HiJackThis Log - Please Help!

View previous topic View next topic Go down

HiJackThis Log - Please Help!

Post by 8ustamante on Tue Mar 23, 2010 10:01 pm

I get routed to various ads when I go to shopping websites.......Please help


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:58:53 PM, on 3/23/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files (x86)\internet explorer\iexplore.exe
C:\Program Files (x86)\internet explorer\iexplore.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files (x86)\internet explorer\iexplore.exe
C:\Program Files (x86)\internet explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Powered by Charter Communications
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files (x86)\Search Toolbar\tbhelper.dll
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\16.8.0.41\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: gwprimawega - {b1726c05-9549-5eb9-6e13-450fad5c8d4a} - C:\Windows\SysWow64\uw70_k4u4k-jM.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: TBSB05974 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O3 - Toolbar: Search Toolbar - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files (x86)\Digital Line Detect\DLG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_caafa62d\AESTSr64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files (x86)\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_caafa62d\STacSV64.exe (file missing)
O23 - Service: TabQuery Service - Unknown owner - C:\ProgramData\TabQuery\tabquery125.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

--
End of file - 9098 bytes

8ustamante
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-11-23
OS OS : vista
Points Points : 25900
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HiJackThis Log - Please Help!

Post by chiaz on Tue Mar 23, 2010 10:12 pm

Hi 8ustamante,

A few things before we start....
1. Please Read All Instructions Carefully.
2. If you don't understand something, stop and ask! Don't keep going on.
3. Please do not run any other tools or scans whilst I am helping you.
4. If you have to go away for an extended period of time, let me know.
5. Please continue to respond until I give you the "All Clear".
(Just because you can't see a problem doesn't mean it isn't there)


Please first download Malwarebytes' Anti-Malware by clicking the link below:
[You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Post this log in your next reply later.

Please Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

==========================

Now download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.
  • Close all windows and double click OTL.exe.
  • Click Run Scan and let the program run uninterrupted.
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in your reply, along with the MBAM log.
  • You may need to use 2-3 posts to get it all.

chiaz
Intermediate
Intermediate

Posts Posts : 126
Joined Joined : 2010-03-15
Gender Gender : Male
OS OS : Vista
Points Points : 26573
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HiJackThis Log - Please Help!

Post by 8ustamante on Wed Mar 24, 2010 11:33 pm

Here is my log... do i now download OTL.exe?

Malwarebytes' Anti-Malware 1.44
Database version: 3910
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

3/24/2010 8:21:38 PM
mbam-log-2010-03-24 (20-21-38).txt

Scan type: Quick Scan
Objects scanned: 101646
Time elapsed: 11 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{fe5b2d9d-91b0-b04b-ac20-14a260769687} (Adware.ColorSoft) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hk80g5dh_ccf5 (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b1726c05-9549-5eb9-6e13-450fad5c8d4a} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b1726c05-9549-5eb9-6e13-450fad5c8d4a} (Adware.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Users\jbustamante\AppData\Roaming\WhereSphere (Adware.WhereSphere) -> Quarantined and deleted successfully.

Files Infected:
C:\Windows\System32\Hk80G5dh_CCf5.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Users\jbustamante\AppData\Local\Temp\nscEEE2.tmp\downloads\1262032.ex_ (Adware.BHO) -> Quarantined and deleted successfully.
C:\Users\jbustamante\AppData\Local\Temp\nseE321.tmp\tabquery.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\jbustamante\AppData\Local\Temp\nseE321.tmp\uninstall.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\uw70_k4u4k-jM.dll (Adware.BHO) -> Delete on reboot.

8ustamante
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-11-23
OS OS : vista
Points Points : 25900
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HiJackThis Log - Please Help!

Post by chiaz on Thu Mar 25, 2010 6:54 am

In my last post, hover your mouse over OTL.exe (in red).

That is a hyperlink. Click on it.

chiaz
Intermediate
Intermediate

Posts Posts : 126
Joined Joined : 2010-03-15
Gender Gender : Male
OS OS : Vista
Points Points : 26573
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HiJackThis Log - Please Help!

Post by 8ustamante on Thu Mar 25, 2010 11:53 pm

this is the log from OTL.exe - notepad

OTL logfile created on: 3/25/2010 8:34:11 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\jbustamante\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 46.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 64.72 Gb Free Space | 22.84% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JULIOBUSTAMANTE
Current User Name: jbustamante
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/25 20:33:14 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\jbustamante\Desktop\OTL.exe
PRC - [2010/03/15 09:58:48 | 000,061,696 | ---- | M] () -- C:\ProgramData\TabQuery\tabquery125.exe
PRC - [2010/03/15 09:58:48 | 000,061,696 | ---- | M] () -- C:\Program Files (x86)\TabQuery\tabquery.exe
PRC - [2009/12/08 22:29:44 | 000,240,992 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
PRC - [2009/08/21 23:32:54 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
PRC - [2009/08/07 18:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/06/09 07:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/06/03 16:54:56 | 000,446,635 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe
PRC - [2008/05/23 15:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe


========== Modules (SafeList) ==========

MOD - [2010/03/25 20:33:14 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\jbustamante\Desktop\OTL.exe
MOD - [2010/03/15 09:58:38 | 000,602,112 | ---- | M] () -- C:\Program Files (x86)\TabQuery\tabquery.dll
MOD - [2010/01/01 23:38:20 | 000,916,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wininet.dll
MOD - [2009/04/10 23:28:18 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2008/01/20 19:49:56 | 000,171,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wintrust.dll
MOD - [2008/01/20 19:48:37 | 000,153,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imagehlp.dll
MOD - [2006/11/02 01:33:06 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/11/07 00:50:18 | 000,244,224 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_caafa62d\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009/09/24 18:26:26 | 001,142,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/08/18 13:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2009/06/09 07:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2009/03/03 03:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_caafa62d\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/06/02 12:44:18 | 000,031,744 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2008/01/20 19:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2006/11/02 04:16:05 | 000,046,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rundll32.exe -- (yksvc)
SRV - [2010/03/15 09:58:48 | 000,061,696 | ---- | M] () [Auto | Running] -- C:\ProgramData\TabQuery\tabquery125.exe -- (TabQuery Service)
SRV - [2009/08/21 23:32:54 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe -- (Norton AntiVirus)
SRV - [2009/08/07 18:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/03/29 21:39:54 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2006/11/02 06:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/01 23:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/01 23:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/02/02 20:20:44 | 000,583,296 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NAVx64\1008000.029\ccHPx64.sys -- (ccHP)
DRV:64bit: - [2009/12/27 17:57:51 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2009/12/26 16:41:32 | 000,280,624 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/11/07 00:50:18 | 000,503,296 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/09/30 17:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/08/28 20:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/08/21 23:32:55 | 000,476,720 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\NAVx64\1008000.029\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2009/08/21 23:32:55 | 000,402,992 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\SYMEFA64.SYS -- (SymEFA)
DRV:64bit: - [2009/08/21 23:32:55 | 000,334,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NAVx64\1008000.029\BHDrvx64.sys -- (BHDrvx64)
DRV:64bit: - [2009/08/21 23:32:55 | 000,278,576 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NAVx64\1008000.029\SYMTDI.SYS -- (SYMTDI)
DRV:64bit: - [2009/08/21 23:32:55 | 000,120,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NAVx64\1008000.029\SYMFW.SYS -- (SYMFW)
DRV:64bit: - [2009/08/21 23:32:55 | 000,056,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NAVx64\1008000.029\SYMNDISV.SYS -- (SYMNDISV)
DRV:64bit: - [2009/08/21 23:32:55 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1008000.029\SRTSPX64.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2009/08/21 23:32:55 | 000,031,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\SymIMv.sys -- (SymIM)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/09 02:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys -- (NuidFltr)
DRV:64bit: - [2009/04/10 22:39:51 | 000,275,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2009/02/23 16:18:58 | 000,069,120 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2009/01/16 10:00:32 | 010,275,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/08/25 02:00:00 | 000,307,456 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA009Vid.sys -- (OA009Vid)
DRV:64bit: - [2008/07/24 11:03:00 | 000,392,192 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2008/06/03 18:30:38 | 000,168,864 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA009Ufd.sys -- (OA009Ufd)
DRV:64bit: - [2008/06/02 12:44:16 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV:64bit: - [2008/06/02 11:44:14 | 001,374,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2008/01/20 19:47:27 | 000,168,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbvideo.sys -- (usbvideo) USB Video Device (WDM)
DRV:64bit: - [2008/01/20 19:46:51 | 000,017,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CmBatt.sys -- (CmBatt)
DRV - [2010/02/03 02:00:00 | 001,742,896 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100324.037\EX64.SYS -- (NAVEX15)
DRV - [2010/02/03 02:00:00 | 000,116,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100324.037\ENG64.SYS -- (NAVENG)
DRV - [2009/12/27 03:49:54 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2009/12/27 03:49:54 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/10/28 15:37:21 | 000,466,992 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100317.002\IDSviA64.sys -- (IDSVia64)
DRV - [2006/09/18 14:36:40 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006/09/18 14:35:23 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C5 1A FA 2E 69 86 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files (x86)\Search Toolbar\tbhelper.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/01/16 12:51:41 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/18 14:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (TBSB05974 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll ()
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\jbustamante\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} [You must be registered and logged in to see this link.] (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\jbustamante\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\jbustamante\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/25 20:33:05 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Users\jbustamante\Desktop\OTL.exe
[2010/03/24 20:00:42 | 000,000,000 | ---D | C] -- C:\Users\jbustamante\AppData\Roaming\Malwarebytes
[2010/03/24 20:00:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/03/24 20:00:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/03/24 20:00:25 | 000,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/03/24 20:00:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/03/24 19:59:25 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\jbustamante\Desktop\mbam-setup.exe
[2010/03/23 18:57:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/03/23 18:57:04 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\jbustamante\Desktop\HJTInstall.exe
[2010/03/16 20:21:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Search Toolbar
[2010/03/14 09:48:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/03/11 21:38:42 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshhttp.dll
[2010/03/11 21:38:42 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshhttp.dll
[2010/03/11 21:38:33 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpapi.dll
[2010/03/11 21:38:31 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\httpapi.dll
[2010/03/06 10:45:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sony Shared
[2010/02/26 01:22:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2010/02/26 01:22:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX

========== Files - Modified Within 30 Days ==========

[2010/03/25 20:34:20 | 001,835,008 | -HS- | M] () -- C:\Users\jbustamante\NTUSER.DAT
[2010/03/25 20:33:14 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\jbustamante\Desktop\OTL.exe
[2010/03/25 20:28:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/25 06:25:23 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/25 06:25:23 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/24 21:36:35 | 000,694,964 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/03/24 21:36:35 | 000,598,588 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/03/24 21:36:35 | 000,102,194 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/03/24 21:19:18 | 000,002,631 | ---- | M] () -- C:\Users\jbustamante\Desktop\Microsoft Office Excel 2003.lnk
[2010/03/24 21:18:01 | 000,184,832 | ---- | M] () -- C:\Users\jbustamante\Desktop\Doc1.doc
[2010/03/24 21:17:50 | 000,002,633 | ---- | M] () -- C:\Users\jbustamante\Desktop\Microsoft Office Word 2003.lnk
[2010/03/24 20:25:41 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/24 20:22:35 | 000,524,288 | -HS- | M] () -- C:\Users\jbustamante\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/03/24 20:22:35 | 000,065,536 | -HS- | M] () -- C:\Users\jbustamante\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/03/24 20:22:33 | 002,282,434 | -H-- | M] () -- C:\Users\jbustamante\AppData\Local\IconCache.db
[2010/03/24 20:00:37 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/24 19:59:25 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\jbustamante\Desktop\mbam-setup.exe
[2010/03/23 18:57:26 | 000,001,930 | ---- | M] () -- C:\Users\jbustamante\Desktop\HijackThis.lnk
[2010/03/23 18:57:07 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\jbustamante\Desktop\HJTInstall.exe
[2010/03/21 17:26:03 | 000,000,680 | ---- | M] () -- C:\Users\jbustamante\AppData\Local\d3d9caps.dat
[2010/03/21 17:22:47 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/03/16 21:48:58 | 000,000,240 | ---- | M] () -- C:\Windows\win.ini
[2010/03/16 21:40:22 | 000,709,336 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/03/14 19:33:10 | 000,367,184 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/03/14 19:32:25 | 000,099,184 | ---- | M] () -- C:\Users\jbustamante\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/03/14 13:25:47 | 000,001,426 | ---- | M] () -- C:\Users\jbustamante\Desktop\DivX Movies.lnk
[2010/03/14 13:19:44 | 000,009,216 | ---- | M] () -- C:\Users\jbustamante\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/07 14:47:00 | 000,147,456 | ---- | M] () -- C:\Users\jbustamante\Documents\Please contact us for questions related to rewards you may have been eligible to receive based on your recent purchases from AT.doc
[2010/02/26 00:17:32 | 000,142,336 | ---- | M] () -- C:\Users\jbustamante\Doc2.doc
[2010/02/26 00:11:37 | 000,149,504 | ---- | M] () -- C:\Users\jbustamante\Doc1.doc

========== Files Created - No Company Name ==========

[2010/03/24 21:18:00 | 000,184,832 | ---- | C] () -- C:\Users\jbustamante\Desktop\Doc1.doc
[2010/03/24 20:00:37 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/23 18:57:26 | 000,001,930 | ---- | C] () -- C:\Users\jbustamante\Desktop\HijackThis.lnk
[2010/03/21 17:22:47 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/03/14 21:13:20 | 000,000,766 | ---- | C] () -- C:\Windows\System\CRIcon.ico
[2010/03/07 14:46:59 | 000,147,456 | ---- | C] () -- C:\Users\jbustamante\Documents\Please contact us for questions related to rewards you may have been eligible to receive based on your recent purchases from AT.doc
[2010/02/26 01:22:50 | 000,001,426 | ---- | C] () -- C:\Users\jbustamante\Desktop\DivX Movies.lnk
[2010/02/26 00:17:32 | 000,142,336 | ---- | C] () -- C:\Users\jbustamante\Doc2.doc
[2010/02/26 00:11:36 | 000,149,504 | ---- | C] () -- C:\Users\jbustamante\Doc1.doc
[2010/02/03 21:17:57 | 000,709,336 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/01/13 17:15:56 | 000,447,270 | ---- | C] () -- C:\Users\jbustamante\AppData\Local\dd_vcredistMSI1707.txt
[2010/01/13 17:15:56 | 000,011,722 | ---- | C] () -- C:\Users\jbustamante\AppData\Local\dd_vcredistUI1707.txt
[2010/01/13 14:44:10 | 000,438,370 | ---- | C] () -- C:\Users\jbustamante\AppData\Local\dd_vcredistMSI22DF.txt
[2010/01/13 14:44:10 | 000,011,394 | ---- | C] () -- C:\Users\jbustamante\AppData\Local\dd_vcredistUI22DF.txt
[2009/12/26 21:44:34 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/12/26 16:29:38 | 000,009,216 | ---- | C] () -- C:\Users\jbustamante\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/26 16:18:02 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/26 16:16:22 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/12/26 14:16:45 | 000,000,680 | ---- | C] () -- C:\Users\jbustamante\AppData\Local\d3d9caps.dat
[2009/12/24 13:04:02 | 000,000,732 | ---- | C] () -- C:\Users\jbustamante\AppData\Local\d3d9caps64.dat
[2008/01/20 19:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
< End of report >

8ustamante
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-11-23
OS OS : vista
Points Points : 25900
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HiJackThis Log - Please Help!

Post by 8ustamante on Thu Mar 25, 2010 11:54 pm

this is the log from extras.txt - notepad also from OTL.exe

OTL Extras logfile created on: 3/25/2010 8:34:11 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\jbustamante\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 46.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 64.72 Gb Free Space | 22.84% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JULIOBUSTAMANTE
Current User Name: jbustamante
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = C7 CA 71 D3 87 86 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13193A36-9507-4E3D-876B-F8D13B691434}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{27A9FC1E-3C20-41C5-8CB2-E85875A0BD98}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{325E4C6C-6AF0-454E-B0E9-9F63422D83C7}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{737BE2F7-1D6F-414B-A744-B24BF3B88FD2}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{7F03D7F2-9452-4A2D-9DDF-B9A3F3D0DC2E}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\powerdvd.exe |
"{8ED6EF2E-B7D4-4290-929B-51867DFB1CFB}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{EE75E363-C81C-4562-8FCB-74E93FC1794E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{FA26D1FF-DB5F-457E-9DC1-E5B9A7A0D31F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"TCP Query User{15B3E72C-3B79-4BE3-A0A0-47897D2F1C6C}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{20BFCF17-550C-4901-A0BA-DC4EA69E5B63}C:\program files (x86)\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"TCP Query User{469AFA4F-056C-43A8-A75E-372A390B94C9}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{14E7ED33-7114-4DD0-BB4F-D48533E0C78E}C:\program files (x86)\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"UDP Query User{997C0ABD-D821-40FB-A857-FFF3EC26B571}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{EEF4CAFB-03BF-466E-98E4-39E7133A010E}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{5254156F-AA77-499A-B7C1-D5581D44E788}" = Marvell Miniport Driver
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{AFE36C05-B442-4DEA-9BFB-2D72C8A1E153}" = Intel(R) PROSet/Wireless WiFi Driver
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B812FCC0-6192-4BFA-A9C6-1E8578F255DA}" = iTunes
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
"Creative OA009" = Integrated Webcam Driver (1.00.02.0825)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"ProInst" = Intel PROSet Wireless

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D3963B0-E13B-4FC3-B0FF-506A304BB043}" = Cisco EAP-FAST Module
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A65F7CF8-6F76-40CE-B44D-D5A89D9881C7}" = MSN Toolbar Platform
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{F8A3C1B6-D2E0-4CE1-80A2-555D6F71C639}" = Microsoft Search Enhancement Pack
"{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}" = Media Go
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell Dock" = Dell Dock
"Dell Webcam Central" = Dell Webcam Central
"FrostWire" = FrostWire 4.18.5
"HijackThis" = HijackThis 2.0.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"myxoftdssdj_is1" = DSS DJ 5.6
"NAV" = Norton AntiVirus
"Search Toolbar" = Search Toolbar
"TabQuery" = TabQuery 1.0 build 125

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Charter Browser Updater" = Charter Browser Updater
"f031ef6ac137efc5" = Dell Driver Download Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/17/2010 1:02:00 AM | Computer Name = JulioBustamante | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\Sony\Media
Go\MediaGo.exe".Error in manifest or policy file "C:\Program Files (x86)\Sony\Media
Go\Sony.Mrs.MANIFEST" on line 3. Component identity found in manifest does not match
the identity of the component requested. Reference is Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0".
Definition
is Sony.Mrs,processorArchitecture="x86",type="win32",version="2.2.0.0". Please use
sxstrace.exe for detailed diagnosis.

Error - 3/20/2010 11:29:10 AM | Computer Name = JulioBustamante | Source = WinMgmt | ID = 10
Description =

Error - 3/20/2010 11:30:12 AM | Computer Name = JulioBustamante | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\Sony\Media
Go\MediaGo.exe".Error in manifest or policy file "C:\Program Files (x86)\Sony\Media
Go\Sony.Mrs.MANIFEST" on line 3. Component identity found in manifest does not match
the identity of the component requested. Reference is Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0".
Definition
is Sony.Mrs,processorArchitecture="x86",type="win32",version="2.2.0.0". Please use
sxstrace.exe for detailed diagnosis.

Error - 3/21/2010 8:02:33 PM | Computer Name = JulioBustamante | Source = WinMgmt | ID = 10
Description =

Error - 3/21/2010 8:26:21 PM | Computer Name = JulioBustamante | Source = WinMgmt | ID = 10
Description =

Error - 3/24/2010 10:50:02 PM | Computer Name = JulioBustamante | Source = WinMgmt | ID = 10
Description =

Error - 3/24/2010 11:26:06 PM | Computer Name = JulioBustamante | Source = WinMgmt | ID = 10
Description =

Error - 3/24/2010 11:27:14 PM | Computer Name = JulioBustamante | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\Sony\Media
Go\MediaGo.exe".Error in manifest or policy file "C:\Program Files (x86)\Sony\Media
Go\Sony.Mrs.MANIFEST" on line 3. Component identity found in manifest does not match
the identity of the component requested. Reference is Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0".
Definition
is Sony.Mrs,processorArchitecture="x86",type="win32",version="2.2.0.0". Please use
sxstrace.exe for detailed diagnosis.

Error - 3/25/2010 12:26:22 AM | Computer Name = JulioBustamante | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\Sony\Media
Go\MediaGo.exe".Error in manifest or policy file "C:\Program Files (x86)\Sony\Media
Go\Sony.Mrs.MANIFEST" on line 3. Component identity found in manifest does not match
the identity of the component requested. Reference is Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0".
Definition
is Sony.Mrs,processorArchitecture="x86",type="win32",version="2.2.0.0". Please use
sxstrace.exe for detailed diagnosis.

Error - 3/25/2010 12:26:22 AM | Computer Name = JulioBustamante | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\Sony\Media
Go\MediaGo.exe".Error in manifest or policy file "C:\Program Files (x86)\Sony\Media
Go\Sony.Mrs.MANIFEST" on line 3. Component identity found in manifest does not match
the identity of the component requested. Reference is Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0".
Definition
is Sony.Mrs,processorArchitecture="x86",type="win32",version="2.2.0.0". Please use
sxstrace.exe for detailed diagnosis.

[ Broadcom Wireless LAN Events ]
Error - 2/23/2010 8:32:29 PM | Computer Name = JulioBustamante | Source = WLAN-Tray | ID = 0
Description = 16:32:29, Tue, Feb 23, 10 Error - User "" does not have administrative
privileges on this system

Error - 2/23/2010 8:32:29 PM | Computer Name = JulioBustamante | Source = WLAN-Tray | ID = 0
Description = 16:32:29, Tue, Feb 23, 10 Error - User "" does not have administrative
privileges on this system

Error - 2/24/2010 7:20:24 PM | Computer Name = JulioBustamante | Source = WLAN-Tray | ID = 0
Description = 15:20:24, Wed, Feb 24, 10 Error - User "" does not have administrative
privileges on this system

Error - 2/24/2010 7:20:24 PM | Computer Name = JulioBustamante | Source = WLAN-Tray | ID = 0
Description = 15:20:24, Wed, Feb 24, 10 Error - User "" does not have administrative
privileges on this system

Error - 2/26/2010 2:15:14 PM | Computer Name = JulioBustamante | Source = WLAN-Tray | ID = 0
Description = 10:15:14, Fri, Feb 26, 10 Error - User "" does not have administrative
privileges on this system

Error - 2/26/2010 2:15:14 PM | Computer Name = JulioBustamante | Source = WLAN-Tray | ID = 0
Description = 10:15:14, Fri, Feb 26, 10 Error - User "" does not have administrative
privileges on this system

Error - 2/27/2010 10:44:00 PM | Computer Name = JulioBustamante | Source = WLAN-Tray | ID = 0
Description = 18:44:00, Sat, Feb 27, 10 Error - User "" does not have administrative
privileges on this system

Error - 2/27/2010 10:44:00 PM | Computer Name = JulioBustamante | Source = WLAN-Tray | ID = 0
Description = 18:44:00, Sat, Feb 27, 10 Error - User "" does not have administrative
privileges on this system

Error - 2/28/2010 5:36:13 AM | Computer Name = JulioBustamante | Source = WLAN-Tray | ID = 0
Description = 01:36:13, Sun, Feb 28, 10 Error - User "" does not have administrative
privileges on this system

Error - 2/28/2010 5:36:13 AM | Computer Name = JulioBustamante | Source = WLAN-Tray | ID = 0
Description = 01:36:13, Sun, Feb 28, 10 Error - User "" does not have administrative
privileges on this system

[ System Events ]
Error - 2/15/2010 2:16:49 AM | Computer Name = jbustamante-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/16/2010 1:21:10 AM | Computer Name = jbustamante-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/17/2010 2:32:38 PM | Computer Name = jbustamante-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/19/2010 1:41:33 PM | Computer Name = jbustamante-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/19/2010 5:32:05 PM | Computer Name = jbustamante-PC | Source = DCOM | ID = 10010
Description =

Error - 2/19/2010 6:44:29 PM | Computer Name = jbustamante-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/20/2010 6:33:53 PM | Computer Name = jbustamante-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/20/2010 9:48:39 PM | Computer Name = jbustamante-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/20/2010 11:04:33 PM | Computer Name = jbustamante-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/21/2010 3:57:00 AM | Computer Name = jbustamante-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >

8ustamante
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-11-23
OS OS : vista
Points Points : 25900
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HiJackThis Log - Please Help!

Post by chiaz on Fri Mar 26, 2010 12:06 am

Please go to Control Panel > Add/Remove Programs and uninstall this old verison of Java:
Java(TM) 6 Update 7

Reboot after uninstallation.

===================

Next, please go [You must be registered and logged in to see this link.] to run Panda ActiveScan 2.0

  • Click the big green Scan now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • Once the scan is completed, please hit the notepad icon next to the text Export to:
  • Save it to a convenient location such as your Desktop
  • Post the contents of the ActiveScan.txt in your next reply, as well as let me know how your PC is running now.

chiaz
Intermediate
Intermediate

Posts Posts : 126
Joined Joined : 2010-03-15
Gender Gender : Male
OS OS : Vista
Points Points : 26573
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HiJackThis Log - Please Help!

Post by 8ustamante on Fri Mar 26, 2010 9:47 am

hi, here is the log from active scan, the computer no longer seems to be acting up like it was, no more routing to different spam websites...

;***********************************************************************************************************************************************************************************
ANALYSIS: 2010-03-26 06:45:32
PROTECTIONS: 1
MALWARE: 5
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Norton AntiVirus Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\windows\temp\tab742f.tmp\upgrade.exe
03074964 Trj/CI.A Virus/Trojan No 0 No No c:\windows\temp\tab742f.tmp\upgrade.exe[tabquery.dll]
03074964 Trj/CI.A Virus/Trojan No 0 No No c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\2u9m35it\upgrade[1].cab[upgrade.exe][tabquery.dll]
03074964 Trj/CI.A Virus/Trojan No 0 No No c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\2u9m35it\upgrade[1].cab[upgrade.exe]
06006604 Adware/Zwangi Adware No 0 No No c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\uhxxfrow\upgrade[1].cab[upgrade.exe][uninstall.exe]
06006604 Adware/Zwangi Adware No 0 No No c:\windows\temp\taba38f.tmp\upgrade.exe[uninstall.exe]
06006605 Adware/Zwangi Adware No 0 Yes No c:\windows\temp\taba38f.tmp\upgrade.exe
06006605 Adware/Zwangi Adware No 0 No No c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\uhxxfrow\upgrade[1].cab[upgrade.exe]
06006606 Adware/Zwangi Adware No 0 No No c:\windows\temp\taba38f.tmp\upgrade.exe[tabquery.dll]
06006606 Adware/Zwangi Adware No 0 No No c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\uhxxfrow\upgrade[1].cab[upgrade.exe][tabquery.dll]
06006607 Adware/Zwangi Adware No 0 No No c:\windows\temp\taba38f.tmp\upgrade.exe[tabquery.exe]
06006607 Adware/Zwangi Adware No 0 No No c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\uhxxfrow\upgrade[1].cab[upgrade.exe][tabquery.exe]
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================

8ustamante
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-11-23
OS OS : vista
Points Points : 25900
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HiJackThis Log - Please Help!

Post by chiaz on Fri Mar 26, 2010 11:40 am

Please download [You must be registered and logged in to see this link.] and save it to your desktop.

Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately.

====================

Next download Security Check by screen317 from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

chiaz
Intermediate
Intermediate

Posts Posts : 126
Joined Joined : 2010-03-15
Gender Gender : Male
OS OS : Vista
Points Points : 26573
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HiJackThis Log - Please Help!

Post by 8ustamante on Fri Mar 26, 2010 11:52 pm

here is the log from the security check...

Results of screen317's Security Check version 0.99.2
Windows Vista (UAC is enabled)
Out of date service pack!!
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Norton AntiVirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java(TM) 6 Update 17
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 9.3.1
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
````````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

8ustamante
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-11-23
OS OS : vista
Points Points : 25900
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HiJackThis Log - Please Help!

Post by chiaz on Sat Mar 27, 2010 12:05 am

Please download [You must be registered and logged in to see this link.] to your desktop and unzip it to its own folder

  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.


===================

Next, go here to get the latest service packs and updates for Vista:
[You must be registered and logged in to see this link.]


How's your PC running now, at this point in time?

chiaz
Intermediate
Intermediate

Posts Posts : 126
Joined Joined : 2010-03-15
Gender Gender : Male
OS OS : Vista
Points Points : 26573
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HiJackThis Log - Please Help!

Post by 8ustamante on Sat Mar 27, 2010 8:28 pm

i've done all of the above and its running good now... no more pop up spam... .thanks for all the help

8ustamante
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-11-23
OS OS : vista
Points Points : 25900
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HiJackThis Log - Please Help!

Post by chiaz on Sat Mar 27, 2010 9:54 pm

To remove all of the tools we used and the files and folders they created, please do the following:
Please download [You must be registered and logged in to see this link.] by OldTimer:

  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.


That should be all, you're all good to go. Smile

chiaz
Intermediate
Intermediate

Posts Posts : 126
Joined Joined : 2010-03-15
Gender Gender : Male
OS OS : Vista
Points Points : 26573
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HiJackThis Log - Please Help!

Post by 8ustamante on Sun Mar 28, 2010 12:51 pm

all done... working great... thanks for all the help

8ustamante
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-11-23
OS OS : vista
Points Points : 25900
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HiJackThis Log - Please Help!

Post by chiaz on Mon Mar 29, 2010 5:01 am

You're welcome 8ustamante.

chiaz
Intermediate
Intermediate

Posts Posts : 126
Joined Joined : 2010-03-15
Gender Gender : Male
OS OS : Vista
Points Points : 26573
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum