDF6A6-9B8C-4545-BFAF-4ADD56257B8B}-0000]

[HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Services\Avgfwfd\Parameters\Adapters\{AE5C9541-AE38-404A-9CD1-B028A23777E1}]

[HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Services\Avgfwfd\Parameters\Adapters\{AE5C9541-AE38-404A-9CD1-B028A23777E1}\{FDDDF6A6-9B8C-4545-BFAF-4ADD56257B8B}-0000]

[HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Services\Avgfwfd\Parameters\Adapters\{B051BBF1-D2E7-4AD6-A1A3-C8676AB2F333}]

[HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Services\Avgfwfd\Parameters\Adapters\{B051BBF1-D2E7-4AD6-A1A3-C8676AB2F333}\{FDDDF6A6-9B8C-4545-BFAF-4ADD56257B8B}-0000]

[HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Services\Avgfwfd\Parameters\Adapters\{B7D66861-85B8-4C9A-955E-6E1787047CFD}]

[HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Services\Avgfwfd\Parameters\Adapters\{B7D66861-85B8-4C9A-955E-6E1787047CFD}\{FDDDF6A6-9B8C-4545-BFAF-4ADD56257B8B}-0000]

[HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Services\Avgfwfd\Parameters\Adapters\{F1430577-E05B-49CF-80CF-163B4F915EC1}]

[HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Services\Avgfwfd\Parameters\Adapters\{F1430577-E05B-49CF-80CF-163B4F915EC1}\{FDDDF6A6-9B8C-4545-BFAF-4ADD56257B8B}-0000]

[HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Services\Avgfwfd\Parameters\NdisAdapters]

[HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Services\Avgfwfd\Parameters\NdisAdapters\{494B353E-2576-41C2-AC89-C4292C286597}]

[HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Services\Avgfwfd\Parameters\NdisAdapters\{7249F57B-9C1A-410C-A0BA-803A7F73C5EB}]

[HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Services\Avgfwfd\Parameters\NdisAdapters\{7D965245-1D18-4311-93E7-85170C98C195}]

[HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Services\Avgfwfd\Parameters\NdisAdapters\{AC21E6AE-EFDD-439E-86DE-1124994C0D1D}]

[HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Services\Avgfwfd\Parameters\NdisAdapters\{B051BBF1-D2E7-4AD6-A1A3-C8676AB2F333}]

[HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Services\Avgfwfd\Parameters\NdisAdapters\{B7D66861-85B8-4C9A-955E-6E1787047CFD}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGFWFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGFWFD\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGFWFD\0000]
"Service"="Avgfwfd"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGFWFD\0000\Control]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avgfwfd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avgfwfd\Linkage]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avgfwfd\Parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avgfwfd\Parameters\Adapters]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avgfwfd\Parameters\Adapters\{31CDCB4E-6651-4A46-8E01-5BDC759DF486}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avgfwfd\Parameters\Adapters\{31CDCB4E-6651-4A46-8E01-5BDC759DF486}\{FDDDF6A6-9B8C-4545-BFAF-4ADD56257B8B}-0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avgfwfd\Parameters\Adapters\{494B353E-2576-41C2-AC89-C4292C286597}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avgfwfd\Parameters\Adapters\{494B353E-2576-41C2-AC89-C4292C286597}\{FDDDF6A6-9B8C-4545-BFAF-4ADD56257B8B}-0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avgfwfd\Parameters\Adapters\{7249F57B-9C1A-410C-A0BA-803A7F73C5EB}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avgfwfd\Parameters\Adapters\{7249F57B-9C1A-410C-A0BA-803A7F73C5EB}\{FDDDF6A6-9B8C-4545-BFAF-4ADD56257B8B}-0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avgfwfd\Parameters\Adapters\{7D965245-1D18-4311-93E7-85170C98C195}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avgfwfd\Parameters\Adapters\{7D965245-1D18-4311-93E7-85170C98C195}\{FDDDF6A6-9B8C-4545-BFAF-4ADD56257B8B}-0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avgfwfd\Parameters\Adapters\{AC21E6AE-EFDD-439E-86DE-1124994C0D1D}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avgfwfd\Parameters\Adapters\{AC21E6AE-EFDD-439E-86DE-1124994C0D1D}\{FDDDF6A6-9B8C-4545-BFAF-4ADD56257B8B}-0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avgfwfd\Parameters\Adapters\{AE5C9541-AE38-404A-9CD1-B028A23777E1}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avgfwfd\Parameters\Adapters\{AE5C9541-AE38-404A-9CD1-B028A23777E1}\{FDDDF6A6-9B8C-4545-BFAF-4ADD56257B8B}-0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avgfwfd\Parameters\Adapters\{B051BBF1-D2E7-4AD6-A1A3-C8676AB2F333}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avgfwfd\Parameters\Adapters\{B051BBF1-D2E7-4AD6-A1A3-C8676AB2F333}\{FDDDF6A6-9B8C-4545-BFAF-4ADD56257B8B}-0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avgfwfd\Parameters\Adapters\{B7D66861-85B8-4C9A-955E-6E1787047CFD}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avgfwfd\Parameters\Adapters\{B7D66861-85B8-4C9A-955E-6E1787047CFD}\{FDDDF6A6-9B8C-4545-BFAF-4ADD56257B8B}-0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avgfwfd\Parameters\Adapters\{F1430577-E05B-49CF-80CF-163B4F915EC1}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avgfwfd\Parameters\Adapters\{F1430577-E05B-49CF-80CF-163B4F915EC1}\{FDDDF6A6-9B8C-4545-BFAF-4ADD56257B8B}-0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avgfwfd\Parameters\NdisAdapters]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avgfwfd\Parameters\NdisAdapters\{494B353E-2576-41C2-AC89-C4292C286597}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avgfwfd\Parameters\NdisAdapters\{7249F57B-9C1A-410C-A0BA-803A7F73C5EB}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avgfwfd\Parameters\NdisAdapters\{7D965245-1D18-4311-93E7-85170C98C195}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avgfwfd\Parameters\NdisAdapters\{AC21E6AE-EFDD-439E-86DE-1124994C0D1D}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avgfwfd\Parameters\NdisAdapters\{B051BBF1-D2E7-4AD6-A1A3-C8676AB2F333}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avgfwfd\Parameters\NdisAdapters\{B7D66861-85B8-4C9A-955E-6E1787047CFD}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avgfwfd\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avgfwfd\Enum]
"0"="Root\\LEGACY_AVGFWFD\\0000"

; End Of The Log...
Trigger
Regular Member
 
Posts: 55
Joined: September 16th, 2009, 7:05 am

Re: cant run hijackthis

Unread postby Wingman » October 20th, 2009, 7:04 am

Hello Trigger,

Please do not run any "fix" programs and/or remove any files unless instructed to do so, by me. I need to see what's present in order to properly diagnose the problem(s) and recommend corrective actions. Thanks.

Please read these instructions carefully before executing and then perform the steps, in the order given.
lf, you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem.

Step 1.
ERUNT - Emergency Recovery Utility NT
Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.
Run:
  1. Please navigate to Start >> All Programs >> ERUNT.
  2. Click on OK within the pop-up menu.
  3. In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  4. Next click on "OK"... at the prompt... reply "Yes".
    After a short duration the Registry backup is complete! pop-up message will appear.
  5. Now click on "OK". A registry backup has now been created.
< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!

Step 2.
OTM
You should still have this program on your desktop... if so, please ignore the downlaod instructions.
  1. Please download OTM.exe...by Old Timer. Save it to your desktop.
  2. Right click on OTM.exe and select Run As Administrator to run it. If Windows UAC prompts, please allow it.
  3. Please copy and paste the text in the Code box below, into OTM (1).
    Please refer to the OTM screen image below, for reference.
    Warning: Do not type it out... errors could damage your machine.
    Code: Select all
    :Processes
    :Reg
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgfwfd]
    [-HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Services\Avgfwfd]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avgfwfd]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGFWFD]
    [-HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Enum\Root\LEGACY_AVGFWFD]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGFWFD]
    :Files
    C:\Windows\system32\DRIVERS\avgfwd6x.sys
    :Commands
    [EmptyTemp]
    [Start Explorer]
    [Reboot]


    Please refer to this image to use OTM.

    Image
  4. Click on MoveIt! (2)
  5. The end results of the processing will be in 2 places:
    • The Results window on the right side of the OTM screen.
    • A log (text) file created in "C:\_OTM\MovedFiles\mmddyyyy_hhmmss.log"
  6. Copy all the text from the Results window... Open Notepad, paste the OTM results into the Notepad file, save it on your desktop.
  7. Click Exit (3) when done.
  8. Please paste the entire content from the OTM (Results) window (Notepad file) or the OTM log file, in your next reply.
NOTE: If your computer did not automatically reboot... please reboot it (normally) now!

Step 3.
ESET NOD32 Online Scan
Let's check your system again, for any stragglers, now that we've removed the 2 shown before.
Note: You - will - need to use Internet Explorer for this scan!
Vista users: You will need to to right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
Please temporarily disable your Anti-virus real-time protection. If active, it could impact the online scan.
AVIRA ANTIVIR
Please navigate to the system tray on the bottom right hand corner and look for an open white umbrella on red background (looks to this: Image )
  • right click it-> untick the option AntiVir Guard enable.
  • You should now see a closed, white umbrella on a red background (looks to this: Image )
Please go to ESET Online Scanner - © ESET All Rights Reserved... to run an online scan.
** Make sure you are using an account that has Administrative privileges **
    Press the "ESET Online Scanner" button.
  1. Check the box next to "YES, I accept the Terms of Use."
  2. Click "Start"... a window will open... it may appear nothing is happening... please be patient.
  3. Click Yes... at the run ActiveX prompt. Click Install... at the install ActiveX prompt.
    Once installed, the scanner will be initialized.
  4. Click "Start". Make sure that the options:
    • Remove found threats is UNCHECKED
    • Leave the "default" settings under Advanced as they are, if not set , please check:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
  5. Click "Start"... ESET scanner will begin to download the virus signatures database.
    When the signatures have been downloaded, the scan will start automatically.
  6. Wait for the scan to finish... it may take a while... please be patient. When the scan is finished...
  7. Use Notepad to open the log file located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste the contents of log.txt in your next reply.

Remember to enable your Anti-virus protection... before continuing!

Step 4.
RSIT (Random's System Information Tool)
You should still have this program on your desktop. If so, just ignore the download instructions.
Please download RSIT by random/random... save it to your desktop.

In order for both info and log files to be produced again, I need you to delete the existing RSIT folder:
  1. C:\RSIT <-- delete this entire folder , then...
  2. Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
  3. Please read the disclaimer... click on Continue.
    RSIT will start running. When done... 2 (Notepad) text files...will be produced.
    The first one, "log.txt", <<will be maximized... the second one, "info.txt", <<will be minimized.
  4. Please post both... "log.txt" and "info.txt", file contents in your next reply.
    (These logs can be lengthy, so post 1 log per reply please.)

Step 5.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. OTM Results or OTM log file contents
  3. RegSearch.txt file contents.
  4. fileloc.txt file contents.
  5. How is the computer behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: cant run hijackthis

Unread postby Trigger » October 21st, 2009, 1:08 am

hey wingman thanks for all your help, and here is the info you requested
Any problem executing the instructions? no, only with erunt but it was me not running the prog as admin :shock:
OTM Results or OTM log file contents?...
RegSearch.txt file contents?...
fileloc.txt file contents?... all logs in next reply's
How is the computer behaving? net surfing is still slow
Last edited by Trigger on October 21st, 2009, 6:00 am, edited 1 time in total.
Trigger
Regular Member
 
Posts: 55
Joined: September 16th, 2009, 7:05 am

Re: cant run hijackthis

Unread postby Trigger » October 21st, 2009, 1:09 am

All processes killed
========== PROCESSES ==========
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgfwfd\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Services\Avgfwfd\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avgfwfd\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGFWFD\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Enum\Root\LEGACY_AVGFWFD\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGFWFD\ scheduled to be deleted on reboot.
========== FILES ==========
C:\Windows\system32\DRIVERS\avgfwd6x.sys moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: User
->Temp folder emptied: 32768 bytes
->Temporary Internet Files folder emptied: 831714 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 31491942 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 234721 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 31.08 mb


OTM by OldTimer - Version 3.0.0.6 log created on 10212009_134700

Files moved on Reboot...

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGFWFD\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Enum\Root\LEGACY_AVGFWFD\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGFWFD\ scheduled to be deleted on reboot.
Trigger
Regular Member
 
Posts: 55
Joined: September 16th, 2009, 7:05 am

Re: cant run hijackthis

Unread postby Trigger » October 21st, 2009, 1:11 am

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=1ed0b52572007648903717759f8e5b94
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-10-16 05:20:56
# local_time=2009-10-16 03:20:56 (+1000, E. Australia Standard Time)
# country="United States"
# lang=9
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=1797 61 100 100 886969015247
# compatibility_mode=5889 61 66 100 547876766231841
# scanned=85404
# found=2
# cleaned=0
# scan_time=1569
E:\Downloads\gamingharbor_installer.exe a variant of Win32/Adware.DoubleD.AB application 00000000000000000000000000000000 I
E:\Downloads\setup.exe a variant of Win32/Kryptik.AKL trojan 00000000000000000000000000000000 I
# version=6
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=1ed0b52572007648903717759f8e5b94
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-10-21 04:50:36
# local_time=2009-10-21 02:50:36 (+1000, E. Australia Standard Time)
# country="United States"
# lang=9
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=1797 61 100 100 850189971296
# compatibility_mode=5889 61 66 100 552178567187890
# scanned=110341
# found=2
# cleaned=0
# scan_time=1766
C:\_OTM\MovedFiles\10182009_141030\Downloads\gamingharbor_installer.exe a variant of Win32/Adware.DoubleD.AB application 00000000000000000000000000000000 I
C:\_OTM\MovedFiles\10182009_141030\Downloads\setup.exe a variant of Win32/Kryptik.AKL trojan 00000000000000000000000000000000 I
Trigger
Regular Member
 
Posts: 55
Joined: September 16th, 2009, 7:05 am

Re: cant run hijackthis

Unread postby Trigger » October 21st, 2009, 1:12 am

Logfile of random's system information tool 1.06 (written by random/random)
Run by User at 2009-10-21 14:53:59
Microsoft® Windows Vista™ Home Basic Service Pack 1
System drive C: has 895 MB (6%) free of 15 GB
Total RAM: 1917 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:54:20 PM, on 10/21/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Windows\System32\rundll32.exe
E:\Program Files\HP\HP Software Update\hpwuSchd2.exe
D:\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
E:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
E:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Users\User\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\User.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.malwareremoval.com/forum/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - E:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "e:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [avgnt] "D:\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - E:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: linkscanner - (no CLSID) - (no file)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Update Service (gupdate1c9a391f4bedba5) (gupdate1c9a391f4bedba5) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: NBService - Unknown owner - D:\Program Files\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

--
End of file - 5149 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
Windows Live Family Safety Browser Helper Class - C:\Program Files\Windows Live\Family Safety\fssbho.dll [2009-02-06 61808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - E:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-14 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - E:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-09-19 4702208]
"fssui"=C:\Program Files\Windows Live\Family Safety\fsui.exe [2009-02-06 454000]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-02-18 13683232]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2009-02-18 92704]
"HP Software Update"=E:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"Malwarebytes Anti-Malware (reboot)"=e:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"avgnt"=D:\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 3 months======

2009-10-21 14:53:59 ----DC---- C:\rsit
2009-10-21 14:53:59 ----DC---- \rsit
2009-10-20 15:10:51 ----HDC---- C:\BJPrinter
2009-10-20 15:10:51 ----HDC---- \BJPrinter
2009-10-16 13:53:25 ----DC---- C:\Program Files\ESET
2009-10-16 04:18:39 ----DC---- C:\_OTM
2009-10-16 04:18:39 ----DC---- \_OTM
2009-10-14 13:46:20 ----AC---- C:\Windows\system32\javaws.exe
2009-10-14 13:46:20 ----AC---- C:\Windows\system32\javaw.exe
2009-10-14 13:46:20 ----AC---- C:\Windows\system32\java.exe
2009-10-07 04:28:32 ----DC---- C:\Program Files\ERUNT
2009-10-04 01:30:31 ----C---- C:\Windows\system32\MpSigStub.exe
2009-09-30 09:25:41 ----DC---- C:\Users\User\AppData\Roaming\Malwarebytes
2009-09-30 08:56:03 ----AC---- C:\Windows\system32\CF14287.exe
2009-09-30 08:56:00 ----AC---- C:\Windows\system32\swsc.exe
2009-09-29 10:46:46 ----DC---- C:\Windows\temp
2009-09-29 10:45:38 ----SHDC---- C:\$RECYCLE.BIN
2009-09-29 10:45:38 ----SHDC---- \$RECYCLE.BIN
2009-09-27 03:10:44 ----AC---- C:\Windows\system32\tzres.dll
2009-09-26 16:47:37 ----AC---- C:\Windows\system32\jscript.dll
2009-09-26 16:47:27 ----AC---- C:\Windows\system32\TCPSVCS.EXE
2009-09-26 16:47:27 ----AC---- C:\Windows\system32\ROUTE.EXE
2009-09-26 16:47:27 ----AC---- C:\Windows\system32\NETSTAT.EXE
2009-09-26 16:47:27 ----AC---- C:\Windows\system32\netiohlp.dll
2009-09-26 16:47:27 ----AC---- C:\Windows\system32\MRINFO.EXE
2009-09-26 16:47:27 ----AC---- C:\Windows\system32\HOSTNAME.EXE
2009-09-26 16:47:27 ----AC---- C:\Windows\system32\finger.exe
2009-09-26 16:47:27 ----AC---- C:\Windows\system32\ARP.EXE
2009-09-26 16:47:26 ----AC---- C:\Windows\system32\netevent.dll
2009-09-26 16:46:13 ----AC---- C:\Windows\system32\wlanmsm.dll
2009-09-26 16:46:12 ----AC---- C:\Windows\system32\wlansvc.dll
2009-09-26 16:46:12 ----AC---- C:\Windows\system32\wlansec.dll
2009-09-26 16:46:12 ----AC---- C:\Windows\system32\L2SecHC.dll
2009-09-26 16:46:06 ----AC---- C:\Windows\system32\t2embed.dll
2009-09-26 16:46:06 ----AC---- C:\Windows\system32\fontsub.dll
2009-09-26 16:46:06 ----AC---- C:\Windows\system32\atmfd.dll
2009-09-26 16:46:05 ----AC---- C:\Windows\system32\dciman32.dll
2009-09-26 16:45:45 ----AC---- C:\Windows\system32\WMVCORE.DLL
2009-09-26 16:45:44 ----AC---- C:\Windows\system32\mf.dll
2009-09-26 16:45:36 ----AC---- C:\Windows\system32\atl.dll
2009-09-26 16:45:31 ----AC---- C:\Windows\system32\wkssvc.dll
2009-09-26 16:45:15 ----AC---- C:\Windows\system32\mshtml.dll
2009-09-26 16:45:14 ----AC---- C:\Windows\system32\ieframe.dll
2009-09-26 16:45:12 ----AC---- C:\Windows\system32\wininet.dll
2009-09-26 16:45:12 ----AC---- C:\Windows\system32\urlmon.dll
2009-09-26 16:45:12 ----AC---- C:\Windows\system32\msfeeds.dll
2009-09-26 16:45:12 ----AC---- C:\Windows\system32\iertutil.dll
2009-09-26 16:45:11 ----AC---- C:\Windows\system32\occache.dll
2009-09-26 16:45:11 ----AC---- C:\Windows\system32\iedkcs32.dll
2009-09-26 16:45:10 ----AC---- C:\Windows\system32\ieUnatt.exe
2009-09-26 16:45:10 ----AC---- C:\Windows\system32\ieui.dll
2009-09-26 16:45:10 ----AC---- C:\Windows\system32\iepeers.dll
2009-09-26 16:45:09 ----AC---- C:\Windows\system32\msfeedssync.exe
2009-09-26 16:45:09 ----AC---- C:\Windows\system32\msfeedsbs.dll
2009-09-26 16:45:09 ----AC---- C:\Windows\system32\jsproxy.dll
2009-09-26 16:45:09 ----AC---- C:\Windows\system32\iesysprep.dll
2009-09-26 16:45:09 ----AC---- C:\Windows\system32\iesetup.dll
2009-09-26 16:45:09 ----AC---- C:\Windows\system32\iernonce.dll
2009-09-26 16:45:09 ----AC---- C:\Windows\system32\ie4uinit.exe
2009-09-26 16:45:05 ----AC---- C:\Windows\system32\mstscax.dll
2009-09-26 16:44:58 ----AC---- C:\Windows\system32\avifil32.dll
2009-09-26 16:44:45 ----AC---- C:\Windows\system32\wmp.dll
2009-09-26 16:44:44 ----AC---- C:\Windows\system32\wmpdxm.dll
2009-09-26 16:44:43 ----AC---- C:\Windows\system32\spwmp.dll
2009-09-26 16:44:42 ----AC---- C:\Windows\system32\dxmasf.dll
2009-09-26 16:44:41 ----AC---- C:\Windows\system32\wmploc.DLL
2009-09-26 16:41:51 ----AC---- C:\Windows\system32\Apphlpdm.dll
2009-09-26 16:41:49 ----AC---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-09-26 13:41:42 ----AC---- C:\Windows\zip.exe
2009-09-26 13:41:42 ----AC---- C:\Windows\SWXCACLS.exe
2009-09-26 13:41:42 ----AC---- C:\Windows\SWSC.exe
2009-09-26 13:41:42 ----AC---- C:\Windows\SWREG.exe
2009-09-26 13:41:42 ----AC---- C:\Windows\sed.exe
2009-09-26 13:41:42 ----AC---- C:\Windows\NIRCMD.exe
2009-09-26 13:41:42 ----AC---- C:\Windows\grep.exe
2009-09-26 13:41:39 ----DC---- C:\Windows\ERDNT
2009-09-26 13:41:03 ----DC---- C:\Qoobox
2009-09-26 13:41:03 ----DC---- \Qoobox
2009-09-24 07:54:46 ----AC---- C:\RootRepeal report 09-24-09 (07-54-46).txt
2009-09-24 07:54:46 ----AC---- \RootRepeal report 09-24-09 (07-54-46).txt
2009-09-20 16:54:16 ----DC---- C:\Program Files\Trend Micro
2009-09-19 15:07:37 ----AC---- C:\MGtools.exe
2009-09-19 15:07:37 ----AC---- \MGtools.exe
2009-09-16 09:04:13 ----DC---- C:\Program Files\Common Files\iS3
2009-09-06 22:26:18 ----DC---- C:\Windows\BDOSCAN8
2009-09-05 21:32:40 ----AC---- C:\Windows\PhotoSnapViewer.INI
2009-08-26 04:23:34 ----DC---- C:\Windows\Sun
2009-08-25 13:03:00 ----DC---- C:\Users\User\AppData\Roaming\KodakCredentialStore
2009-08-25 12:59:43 ----DC---- C:\Users\User\AppData\Roaming\Skinux
2009-08-25 12:58:10 ----ASHC---- C:\Users\User\AppData\Roaming\desktop.ini
2009-08-25 12:57:27 ----DC---- C:\Users\User\AppData\Roaming\ArcSoft
2009-08-25 12:55:54 ----DC---- C:\Program Files\Common Files\ArcSoft
2009-08-25 12:55:00 ----DC---- C:\Program Files\Kodak
2009-08-25 12:52:50 ----DC---- C:\Program Files\Common Files\Kodak
2009-08-25 12:51:30 ----DC---- C:\Program Files\Common Files\MSSoap
2009-08-25 09:31:05 ----AC---- C:\Windows\NeroDigital.ini
2009-08-24 22:21:48 ----DC---- C:\Users\User\AppData\Roaming\AVG8
2009-08-08 21:22:08 ----DC---- C:\Program Files\MarkAnyContentSAFER
2009-08-08 21:06:31 ----DC---- C:\Windows\system32\Samsung_USB_Drivers
2009-08-08 21:05:07 ----AC---- C:\Windows\system32\FsUsbExDevice.Dll
2009-08-08 21:05:07 ----A---- C:\Windows\system32\FsUsbExService.Exe
2009-08-08 21:03:52 ----DC---- C:\Users\User\AppData\Roaming\Samsung

======List of files/folders modified in the last 3 months======

2009-10-21 14:54:10 ----DC---- C:\Windows\Prefetch
2009-10-21 14:09:23 ----DC---- C:\Windows\System32
2009-10-21 14:09:23 ----AC---- C:\Windows\system32\PerfStringBackup.INI
2009-10-21 14:09:22 ----DC---- C:\Windows\inf
2009-10-21 13:47:01 ----DC---- C:\Windows\system32\drivers
2009-10-21 08:36:21 ----SHD---- C:\System Volume Information
2009-10-21 08:36:21 ----SHD---- \System Volume Information
2009-10-16 13:53:26 ----SDC---- C:\Windows\Downloaded Program Files
2009-10-16 13:53:25 ----RDC---- C:\Program Files
2009-10-16 13:53:25 ----RDC---- \Program Files
2009-10-14 13:46:29 ----SHDC---- C:\Windows\Installer
2009-10-14 13:46:29 ----DC---- C:\Config.Msi
2009-10-14 13:46:29 ----DC---- \Config.Msi
2009-10-14 13:46:12 ----AC---- C:\Windows\system32\deploytk.dll
2009-10-14 13:42:17 ----DC---- C:\Program Files\Common Files
2009-10-12 10:59:42 ----DC---- C:\Program Files\Windows Live
2009-10-12 10:58:52 ----D---- C:\Windows\winsxs
2009-10-12 10:47:51 ----DC---- C:\ProgramData
2009-10-12 10:47:51 ----DC---- \ProgramData
2009-10-10 14:19:37 ----HDC---- C:\Program Files\InstallShield Installation Information
2009-10-10 14:04:25 ----DC---- C:\Windows
2009-10-10 14:04:25 ----DC---- \Windows
2009-10-10 13:51:16 ----DC---- C:\Windows\system32\catroot
2009-10-10 04:21:03 ----DC---- C:\Program Files\Common Files\microsoft shared
2009-10-10 04:17:57 ----DC---- C:\Windows\system32\catroot2
2009-10-10 04:13:10 ----DC---- C:\Windows\Debug
2009-10-09 13:56:23 ----DC---- C:\Program Files\Google
2009-10-09 13:42:50 ----DC---- C:\Windows\Tasks
2009-10-09 13:39:53 ----DC---- C:\Program Files\Common Files\Adobe
2009-10-09 13:39:53 ----DC---- C:\Program Files\Adobe
2009-10-07 14:02:13 ----DC---- C:\Program Files\Common Files\Symantec Shared
2009-09-30 08:56:03 ----DC---- C:\Windows\system32\en-US
2009-09-29 10:44:50 ----AC---- C:\Windows\system.ini
2009-09-29 10:42:42 ----DC---- C:\Windows\AppPatch
2009-09-27 03:35:52 ----D---- C:\Windows\rescache
2009-09-27 03:18:45 ----DC---- C:\Program Files\Microsoft Silverlight
2009-09-27 03:17:14 ----DC---- C:\Windows\system32\migration
2009-09-27 03:17:14 ----DC---- C:\Program Files\Windows Mail
2009-09-27 03:17:13 ----DC---- C:\Program Files\Windows Media Player
2009-09-27 03:17:13 ----DC---- C:\Program Files\Internet Explorer
2009-09-27 03:09:35 ----DC---- C:\Windows\Microsoft.NET
2009-09-26 14:04:35 ----DC---- C:\Windows\system32\config
2009-09-25 04:12:07 ----DC---- C:\Windows\Logs
2009-09-20 16:52:03 ----DC---- C:\Windows\system32\Tasks
2009-09-16 09:00:17 ----DC---- C:\Windows\system32\DRVSTORE
2009-09-08 19:55:24 ----DC---- C:\Windows\Minidump
2009-08-28 14:38:22 ----AC---- C:\Windows\system32\mrt.exe
2009-08-25 12:55:00 ----DC---- C:\Windows\Help
2009-08-25 12:54:17 ----RSDC---- C:\Windows\assembly
2009-08-24 22:39:06 ----SDC---- C:\Users\User\AppData\Roaming\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\D:\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-07-28 55656]
R2 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-02-06 55280]
R3 DM9102; CNet PRO200 PCI Fast Ethernet NT Driver ; C:\Windows\system32\DRIVERS\DM9PCI5.SYS [2002-10-29 33280]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-09-19 1959832]
R3 NVENETFD;NVIDIA nForce 10/100 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2008-08-01 1052704]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-02-18 7765504]
S3 2WIREPCP;2Wire USB; C:\Windows\system32\DRIVERS\2WirePCP.sys [2007-03-23 60768]
S3 BlueletAudio;Bluetooth Audio Service; C:\Windows\system32\DRIVERS\blueletaudio.sys []
S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\Windows\system32\DRIVERS\BlueletSCOAudio.sys []
S3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys []
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-21 19456]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-21 131584]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-21 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-21 36864]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2008-11-14 36608]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2008-07-22 15600]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-21 49664]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-21 8192]
S3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2008-03-31 51200]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 VComm;Virtual Serial port driver; C:\Windows\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:\Windows\System32\Drivers\VcommMgr.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; D:\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; D:\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 fsssvc;Windows Live Family Safety; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-02-18 207392]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S2 gupdate1c9a391f4bedba5;Google Update Service (gupdate1c9a391f4bedba5); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-13 133104]
S3 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe []
S3 NBService;NBService; D:\Program Files\Nero 7\Nero BackItUp\NBService.exe []
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]

-----------------EOF-----------------
info.txt logfile of random's system information tool 1.06 2009-10-21 14:54:23

======Uninstall list======

32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Avira AntiVir Personal - Free Antivirus-->D:\Avira\AntiVir Desktop\setup.exe /REMOVE
CCleaner (remove only)-->"e:\Program Files\CCleaner\uninst.exe"
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
DM9XInst-->c:\Program Files\DAVICOM\DM9XInst\uninst2k.exe {D9E09B07-6C95-11D5-AEBB-00606E910201} PCI\ Win2k
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore-->MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock-->MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt-->MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
e-tax 2009-->MsiExec.exe /X{0A8C7880-F199-4807-ABD4-6E695B71A3D7}
fflink-->MsiExec.exe /I{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3-->E:\Program Files\HP\Digital Imaging\{D77D43B5-ED55-426b-B67B-E21F804F6102}\setup\hpzscr01.exe -datfile hposcr27.dat -onestop
HP Imaging Device Functions 10.0-->E:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Smart Web Printing-->E:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Update-->MsiExec.exe /X{11B83AD3-7A46-4C2E-A568-9505981D4C6F}
Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
Kodak EasyShare software-->C:\ProgramData\Kodak\EasyShareSetup\$SETUP_140001_328bb14\Setup.exe /APR-REMOVE
Malwarebytes' Anti-Malware-->"e:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft IPsec Diagnostic Tool-->MsiExec.exe /X{931DCC98-DA00-4908-8356-FB822088E278}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.5.3)-->e:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
netbrdg-->MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OGA Notifier 1.7.0105.35.0-->MsiExec.exe /I{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x9 -removeonly
SAMSUNG Mobile Modem Driver Set-->C:\Windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software-->C:\Windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\Windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\Windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
skin0001-->MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
staticcr-->MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Windows Driver Package - 2Wire (2WIREPCP) Net (03/22/2007 2.0)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\2wirepcp.inf_2b7726ce\2wirepcp.inf
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Family Safety-->MsiExec.exe /X{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}
Windows Live Mail-->MsiExec.exe /I{63C1109E-D977-49ED-BCE3-D00D0BF187D6}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Photo Gallery-->MsiExec.exe /X{3C52E7DA-C431-4239-B66B-1BF703D5B194}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}

======Hosts File======

::1 localhost

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: User-PC
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
BTHidMgr
cdrom
Record Number: 84805
Source Name: Service Control Manager
Time Written: 20091021034943.000000-000
Event Type: Error
User:

Computer Name: User-PC
Event Code: 5002
Message: CNet PRO200 PCI Fast Ethernet Adapter : Has determined that the network adapter is not functioning properly.
Record Number: 84826
Source Name: DM9102
Time Written: 20091021035536.371125-000
Event Type: Error
User:

Computer Name: User-PC
Event Code: 15016
Message: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.
Record Number: 84851
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20091021040502.510729-000
Event Type: Error
User:

Computer Name: User-PC
Event Code: 7022
Message: The HP CUE DeviceDiscovery Service service hung on starting.
Record Number: 84921
Source Name: Service Control Manager
Time Written: 20091021040644.000000-000
Event Type: Error
User:

Computer Name: User-PC
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
BTHidMgr
cdrom
Record Number: 84922
Source Name: Service Control Manager
Time Written: 20091021040644.000000-000
Event Type: Error
User:

=====Application event log=====

Computer Name: User-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 30644
Source Name: Microsoft-Windows-WMI
Time Written: 20091021034942.000000-000
Event Type: Error
User:

Computer Name: User-PC
Event Code: 11
Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Record Number: 30645
Source Name: Microsoft-Windows-CAPI2
Time Written: 20091021035001.000000-000
Event Type: Error
User:

Computer Name: User-PC
Event Code: 64
Message: Certificate for local system with Thumbprint 4e 7c 54 42 2a 43 1a db de 20 36 77 0e b2 fa 58 fb 58 cd 44 is about to expire or already expired.
Record Number: 30679
Source Name: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Time Written: 20091021040613.000000-000
Event Type: Warning
User:

Computer Name: User-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 30683
Source Name: Microsoft-Windows-WMI
Time Written: 20091021040643.000000-000
Event Type: Error
User:

Computer Name: User-PC
Event Code: 11
Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Record Number: 30686
Source Name: Microsoft-Windows-CAPI2
Time Written: 20091021040841.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: User-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 27364
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091021045420.077129-000
Event Type: Audit Failure
User:

Computer Name: User-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 27365
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091021045420.111129-000
Event Type: Audit Failure
User:

Computer Name: User-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 27366
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091021045420.145129-000
Event Type: Audit Failure
User:

Computer Name: User-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 27367
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091021045420.179129-000
Event Type: Audit Failure
User:

Computer Name: User-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 27368
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091021045420.212129-000
Event Type: Audit Failure
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Windows\Microsoft.NET\Framework\v2.0.50727;C:\Program Files\QuickTime\QTSystem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE

-----------------EOF-----------------
Trigger
Regular Member
 
Posts: 55
Joined: September 16th, 2009, 7:05 am

Re: cant run hijackthis

Unread postby Wingman » October 22nd, 2009, 9:54 am

Hello Trigger,
The ESET scan came back looking good... it found the files we moved in the last OTM run, which we will get rid of shortly... other than that, it showed no identifiable signs of malware. As I stated before it would benefit your overall computer response (including web browsing) to increase the size of your C:\ drive... so please visit one of those sites I referred to a while back, for assistance once we are done here.

Please read these instructions carefully before executing and then perform the steps, in the order given. lf, you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem.

Step 1.
Fix HijackThis entries
Important!
Please temporarily disable any anti-spyware programs you are using ...so they will not interfere with the entry we will be fixing in HijackThis.
WINDOWS DEFENDER
  1. Click Start > Programs > Windows Defender or launch from the system tray icon.
  2. Click on Tools & Settings > Options.
  3. Under Real-time protection options, uncheck the "Real-time protection" check box.
  4. Click Save.
  5. Go to Start > Control Panel > Security > Windows Defender, at the bottom of the Window Defenders page uncheck under Administrator Options "use Windows Defender" and then Save.
    (When we are done, you can re-enable Defender using the same steps but this time place a check next to "Turn on real-time protection" check box.)

  1. Run HijackThis
    If using Vista, you must right click (hijackthis.exe) and choose "Run As Administrator".
    Located in C:\Program Files\Trend Micro\hijackthis.exe
    • If you are on the Main Menu page... Click "Do a system scan only"
    • If you are on the "scan & fix stuff" page... Press the Scan...button.
  2. When the scan finishes...Place a check mark next to the following entry:
      *Only check those items listed below *
      O18 - Protocol: linkscanner - (no CLSID) - (no file)
  3. After checking this item... CLOSE ALL open windows except HijackThis
  4. Click the Fix Checked ...button...to remove the entry you checked.
  5. Choose YES...when prompted to fix the selected item.
    Once it has fixed it, close HijackThis and reboot your computer normally.
  6. Run HijackThis again...
      If using Vista, you must right click (hijackthis.exe) and choose "Run As Administrator".
    • If you are on the "scan & fix stuff" page... Press the Main Menu...button.
    • On the Main Menu...click on the "Do a system scan and save a Log file"...button.
  7. When the scan is finished... Notepad will open with a saved log file called "hijackthis.log"
  8. Paste the contents of hijackthis.log file in your next reply.

Step 2.
ComboFix - Cleanup
Time for some housekeeping
  1. Click Start...select Run from the menu.
  2. Copy and paste the following into the text entry box:
    Combofix /u
  3. Click the OK button. (See image below as reference.)
Image

Step 3.
OTC
Let's perform some more housekeeping and cleanup some of the tools we used.
Please download OTC.exe... by OldTimer. Save it to your desktop.
  1. Right click on OTC.exe and select Run As Administrator.
  2. Click on Allow, then click on CleanUp!.
  3. Click "Yes" to the Begin cleanup process? prompt.
  4. Click "Yes" ... when prompted to reboot the computer to remove files.
Your computer should restart automatically. If it doesn't, please do so manually.

Step 4.
Some Recommendations

Due to the Rootkit / Backdoor infection you had... even though there are no identifiable malware on your system at this time, it does not mean that your machine is totally clean. In order to help keep it relatively safe... Please follow these simple guidelines to help keep your computer more secure:

Update your Antivirus programs and other security products regularly.
Avoid new threats that could infect your system. You can also check if any application updates are needed for your PC.
Secunia Software Inspector - Copyright © Secunia.
F-secure Health Check - Copyright © F-Secure Corporation.

Visit Microsoft often.
Keep on top of critical updates , as well as other updates for your computer.
Using Windows Update in Windows Vista
What is Windows Update?
Microsoft Update Home

You can try...some free programs, that will help improve your computer's security.
These kinds of protection programs (adware, spyware, etc...) tend to overlap in coverages.
Many feel that having a "layered" protection scheme, is beneficial. Each individual has to decide what works best for their situation.
There are many available...here are a few you can look into, if you want. :)

Malwarebytes' Anti-Malware
You already have this installed.
This is a very good scanner and should be used on a regular basis. Make sure you check for updates, before running any scans.
Tutorials are available for installing and running, Malwarebytes' Anti-Malware.
Powerful, easy to use and free. For real-time protection you will have to purchase the product.

SpywareBlaster
Download it from © Javacool Software LLC.
A SpywareBlaster knowledgebase can be found Here.

WinPatrol
Download it from Copyright © BillP Studios
Information about how WinPatrol works, is available Here

Firetrust SiteHound
You can find information and download it from © Firetrust Ltd

Firewall
As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world.
Firewalls protect against hackers and malicious intruders.
I strongly recommend you verify that the Vista system default firewall is active, by checking in the Security Center.

Read - stay informed.
Please check out these articles:
Tony Klein's "How did I get infected in the first place?"
How to prevent Malware:© miekiemoes - Microsoft MVP - Consumer Security .

Step 5.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. New HJT log
  3. Recommendations read?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: cant run hijackthis

Unread postby Trigger » October 23rd, 2009, 12:13 am

Hi wingman, thank you so much for all your help i was just about going insane with this problem and you fixed it :cheers: will post hjt log in next post and ive downloaded spyware blaster and winpatrol too, and windows has done an update. and i will be increasing c: shortly. dont know what else to say but thank you. 8)
Trigger
Regular Member
 
Posts: 55
Joined: September 16th, 2009, 7:05 am

Re: cant run hijackthis

Unread postby Trigger » October 23rd, 2009, 12:14 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:30:44 AM, on 10/23/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Windows\System32\rundll32.exe
E:\Program Files\HP\HP Software Update\hpwuSchd2.exe
D:\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
E:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
E:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.malwareremoval.com/forum/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - E:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "e:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [avgnt] "D:\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - E:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: linkscanner - (no CLSID) - (no file)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Update Service (gupdate1c9a391f4bedba5) (gupdate1c9a391f4bedba5) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: NBService - Unknown owner - D:\Program Files\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

--
End of file - 5016 bytes
Trigger
Regular Member
 
Posts: 55
Joined: September 16th, 2009, 7:05 am

Re: cant run hijackthis

Unread postby Wingman » October 26th, 2009, 8:19 am

Hello Trigger,
I apologize for the delay getting back to you. Glad things are working out... just a bit more to do...
It seems HJT had difficulty in removing the O18 entry we wanted to eliminate. Please see the instructions below to remedy that situation.

Please read these instructions carefully before executing and then perform the steps, in the order given. lf, you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem.

Step 1.
ERUNT - Emergency Recovery Utility NT
Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.
Run:
This will create a full backup of your registry... ERUNT can be used to restore the registry from this backup, if needed.
  1. Please navigate to Start >> All Programs >> ERUNT.
  2. Click on OK within the pop-up menu.
  3. In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  4. Next click on "OK"... at the prompt... reply "Yes".
    After a short duration the Registry backup is complete! pop-up message will appear.
  5. Now click on "OK". A registry backup has now been created.
< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!

Step 2.
Create a Registry 'merge' file
You must be using an account with Administrator priveledges, to perform this step!
  1. Open Notepad
  2. Copy/Paste the 'entire' contents... in the code box below...to Notepad.
    Code: Select all
    Windows Registry Editor Version 5.00
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscaner]
    
    
  3. Save the file ...Name:"fix.reg"...File Type as: "All files" (*.*) ...to you Desktop
    Image
    fix.reg <<------------- you should see this on your desktop.
  4. Go to and press Start, in the Start Search text entry box, type or copy/paste: reged
    You should see regedit.exe in the list.
  5. Right-click on the "regedit.exe" file, and choose to "Run As Administrator". If prompted by UAC, please allow.
  6. Once in Regedit, select File from the Command line and choose Import
  7. Position the Import "browse" screen to point to your Desktop and select the fix.reg file.
  8. Press Open... if prompted, reply Yes to merge the data with your registry.

Step 3.
Post a New HJT Log
  1. Start HijackThis. Located in: C:\Program Files\Trend Micro\hijackthis.exe
    If using Vista, you must right click (hijackthis.exe) and choose "Run As Administrator".
    If you are on the "scan & fix stuff" page... Press the "Main Menu"...button.
  2. From the Main Menu... Press the "Do System Scan and Save a Log File"...button.
    When completed...Notepad will open with the new "hijackthis.log" file contents.
Copy/paste the entire (hijackthis.log) file contents in your next reply.

Step 4.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. New HJT log.
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: cant run hijackthis

Unread postby Trigger » October 26th, 2009, 6:33 pm

hey wingman i had no problem with the instructions of yours here is the HJT log you requested
Cheers Trigger


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:31:49 AM, on 10/27/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Windows\System32\rundll32.exe
E:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
D:\Avira\AntiVir Desktop\avgnt.exe
E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
E:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
E:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.malwareremoval.com/forum/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - E:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "e:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [avgnt] "D:\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - E:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: linkscanner - (no CLSID) - (no file)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Update Service (gupdate1c9a391f4bedba5) (gupdate1c9a391f4bedba5) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: NBService - Unknown owner - D:\Program Files\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

--
End of file - 5008 bytes
Trigger
Regular Member
 
Posts: 55
Joined: September 16th, 2009, 7:05 am

Re: cant run hijackthis

Unread postby Wingman » October 26th, 2009, 7:59 pm

Hello Trigger,
I made a error in the registry entry I wanted to fix, :oops: so I need you to run these steps again... using the corrected code.
Sorry for the inconvenience. :(

Please read these instructions carefully before executing and then perform the steps, in the order given. lf, you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem.

Step 1.
ERUNT - Emergency Recovery Utility NT
Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.
Run:
This will create a full backup of your registry... ERUNT can be used to restore the registry from this backup, if needed.
  1. Please navigate to Start >> All Programs >> ERUNT.
  2. Click on OK within the pop-up menu.
  3. In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  4. Next click on "OK"... at the prompt... reply "Yes".
    After a short duration the Registry backup is complete! pop-up message will appear.
  5. Now click on "OK". A registry backup has now been created.
< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!

Step 2.
Please delete the existing fix.reg file on your desktop, before proceeding!
Create a Registry 'merge' file
You must be using an account with Administrator priveledges, to perform this step!
  1. Open Notepad
  2. Copy/Paste the 'entire' contents... in the box below...to Notepad.
    Windows Registry Editor Version 5.00

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner]

  3. Save the file ...Name:"fix.reg"...File Type as: "All files" (*.*) ...to you Desktop
    Image
    fix.reg <<------------- you should see this on your desktop.
  4. Go to and press Start, in the Start Search text entry box, type or copy/paste: reged
    You should see regedit.exe in the list.
  5. Right-click on the "regedit.exe" file, and choose to "Run As Administrator". If prompted by UAC, please allow.
  6. Once in Regedit, select File from the Command line and choose Import
  7. Position the Import "browse" screen to point to your Desktop and select the fix.reg file.
  8. Press Open... if prompted, reply Yes to merge the data with your registry.

Step 3.
Post a New HJT Log
  1. Start HijackThis. Located in: C:\Program Files\Trend Micro\hijackthis.exe
    If using Vista, you must right click (hijackthis.exe) and choose "Run As Administrator".
    If you are on the "scan & fix stuff" page... Press the "Main Menu"...button.
  2. From the Main Menu... Press the "Do System Scan and Save a Log File"...button.
    When completed...Notepad will open with the new "hijackthis.log" file contents.
Copy/paste the entire (hijackthis.log) file contents in your next reply.

Step 4.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. New HJT log.
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: cant run hijackthis

Unread postby Trigger » October 26th, 2009, 11:13 pm

hey wingman its ok we're all human we make mistakes here is the log file from HJT
Cheers Trigger


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:11:04 PM, on 10/27/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Windows\System32\rundll32.exe
E:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
D:\Avira\AntiVir Desktop\avgnt.exe
E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
E:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
E:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.malwareremoval.com/forum/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - E:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "e:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [avgnt] "D:\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - E:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Update Service (gupdate1c9a391f4bedba5) (gupdate1c9a391f4bedba5) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: NBService - Unknown owner - D:\Program Files\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

--
End of file - 4996 bytes
Trigger
Regular Member
 
Posts: 55
Joined: September 16th, 2009, 7:05 am

Re: cant run hijackthis

Unread postby Wingman » October 28th, 2009, 4:43 pm

Hello Trigger,
Good job... your log looks good. :) I would like to get a final online scan run, to make sure there are no remnants present.

Step 1.
ESET NOD32 Online Scan
Note: You - will - need to use Internet Explorer for this scan!
Vista users:
You will need to to right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
Please temporarily disable your Anti-virus real-time protection. If active, it could impact the online scan.

AVIRA ANTIVIR
Please navigate to the system tray on the bottom right hand corner and look for an open white umbrella on red background (looks to this: Image )
  1. right click it-> untick the option AntiVir Guard enable.
  2. You should now see a closed, white umbrella on a red background (looks to this: Image )

Please go to ESET Online Scanner - © ESET All Rights Reserved... to run an online scan.
** Make sure you are using an account that has Administrative privileges **
    Press the "ESET Online Scanner" button.
  1. Check the box next to "YES, I accept the Terms of Use."
  2. Click "Start"... a window will open... it may appear nothing is happening... please be patient.
  3. Click Yes... at the run ActiveX prompt. Click Install... at the install ActiveX prompt.
    Once installed, the scanner will be initialized.
  4. Click "Start". Make sure that the options:
    • Remove found threats is UNCHECKED
    • Leave the "default" settings under Advanced as they are, if not set , please check:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
  5. Click "Start"... ESET scanner will begin to download the virus signatures database.
    When the signatures have been downloaded, the scan will start automatically.
  6. Wait for the scan to finish... it may take a while... please be patient. When the scan is finished...
  7. Use Notepad to open the log file located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste the contents of log.txt in your next reply.

Step 2.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. ESET scan results
  3. How is your computer behaving, any problems?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA
Advertisement
Register to Remove

PreviousNext

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 318 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware