Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

My hijack log


SharingitForward

Recommended Posts

I just got the new pro and I'm running scans. I don't want to delete anything that's important so if you could give it a quick once over I would appreciate it!

 

I use Firefox and auto updates on as many programs as I can. I want to keep all instant updates and Firefox ad ons and such.

 

Thanks :grin:

 

 

 

Logfile of Advanced SystemCare 3 Security Analyzer

Scan saved at 3:25:49 AM, on 9/21/2009

Platform: Windows Vista (WinNT 6.0)

MSIE: Internet Explorer v7.0 (7.0.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\hp\support\hpsysdrv.exe

C:\WINDOWS\RtHDVCpl.exe

C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\WINDOWS\System32\rundll32.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Xmarks\IE Extension\xmarkssync.exe

C:\Program Files\HP Connections\6811507\Program\HP Connections.exe

C:\hp\kbd\kbd.exe

C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Software Informer\softinfo.exe

C:\Windows\explorer.exe

C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe

C:\Program Files\IObit\Advanced SystemCare 3\Awc.exe

C:\Program Files\IObit\IObit Security 360\is360.exe

C:\Program Files\IObit\IObit Security 360\is360tray.exe

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: FoxmarksDLLBHO - {A2A71ABA-3939-43B2-BD8F-8C1767EF9020} - FoxmarksDLLBHO

O2 - BHO: FoxmarksDLLBHO - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: FoxmarksDLLBHO - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKCU\..\Run: [Xmarks] C:\Program Files\Xmarks\IE Extension\xmarkssync.exe -q

O4 - HKCU\..\Run: [software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun

O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [iObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} (HPDDClientExec Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_16) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} (Java Plug-in 1.6.0_16) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_16) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe

O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe

O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Intel® Viiv Media Server (M1 Server) - Unknown - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe

O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe

O23 - Service: @mqutil.dll,-6203 (MSMQTriggers) - Unknown - %Systemroot%\system32\mqtgsvc.exe

O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown - %ProgramFiles%\Windows Media Player\wmpnetwk.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

 

Hijack Analysis Report.txt

Link to comment
Share on other sites

Scan Suspicious File(s)

 

Please go to VirusTotal.com

(If more than one file needs scanned they must be done separately and logs posted for each one)

 

1. Copy the file path in the below Code box:

 

%Systemroot%\system32\mqtgsvc.exe

 

2. At the upload site, click once inside the window next to Browse.

3. Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.

4. Next click Send File

Your file will possibly be entered into a queue which normally takes less than a minute to clear.

This will perform a scan across multiple different virus scanning engines.

Important: Wait for all of the scanning engines to complete.

5. Copy and then Paste the link to the results in the next reply

Link to comment
Share on other sites

hijack log

 

Thanks, and thanks for the link. I found it earlier but couldn't find it when I wanted to use it.

 

I can do the cntrl V to paste into the box, my windows box comes up automatically! I can't get beyond this..tried everything. Is there another way or can I download someway so I can upload?

 

my software, windows vista ultimate svc pk 1, 32bit

intel 6600 @ 2.40GHz ram 2.00 GB

I'm not sure if you need anything else??

 

thanks Cher

 

Link to comment
Share on other sites

Do you know what this is?

 

O23 - Service: @mqutil.dll,-6203 (MSMQTriggers) - Unknown - %Systemroot%\system32\mqtgsvc.exe

 

Download DDS from |HERE| or |HERE| or |HERE| and save it to your desktop.

 

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

 

* XP users Double click on dds to run it.

* If your antivirus or firewall try to block DDS then please allow it to run.

* When finished DDS will open two (2) logs.

 

1) DDS.txt

2) Attach.txt

 

* Save both logs to your desktop.

* Please copy and paste the entire contents of both logs in your next reply.

 

Note: DDS will instruct you to post the Attach.txt log as an attachment.

Please just post it as you would any other log by copy and pasting it into the reply.

Link to comment
Share on other sites

hijack log

 

No I'm not sure what that file is. It has the same extension (msmqsvc) that you asked me to post here on an earlier post. that' ironic.

 

Here is my DDS file:

 

 

DDS (Ver_09-07-30.01) - NTFSx86

Run by Cher at 20:23:18.85 on Thu 09/24/2009

Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_16

Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.2046.998 [GMT -4:00]

 

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

 

============== Running Processes ===============

 

C:\Windows\system32\psxss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k apphost

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Windows\system32\inetsrv\inetinfo.exe

C:\Program Files\IObit\IObit Security 360\IS360srv.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

c:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Windows\system32\mqsvc.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\tcpsvcs.exe

C:\Windows\System32\snmp.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k iissvcs

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Windows\system32\mqtgsvc.exe

C:\Windows\system32\nfsclnt.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\Windows\System32\alg.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\hp\support\hpsysdrv.exe

C:\WINDOWS\RtHDVCpl.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\WINDOWS\System32\rundll32.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\IObit\IObit Security 360\is360tray.exe

C:\Program Files\Xmarks\IE Extension\xmarkssync.exe

C:\Program Files\Software Informer\softinfo.exe

C:\Program Files\HP Connections\6811507\Program\HP Connections.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe

C:\Windows\system32\mdres.exe

C:\hp\kbd\kbd.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Cher\Desktop\dds.scr

C:\Windows\system32\wbem\wmiprvse.exe

Link to comment
Share on other sites

cont..I can only post 1000 characters per post

 

DDS report cont...

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: FoxmarksDLLBHO Class: {a2a71aba-3939-43b2-bd8f-8c1767ef9020} - c:\program files\xmarks\ie extension\foxmarksdll.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup

uRun: [Xmarks] c:\program files\xmarks\ie extension\xmarkssync.exe -q

uRun: [software Informer] "c:\program files\software informer\softinfo.exe" -autorun

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe

mRun: [KBD] c:\hp\kbd\KbdStub.EXE

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [CCUTRAYICON] FactoryMode

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [MsmqIntCert] regsvr32 /s mqrt.dll

mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [iObit Security 360] c:\program files\iobit\iobit security 360\IS360tray.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpconn~1.lnk - c:\program files\hp connections\6811507\program\HP Connections.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

AppInit_DLLs: avgrsstx.dll

STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll

Link to comment
Share on other sites

still cont...

 

DDS report cont...

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\users\cher\appdata\roaming\mozilla\firefox\profiles\aw9u3cdg.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2288828&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxp://accounts.conduit.com/login/|https://mail.google.com/mail/?shva=1#inbox|http://my.yahoo.com/|http://mail.live.com/|http://www.sharingitforward.org/|http://www.hosting24.com/members/login.php|http://www.flylady.net/|http://www.bigtent.com/group/buzz|http://www.blogtalkradio.com/

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2288828&SearchSource=2&q=

FF - component: c:\users\cher\appdata\roaming\mozilla\firefox\profiles\aw9u3cdg.default\extensions\{55ddf722-5efc-4bfb-b990-f807ee950d65}\components\FFExternalAlert.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\users\cher\appdata\local\yahoo!\browserplus\2.4.17\plugins\npybrowserplus_2.4.17.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

 

---- FIREFOX POLICIES ----

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: browser.chrome.favicons - fales

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: browser.xul.error_pages.enabled - true

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.max.tokenizing.time - 3000000

FF - user.js: content.maxtextrun - 8191

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: network.http.max-connections - 32

FF - user.js: network.http.max-connections-per-server - 8

FF - user.js: network.http.max-persistent-connections-per-proxy - 8

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 0

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

FF - user.js: yahoo.homepage.dontask - true

c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);

c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);

c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

 

============= SERVICES / DRIVERS ===============

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-8-28 335240]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-8-28 108552]

R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-8-28 908056]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-8-28 297752]

R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-9-3 208896]

R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2009-9-21 305936]

R2 NfsClnt;Client for NFS;c:\windows\system32\nfsclnt.exe [2009-9-2 50688]

R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]

R3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [2009-3-19 391168]

R3 NfsRdr;Client for NFS Redirector;c:\windows\system32\drivers\nfsrdr.sys [2009-9-2 195072]

R3 PsxDrv;PsxDrv;c:\windows\system32\drivers\psxdrv.sys [2009-9-2 9216]

R3 RpcXdr;Server for NFS Open RPC (ONCRPC);c:\windows\system32\drivers\rpcxdr.sys [2009-9-2 74240]

S2 IntelDHSvcConf;Intel DH Service;c:\program files\intel\inteldh\intel media server\tools\IntelDHSvcConf.exe [2006-5-10 29696]

S3 WMSvc;Web Management Service;c:\windows\system32\inetsrv\WMSvc.exe [2009-9-2 11264]

Link to comment
Share on other sites

again...

 

DDS report cont...

 

=============== Created Last 30 ================

 

2009-09-23 00:55 <DIR> --d----- c:\users\cher\SPEEDDIALBACKUPS

2009-09-23 00:43 <DIR> --d----- c:\program files\common files\Scanner

2009-09-23 00:43 <DIR> --d----- c:\program files\CA Yahoo! Anti-Spy

2009-09-23 00:11 <DIR> --d----- c:\program files\VirusTotalUploader

2009-09-21 16:53 <DIR> --d----- c:\users\cher\appdata\roaming\IcoFX

2009-09-21 16:52 <DIR> --d----- c:\program files\IcoFX 1.6

2009-09-21 16:33 <DIR> --d----- c:\programdata\Adobe

2009-09-21 15:35 <DIR> --d----- c:\windows\system32\EventProviders

2009-09-21 02:28 <DIR> --d----- c:\users\cher\HIJACK SCANS

2009-09-21 02:07 <DIR> --d----- c:\programdata\Apple Computer

2009-09-21 02:05 <DIR> --d----- c:\programdata\Apple

2009-09-21 01:28 <DIR> --d----- c:\programdata\IObit

2009-09-21 01:28 <DIR> --d----- c:\progra~2\IObit

2009-09-20 00:04 <DIR> --d----- c:\programdata\Yahoo! Companion

2009-09-20 00:04 <DIR> --d----- c:\programdata\Yahoo!

2009-09-17 21:22 168,620 -------- c:\windows\hpqins00.dat.temp

2009-09-13 03:00 <DIR> --d----- c:\windows\CheckSur

2009-09-13 02:37 <DIR> --d----- c:\users\cher\appdata\roaming\Software Informer

2009-09-13 02:37 <DIR> --d----- c:\program files\Software Informer

2009-09-12 22:04 <DIR> --d----- c:\users\cher\appdata\roaming\IObit

2009-09-12 22:04 <DIR> --d----- c:\program files\IObit

2009-09-12 16:50 <DIR> --d----- c:\program files\Coupons

2009-09-12 14:41 126,552 a------- c:\windows\hpqins00.dat

2009-09-12 14:38 <DIR> --d----- c:\programdata\HP Product Assistant

2009-09-11 13:54 411,368 a------- c:\windows\system32\deploytk.dll

2009-09-10 17:51 72,192 a------- c:\windows\system32\drivers\pacer.sys

2009-09-10 13:54 <DIR> --d----- C:\PerfLogs

2009-09-10 00:19 104,960 a------- c:\windows\system32\netiohlp.dll

2009-09-10 00:19 27,136 a------- c:\windows\system32\NETSTAT.EXE

2009-09-10 00:19 17,920 a------- c:\windows\system32\ROUTE.EXE

2009-09-10 00:19 11,264 a------- c:\windows\system32\MRINFO.EXE

2009-09-10 00:19 10,240 a------- c:\windows\system32\finger.exe

2009-09-10 00:19 9,728 a------- c:\windows\system32\TCPSVCS.EXE

2009-09-10 00:19 8,704 a------- c:\windows\system32\HOSTNAME.EXE

2009-09-10 00:19 19,968 a------- c:\windows\system32\ARP.EXE

2009-09-10 00:19 897,608 a------- c:\windows\system32\drivers\tcpip.sys

2009-09-10 00:18 17,920 a------- c:\windows\system32\netevent.dll

2009-09-10 00:17 513,024 a------- c:\windows\system32\wlansvc.dll

2009-09-10 00:17 302,592 a------- c:\windows\system32\wlansec.dll

2009-09-10 00:17 293,376 a------- c:\windows\system32\wlanmsm.dll

2009-09-10 00:17 68,096 a------- c:\windows\system32\wlanhlp.dll

2009-09-10 00:17 64,512 a------- c:\windows\system32\wlanapi.dll

2009-09-10 00:17 2,501,921 a------- c:\windows\system32\wlan.tmf

2009-09-10 00:17 15,181 a------- c:\windows\system32\gatherWirelessInfo.vbs

2009-09-10 00:17 127,488 a------- c:\windows\system32\L2SecHC.dll

2009-09-10 00:17 2,334 a------- c:\windows\system32\wbem\L2SecHC.mof

2009-09-10 00:17 2,868,224 a------- c:\windows\system32\mf.dll

2009-09-06 12:28 <DIR> --d----- c:\program files\Xmarks

2009-09-06 11:19 <DIR> --d----- c:\users\cher\appdata\roaming\WildTangent

2009-09-05 01:54 94,208 a------- c:\windows\system32\QuickTimeVR.qtx

2009-09-05 01:54 69,632 a------- c:\windows\system32\QuickTime.qts

2009-09-04 21:46 284 a------- c:\users\cher\appdata\roaming\wklnhst.dat

2009-09-04 14:09 <DIR> --d----- c:\windows\pss

2009-09-03 01:33 <DIR> --d----- c:\users\cher\appdata\roaming\CoffeeCup Software

2009-09-03 01:33 233,472 a------- c:\windows\system32\Ilda32.dll

2009-09-03 01:33 18,944 a------- c:\windows\system32\BORLNDMM.DLL

2009-09-03 01:27 <DIR> --d----- c:\program files\CoffeeCup Software

2009-09-02 18:03 206,336 a------- c:\windows\system32\telnet.exe

2009-09-02 18:03 88,576 a------- c:\windows\system32\tlntsess.exe

2009-09-02 11:12 1,541,120 a------- c:\windows\system32\onex.dll

2009-09-02 11:12 2,623,488 a------- c:\windows\system32\SLsvc.exe

2009-09-02 11:12 51,768 a------- c:\windows\system32\PSHED.DLL

2009-09-02 11:12 705,536 a------- c:\windows\system32\imagesp1.dll

2009-09-02 11:12 681,984 a------- c:\windows\system32\drivers\spsys.sys

2009-09-02 11:10 825,856 a------- c:\windows\system32\rasdlg.dll

2009-09-02 11:09 368,640 a------- c:\windows\system32\desk.cpl

2009-09-02 11:08 742,912 a------- c:\windows\system32\wbem\wbemcore.dll

2009-09-02 10:33 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll

2009-09-02 10:33 28,672 a------- c:\windows\system32\Apphlpdm.dll

2009-09-01 23:35 <DIR> --d----- c:\windows\system32\msmq

2009-09-01 23:35 <DIR> --d----- c:\windows\SUA

2009-09-01 23:35 862 a------- c:\windows\system32\termcap

2009-09-01 23:35 <DIR> --d----- C:\inetpub

2009-09-01 23:12 <DIR> --d----- c:\programdata\Google

2009-09-01 12:21 330,264 a------- c:\windows\system32\drivers\iaStor.sys

2009-09-01 12:21 <DIR> --d----- C:\Intel

2009-09-01 11:48 <DIR> --d----- c:\program files\common files\PX Storage Engine

2009-09-01 11:48 <DIR> --d----- c:\program files\common files\DivX Shared

2009-09-01 10:09 233,888 a------- c:\windows\system32\DreamScene.dll

2009-09-01 10:09 3,851,784 a------- c:\windows\system32\D3DX9_39.dll

2009-09-01 10:09 <DIR> --d----- c:\program files\BitLocker

2009-09-01 10:09 1,171,848 a------- c:\windows\system32\SecureKeyBackupCPL.dll

2009-09-01 10:09 711 a------- c:\windows\system32\CPSOKBTasks.xml

2009-09-01 10:08 675,152 a------- c:\windows\system32\gpprefcl.dll

2009-09-01 10:08 28,274 a------- c:\windows\system32\wbem\polprocl.mof

2009-08-31 23:02 <DIR> --d----- c:\programdata\HPSSUPPLY

2009-08-31 23:01 <DIR> --d----- c:\program files\common files\HP

2009-08-31 23:00 <DIR> --d----- c:\program files\common files\Hewlett-Packard

2009-08-31 22:56 118,272 a------- c:\windows\system32\hpz3l4x6.dll

2009-08-31 22:47 136,379 a------- c:\windows\hpwins10.dat

2009-08-31 22:47 258,048 a------- c:\windows\system32\hpzids01.dll

2009-08-31 22:47 675,840 a------- c:\windows\system32\hpwwiax2.dll

2009-08-31 22:47 319,456 a------- c:\windows\system32\difxapi.dll

2009-08-31 22:47 1,042 a------- c:\windows\hpwmdl10.dat

2009-08-31 22:08 <DIR> --d----- c:\windows\marco

2009-08-31 22:07 <DIR> --d----- c:\programdata\HP

2009-08-31 22:07 892,928 a------- c:\windows\system32\hpwtiop2.dll

2009-08-31 22:07 364,544 a------- c:\windows\system32\hppldcoi.dll

2009-08-31 22:07 294,912 a------- c:\windows\system32\hpovst11.dll

2009-08-31 22:07 1,269,760 a------- c:\windows\hpzshl01.exe

2009-08-31 22:07 1,126,400 a------- c:\windows\hpzmsi01.exe

2009-08-31 22:07 10,376 a------- c:\windows\hpwscr10.dat

2009-08-31 03:03 269,312 a------- c:\windows\system32\es.dll

2009-08-31 03:02 6,656 a------- c:\windows\system32\kbd106n.dll

2009-08-31 03:01 988,216 a------- c:\windows\system32\winload.exe

2009-08-31 03:01 927,288 a------- c:\windows\system32\winresume.exe

2009-08-31 03:01 378,368 a------- c:\windows\system32\srcore.dll

2009-08-31 03:01 318,464 a------- c:\windows\system32\rstrui.exe

2009-08-31 03:01 40,960 a------- c:\windows\system32\srclient.dll

2009-08-31 03:01 46,592 a------- c:\windows\system32\setbcdlocale.dll

2009-08-31 03:01 19,000 a------- c:\windows\system32\kd1394.dll

2009-08-31 03:01 14,848 a------- c:\windows\system32\srdelayed.exe

2009-08-31 03:01 615,992 a------- c:\windows\system32\ci.dll

Link to comment
Share on other sites

again...

 

DDS report cont...

 

2009-08-30 13:25 <DIR> --d----- c:\users\cher\funnies

2009-08-30 12:34 4,981,248 a------- c:\windows\system32\NlsLexicons0013.dll

2009-08-30 12:33 6,346,240 a------- c:\windows\system32\NlsLexicons001d.dll

2009-08-30 12:32 2,643,456 a------- c:\windows\system32\NlsData000c.dll

2009-08-30 12:32 2,342,912 a------- c:\windows\system32\NlsData000d.dll

2009-08-30 12:32 1,965,056 a------- c:\windows\system32\NlsData000f.dll

2009-08-30 12:32 4,495,360 a------- c:\windows\system32\NlsData0416.dll

2009-08-30 12:32 4,495,360 a------- c:\windows\system32\NlsData0414.dll

2009-08-30 12:32 801,280 a------- c:\windows\system32\NaturalLanguage6.dll

2009-08-30 12:32 4,495,360 a------- c:\windows\system32\NlsData0816.dll

2009-08-30 12:32 1,965,056 a------- c:\windows\system32\NlsData081a.dll

2009-08-30 12:32 6,917,120 a------- c:\windows\system32\NlsLexicons0c1a.dll

2009-08-30 12:32 1,965,056 a------- c:\windows\system32\NlsData0c1a.dll

2009-08-30 12:27 24,064 a------- c:\windows\system32\amxread.dll

2009-08-30 12:27 13,824 a------- c:\windows\system32\apilogen.dll

2009-08-30 12:26 425,472 a------- c:\windows\system32\PhotoMetadataHandler.dll

2009-08-30 12:26 712,704 a------- c:\windows\system32\WindowsCodecs.dll

2009-08-30 12:26 347,136 a------- c:\windows\system32\WindowsCodecsExt.dll

2009-08-30 12:24 443,392 a------- c:\windows\system32\win32spl.dll

2009-08-30 12:24 37,888 a------- c:\windows\system32\printcom.dll

2009-08-30 12:24 113,664 a------- c:\windows\system32\drivers\rmcast.sys

2009-08-30 12:24 14,848 a------- c:\windows\system32\wshrm.dll

2009-08-30 12:23 8,147,456 a------- c:\windows\system32\wmploc.DLL

2009-08-30 12:23 7,680 a------- c:\windows\system32\spwmp.dll

2009-08-30 12:23 4,096 a------- c:\windows\system32\dxmasf.dll

2009-08-30 12:23 4,096 a------- c:\windows\system32\msdxm.ocx

2009-08-30 12:23 313,344 a------- c:\windows\system32\wmpdxm.dll

2009-08-30 12:23 43,520 a------- c:\windows\system32\msdxm.tlb

2009-08-30 12:23 18,432 a------- c:\windows\system32\amcompat.tlb

2009-08-30 12:22 288,768 a------- c:\windows\system32\drivers\srv.sys

2009-08-30 12:20 622,080 a------- c:\windows\system32\icardagt.exe

2009-08-30 12:20 97,800 a------- c:\windows\system32\infocardapi.dll

2009-08-30 12:20 37,384 a------- c:\windows\system32\infocardcpl.cpl

2009-08-30 12:20 11,264 a------- c:\windows\system32\icardres.dll

2009-08-30 12:20 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll

2009-08-30 12:20 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll

2009-08-30 12:20 326,160 a------- c:\windows\system32\PresentationHost.exe

2009-08-30 12:20 43,544 a------- c:\windows\system32\PresentationHostProxy.dll

2009-08-29 14:25 <DIR> --d----- c:\programdata\NVIDIA

2009-08-29 14:16 553 a------- c:\windows\USetup.iss

2009-08-29 14:15 109,088 a------- c:\windows\RTKAUDIOSERVICE.EXE

2009-08-29 14:15 4,874,240 a------- c:\windows\RtHDVCpl.exe

2009-08-29 14:15 1,191,936 a------- c:\windows\RtlUpd.exe

2009-08-29 14:15 339,968 a------- c:\windows\system32\SRSTSXT.dll

2009-08-29 14:15 135,168 a------- c:\windows\system32\SRSWOW.dll

2009-08-29 14:15 315,392 a------- c:\windows\HideWin.exe

2009-08-29 14:13 <DIR> --d----- c:\users\cher\appdata\roaming\WinBatch

2009-08-29 04:19 <DIR> --d-h--- C:\$AVG8.VAULT$

2009-08-29 03:48 2,048 a------- c:\windows\system32\tzres.dll

2009-08-29 03:47 361,984 a------- c:\windows\system32\IPSECSVC.DLL

2009-08-29 03:47 272,896 a------- c:\windows\system32\polstore.dll

2009-08-29 03:47 61,440 a------- c:\windows\system32\winipsec.dll

2009-08-29 03:47 28,672 a------- c:\windows\system32\FwRemoteSvr.dll

2009-08-29 03:47 1,820 a------- c:\windows\system32\rasctrnm.h

2009-08-29 03:46 241,152 a------- c:\windows\system32\PortableDeviceApi.dll

2009-08-29 03:46 94,720 a------- c:\windows\system32\PortableDeviceClassExtension.dll

2009-08-29 03:46 160,768 a------- c:\windows\system32\PortableDeviceTypes.dll

2009-08-29 03:44 428,544 a------- c:\windows\system32\EncDec.dll

2009-08-29 03:44 293,376 a------- c:\windows\system32\psisdecd.dll

2009-08-29 03:44 217,088 a------- c:\windows\system32\psisrndr.ax

2009-08-29 03:44 177,664 a------- c:\windows\system32\mpg2splt.ax

2009-08-29 03:44 80,896 a------- c:\windows\system32\MSNP.ax

2009-08-29 03:44 69,632 a------- c:\windows\system32\Mpeg2Data.ax

2009-08-29 03:44 57,856 a------- c:\windows\system32\MSDvbNP.ax

2009-08-29 03:43 12,880 a------- c:\windows\system32\wbem\wlan.mof

2009-08-29 03:42 2,033,152 a------- c:\windows\system32\win32k.sys

2009-08-29 03:41 289,792 a------- c:\windows\system32\atmfd.dll

2009-08-29 03:41 156,672 a------- c:\windows\system32\t2embed.dll

2009-08-29 03:41 72,704 a------- c:\windows\system32\fontsub.dll

2009-08-29 03:41 34,304 a------- c:\windows\system32\atmlib.dll

2009-08-29 03:41 23,552 a------- c:\windows\system32\lpk.dll

2009-08-29 03:41 10,240 a------- c:\windows\system32\dciman32.dll

2009-08-29 03:39 376,832 a------- c:\windows\system32\winhttp.dll

2009-08-29 03:38 71,680 a------- c:\windows\system32\atl.dll

2009-08-29 03:37 296,960 a------- c:\windows\system32\gdi32.dll

2009-08-29 03:36 212,480 a------- c:\windows\system32\drivers\mrxsmb10.sys

2009-08-29 03:35 562,176 a------- c:\windows\system32\msdtcprx.dll

Link to comment
Share on other sites

me again

 

DDS report cont...

 

2009-08-29 03:35 38,912 a------- c:\windows\system32\xolehlp.dll

2009-08-29 03:35 160,256 a------- c:\windows\system32\wkssvc.dll

2009-08-29 03:34 136,192 a------- c:\windows\system32\aaclient.dll

2009-08-29 03:34 53,248 a------- c:\windows\system32\tsgqec.dll

2009-08-29 03:34 2,066,432 a------- c:\windows\system32\mstscax.dll

2009-08-29 03:33 1,695,744 a------- c:\windows\system32\gameux.dll

2009-08-29 03:33 303,616 a------- c:\windows\system32\wmpeffects.dll

2009-08-29 03:32 1,191,936 a------- c:\windows\system32\msxml3.dll

2009-08-29 03:32 2,048 a------- c:\windows\system32\msxml3r.dll

2009-08-29 03:26 636,928 a------- c:\windows\system32\localspl.dll

2009-08-29 03:25 123,904 a------- c:\windows\system32\msvfw32.dll

2009-08-29 03:25 91,136 a------- c:\windows\system32\avifil32.dll

2009-08-29 03:25 82,944 a------- c:\windows\system32\mciavi32.dll

2009-08-29 03:25 65,024 a------- c:\windows\system32\avicap32.dll

2009-08-29 03:25 31,232 a------- c:\windows\system32\msvidc32.dll

2009-08-29 03:25 12,800 a------- c:\windows\system32\msrle32.dll

2009-08-29 03:23 6,932 a------- c:\windows\system32\Support.xml

2009-08-29 03:22 2,927,104 a------- c:\windows\explorer.exe

2009-08-29 03:21 15,872 a------- c:\windows\system32\hcrstco.dll

2009-08-29 03:21 8,704 a------- c:\windows\system32\hccoin.dll

2009-08-29 03:19 1,256,448 a------- c:\windows\system32\lsasrv.dll

2009-08-29 03:19 499,712 a------- c:\windows\system32\kerberos.dll

2009-08-29 03:19 439,896 a------- c:\windows\system32\drivers\ksecdd.sys

2009-08-29 03:19 213,504 a------- c:\windows\system32\msv1_0.dll

2009-08-29 03:19 175,104 a------- c:\windows\system32\wdigest.dll

2009-08-29 03:19 72,704 a------- c:\windows\system32\secur32.dll

2009-08-29 03:19 9,728 a------- c:\windows\system32\lsass.exe

2009-08-29 03:19 13,780 a------- c:\windows\system32\wbem\lsasrv.mof

2009-08-29 03:19 270,848 a------- c:\windows\system32\schannel.dll

2009-08-29 03:11 27,525,120 a------- c:\windows\ocsetup_install_NetFx3.etl

2009-08-29 03:11 327,680 a------- c:\windows\ocsetup_cbs_install_NetFx3.perf

2009-08-29 03:11 65,536 a------- c:\windows\ocsetup_cbs_install_NetFx3.dpx

2009-08-29 03:09 96,760 a------- c:\windows\system32\dfshim.dll

2009-08-29 03:09 41,984 a------- c:\windows\system32\netfxperf.dll

2009-08-29 03:09 282,112 a------- c:\windows\system32\mscoree.dll

2009-08-29 03:09 158,720 a------- c:\windows\system32\mscorier.dll

2009-08-29 03:09 83,968 a------- c:\windows\system32\mscories.dll

2009-08-29 03:03 98,816 a------- c:\windows\system32\mfps.dll

2009-08-29 03:03 53,248 a------- c:\windows\system32\rrinstaller.exe

2009-08-29 03:03 996,352 a------- c:\windows\system32\WMNetMgr.dll

2009-08-29 03:03 94,720 a------- c:\windows\system32\logagent.exe

2009-08-29 03:03 24,576 a------- c:\windows\system32\mfpmp.exe

2009-08-29 03:03 738,304 a------- c:\windows\system32\inetcomm.dll

2009-08-29 03:03 84,480 a------- c:\windows\system32\INETRES.dll

2009-08-29 03:03 1,645,568 a------- c:\windows\system32\connect.dll

2009-08-29 03:03 784,896 a------- c:\windows\system32\rpcrt4.dll

2009-08-29 03:03 1,314,816 a------- c:\windows\system32\quartz.dll

2009-08-29 03:02 <DIR> --d----- c:\program files\MSXML 4.0

2009-08-29 03:01 1,334,272 a------- c:\windows\system32\msxml6.dll

2009-08-29 03:01 2,048 a------- c:\windows\system32\msxml6r.dll

2009-08-29 00:28 <DIR> --d----- c:\users\cher\Scrapbook

2009-08-28 21:32 11,952 a------- c:\windows\system32\avgrsstx.dll

2009-08-28 21:32 108,552 a------- c:\windows\system32\drivers\avgtdix.sys

2009-08-28 21:32 335,240 a------- c:\windows\system32\drivers\avgldx86.sys

2009-08-28 21:31 <DIR> --d----- c:\windows\system32\drivers\Avg

2009-08-28 21:31 <DIR> --d----- c:\program files\AVG

2009-08-28 21:31 <DIR> --d----- c:\programdata\avg8

2009-08-28 21:31 <DIR> --d----- c:\progra~2\avg8

2009-08-28 21:26 1,774 a--shr-- c:\windows\system32\drivers\103C_HP_CPC_RN665AA-enu n7767c_YC_0Pavi_QMXX709_E71NAv3PrA4_49_ILEONITE_SASUSTek Computer INC._V5.00_B5.23_T071030_WUU0_L409_M2046_J320_7Intel_8Core2 6600_92.4_#080922_N168C001B_Z14F12F20_G10DE01DD.MRK

2009-08-28 11:32 <DIR> --d----- c:\users\cher\appdata\roaming\AVG8

2009-08-28 11:26 44 a------- c:\windows\system\hpsysdrv.dat

2009-08-28 11:24 1,524,736 a------- c:\windows\system32\wucltux.dll

2009-08-28 11:24 83,456 a------- c:\windows\system32\wudriver.dll

2009-08-28 11:24 162,064 a------- c:\windows\system32\wuwebv.dll

2009-08-28 11:24 31,232 a------- c:\windows\system32\wuapp.exe

2009-08-28 11:17 <DIR> --d----- c:\users\Cher

2009-08-28 11:14 <DIR> --dsh--- c:\programdata\Documents

2009-08-28 11:14 <DIR> --dsh--- C:\Documents and Settings

==================== Find3M ====================

 

2009-09-23 21:34 86,016 a------- c:\windows\inf\infstrng.dat

2009-09-23 21:34 51,200 a------- c:\windows\inf\infpub.dat

2009-09-10 14:17 174 a--sh--- c:\program files\desktop.ini

2009-09-10 14:11 86,016 a------- c:\windows\inf\infstor.dat

2009-09-10 13:53 665,600 a------- c:\windows\inf\drvindex.dat

2009-09-10 05:32 101,888 a------- c:\windows\system32\ifxcardm.dll

2009-09-10 05:32 82,432 a------- c:\windows\system32\axaltocm.dll

2009-08-30 12:34 3,331,072 a------- c:\windows\system32\NlsLexicons0018.dll

2009-08-30 12:33 9,892,864 a------- c:\windows\system32\NlsLexicons000a.dll

2009-08-30 12:28 3,599,328 a------- c:\windows\system32\ntkrnlpa.exe

2009-08-30 12:27 40,960 a------- c:\windows\apppatch\apihex86.dll

2009-08-30 12:25 72,704 a------- c:\windows\system32\admparse.dll

2009-08-30 12:25 827,904 a------- c:\windows\system32\wininet.dll

2009-08-30 12:25 78,336 a------- c:\windows\system32\ieencode.dll

2009-08-30 12:25 48,128 a------- c:\windows\system32\mshtmler.dll

2009-08-30 12:25 26,624 a------- c:\windows\system32\ieUnatt.exe

2009-08-29 14:15 319,456 a------- c:\windows\DIFxAPI.dll

2009-08-29 03:33 2,560 a------- c:\windows\apppatch\AcRes.dll

2009-08-29 03:33 52,736 a------- c:\windows\apppatch\iebrshim.dll

2009-08-28 08:39 173,056 a------- c:\windows\apppatch\AcXtrnal.dll

2009-08-28 08:38 2,153,984 a------- c:\windows\apppatch\AcGenral.dll

2009-08-28 08:38 541,696 a------- c:\windows\apppatch\AcLayers.dll

2009-08-28 08:38 459,776 a------- c:\windows\apppatch\AcSpecfc.dll

2009-07-13 20:17 129,784 -------- c:\windows\system32\PxAFS.DLL

2009-07-13 20:15 90,112 a------- c:\windows\system32\dpl100.dll

2009-07-13 20:15 823,296 a------- c:\windows\system32\divx_xx0c.dll

2009-07-13 20:15 823,296 a------- c:\windows\system32\divx_xx07.dll

2009-07-13 20:15 815,104 a------- c:\windows\system32\divx_xx0a.dll

2009-07-13 20:15 811,008 a------- c:\windows\system32\divx_xx16.dll

2009-07-13 20:15 802,816 a------- c:\windows\system32\divx_xx11.dll

2009-07-13 20:15 685,056 a------- c:\windows\system32\DivX.dll

2006-11-02 08:40 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat

2006-11-02 08:40 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat

2006-11-02 08:40 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat

2006-11-02 08:40 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat

2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat

2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat

2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat

2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

 

============= FINISH: 20:25:11.54 ===============

Link to comment
Share on other sites

final post!

 

Here is my attach file:

 

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

 

DDS (Ver_09-07-30.01)

 

Microsoft® Windows Vista™ Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 9/22/2008 2:30:06 PM

System Uptime: 9/24/2009 8:10:42 PM (0 hours ago)

 

Motherboard: ASUSTek Computer INC. | | LEONITE

Processor: Intel® Core2 CPU 6600 @ 2.40GHz | Socket 775 | 2400/266mhz

 

==== Disk Partitions =========================

 

C: is FIXED (NTFS) - 292 GiB total, 229.408 GiB free.

D: is FIXED (NTFS) - 6 GiB total, 0.881 GiB free.

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

 

==== Disabled Device Manager Items =============

 

==== System Restore Points ===================

 

 

==== Installed Programs ======================

 

32 Bit HP CIO Components Installer

5700_Help

AAC Decoder

Acrobat.com

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.1

Advanced SystemCare 3

Apple Application Support

Apple Software Update

AutoUpdate

AVG Free 8.5

BPD_Scan

BPDSoftware

BPDSoftware_Ini

BufferChm

CA Yahoo! Anti-Spy (remove only)

CoffeeCup Free HTML Editor

CoffeeCup Free Viewer Plus

Coupon Printer for Windows

CustomerResearchQFolder

Destination Component

DeviceManagementQFolder

DHTML Editing Component

DivX Codec

DivX Converter

DivX Player

DivX Plus DirectShow Filters

DivX Version Checker

DivX Web Player

DocProc

DocProcQFolder

Enhanced Multimedia Keyboard Solution

eSupportQFolder

Fax

H.264 Decoder

Hardware Diagnostic Tools

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Connections (remove only)

HP Customer Experience Enhancements

HP Customer Feedback

HP Customer Participation Program 8.0

HP Driver Diagnostics

HP Easy Setup - Core

HP Easy Setup - Frontend

HP Imaging Device Functions 8.0

HP OCR Software 8.0

HP Officejet All-In-One Series

HP Photosmart Essential

HP Picasso Media Center Add-In

HP Product Assistant

HP Solution Center 8.0

HP Total Care Advisor

HP Update

HPProductAssistant

HPSSupply

IcoFX 1.6.4

Intel® Matrix Storage Manager

Intel® Viiv™ Software

IObit Security 360 1.0

J5700

Java 6 Update 16

LightScribe 1.4.124.1

MarketResearch

Microsoft .NET Framework 3.5 SP1

Microsoft Visual C++ 2005 Redistributable

Microsoft Works

MKV Splitter

Mozilla Firefox (3.5.3)

MSXML 4.0 SP2 (KB954430)

muvee autoProducer 5.0

My HP Games

NVIDIA Drivers

ProductContext

Python 2.4.3

QuickTime

Realtek High Definition Audio Driver

Roxio Creator Audio

Roxio Creator Basic v9

Roxio Creator Copy

Roxio Creator Data

Roxio Creator EasyArchive

Roxio Creator Tools

Roxio Express Labeler 3

Scan

Soft Data Fax Modem with SmartCP

Software Informer 1.0 BETA

SolutionCenter

Status

Toolbox

TrayApp

Ultimate Extras sounds from Microsoft® Tinker™

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

VC80CRTRedist - 8.0.50727.762

VirusTotal Uploader

WebReg

Windows Sound Schemes

Xmarks for IE

Yahoo! BrowserPlus

Yahoo! Messenger

Yahoo! Software Update

Yahoo! Toolbar

 

==== End Of File ===========================

 

I'm not sure if I have a virus or just a failing hard drive. I just reformatted AGAIN a few weeks ago. HP has replaced my backup (D) harddrive twice since I've had this comp, about 3 yrs! I'm almost out of my extended warranty so I want to make sure it's nothing that I have done before I give them my phonecall.

 

Somebody once told me that hard drive failures are from updating Windows. That some updates can hurt your hard drive. Do you know anything about this?

 

Anyway, the past 4 or 5 days I have been having memory problems with my Vista. I will come to the comp and have notification for updates and when I click to update I get an error message about insignificant memory. So about 2 days ago this happened and nothing would open, not even my taskmanager using cntl,alt,delete. I couldn't even shut it down correctly, I had to push the button and kill it.

 

I tried to do a system restore via F11 on startup. It ran through like it normally would but in the end it said that it couldn't be completed, tried it 3 times. And I was also getting messages that I didn't have approval to do this or that.

 

Then I started in safe mode but I didn't change anything and it has worked ok since then. Until today when I came to the comp. I couldn't do my updates due to insufficient memory but I was able to do a regular shut down. When I restarted everything was fine. Am I using too much RAM?

 

Didn't mean to chew your ear off but I thought it might be helpful if you knew the reason I posted my log besides knowing which programs aren't viruses.

 

Thanks again!

Cher :mrgreen:

Link to comment
Share on other sites

Somebody once told me that hard drive failures are from updating Windows. That some updates can hurt your hard drive. Do you know anything about this?
Don't believe everything you hear. :wink:

 

Windows Updates, among many other things, help keep your computer stable. Without them all Windows users would be in big trouble.

 

Am I using too much RAM?
Vista uses all of the available RAM/Memory it can. That's not a bad thing as it helps to improve performance.

 

Sounds like you might have some bad RAM installed. Do you know how much is installed?

 

....besides knowing which programs aren't viruses.
I don't see anything to indicate a malware problem. You might try testing your Memory. Instructions here. -> Test Your Computer’s Memory Using Windows Vista Memory Diagnostic Tool

 

It also wouldn't hurt to double check for malware with an online virus scanner. The ESET FREE Online Virus Scan is very good and it removes what it finds for free.

 

Let me know if you have any other questions. :-D

Link to comment
Share on other sites

thanks

 

Thanks for the response to ALL those questions.

I did run the memory test both with windows and on startup.

 

I've been trying to get my comp to boot for the past 2 days. I removed a few things in safe mode and did a backup.

 

I'm not sure even how to explain this but somehow my disc drives got inverted. They show correctly when I check them but while trying to do a sys restore it had my drive D (backup) setup as the partition with windows on it.

 

I hope I don't have to do a full restore again but at least I have my backup :lol:

 

I'm gonna try that malware link. Thank you I am also going to disable Win Defender since I was reading some posts that gave it a thumbs down.

 

I'll get it figured out soon

 

Link to comment
Share on other sites

Windows Defender isn't bad but it isn't the best either and shouldn't interfere with anything. It also has some other useful tools like a startup manager.

 

Let's have a look at the MBR real quick.

 

Download the MBR Rootkit Detector to your desktop.

 

 

* Doubleclick mbr.exe and follow prompts.

* A black DOS window will quickly appear then disappear.

* When mbr.exe is finished it will create a log on your desktop.

* Copy and paste contents of that log file to your next reply.

Link to comment
Share on other sites

doesn't look good

 

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.6 by Gmer, http://www.gmer.net

 

device: opened successfully

user: error reading MBR

kernel: error reading MBR

 

I tried it several times! I hope this isn't as bad as it looks.

 

Earlier today I ran windows resource protections via sfc/scannow using the cmd promt.

 

here is what it said:

 

Windows resouce protection found courrupt files but was unable to fix some of them. Details are included in the CBX.log.

 

Notebook would'nt let me open the log "access is denied"

 

But windows explorer has been running faster and I haven't gotten the "not responding" notice since.

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...