AfterDawn Forums

Had Department of Justice money pack virus. Now computer is acting strange. Could someone take a look at my hijackthis log?

This discussion thread has 64 messages.

#1
I had the Department of Justice money pack virus. The only way I could get it removed without paying money for a removal tool was to do a system restore. My computer is still acting a little slow and slightly odd. But now that I think about it was doing that before I had the infection.

I have done a scan with kaspersk rescue disk as well as malwarebytes.

Would anyone mind taking a look at my log and pointing me in the right direction?


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:42:55 PM, on 12/9/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
C:\ProgramData\FLEXnet\Connect\11\agent.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files (x86)\Cloudmark\Desktop\Service\cdswin.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Google\Google Talk\googletalk.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\Tommy\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Bho - {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ieShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: ShopAtHomeIEHelper - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (file missing)
O2 - BHO: Download and Sa - {F5DC4535-D55A-B7DF-58D6-F9317C7209CA} - C:\ProgramData\Download and Sa\50a6be56978c3.ocx
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O3 - Toolbar: ShopAtHome.com Toolbar - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (file missing)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking12\Ereg.ini"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
O4 - HKCU\..\Run: [Google Update] "C:\Users\Tommy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [Steam] "F:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1727603458-3655430775-3759167011-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1727603458-3655430775-3759167011-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: Cloudmark DesktopOne.lnk = C:\Program Files (x86)\Cloudmark\Desktop\Service\cdswin.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/i...tDetection2.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://ec2-174-129-18-125.compute-1.ama...eivers/FMSI.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Dragon Service (DragonSvc) - Nuance Communications, Inc. - C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Unknown owner - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.22\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13723 bytes
This message has been edited since its posting. Latest edit was made on 09 Dec 2012 @ 18:50
▼▼ This topic has 63 answers - they are below this advertisement ▼▼
AfterDawn Advertisement
#2
Hi wheelstb,

Had a fellow the other day with a fixed money pack virus and it left him a nasty little rootkit.

Let’s see if you have the same problem…..
Your HJT Log is not bad, just a few leftovers that are not harmful.


Please download the TDSSKiller.exe by Kaspersky...
http://www.bleepingcomputer.com/download/tdsskiller/dl/4/
save it to your Desktop. <-Important!!!

• Right-click on TDSSKiller.exe and select "Run as administrator" to run the tool for known TDSS variants.

• Click the Start Scan button. Do not use the computer during the scan!

• If the scan completes with nothing found, click Close to exit.

• If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.

o Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.


Next:

Download Emsisoft Emergency Kit from this page: http://www.emsisoft.com/en/software/eek/

Once it's finished downloading, extract the contents from the zip file. Then double click on the file called "start" and open the "Emergency Kit Scanner". When prompted allow it to update the database. Once it's updated select the option to go "Back To Security Status". Then go to "Scan now" and select the option to perform a "Deep Scan". Once the scan is complete remove all detected items. Restart whenever required.

Let me know the outcome…
2oG



There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
#3
I don't get anymore viruses since I installed Avast anti-virus.

20 Year U.S.Army Veteran.Vietnam 1969-1972 101st Abn.Div.
#4
dont rely too much on any one antivirus.prudence when surfing the net is your first line of defence.ive used avast in the past and gotten stung.i guess what im saying is that virus and malware defence relies on more than one defence.
#5
I just switched to a vast antivirus and that's when the problem occurred. But I agree with Alden. The best defense is a layered approach. Every time I switch antivirus programs the new one always find something else that the other one was missing when you complete a scan.
#6
Originally posted by 2oldGeek:
Hi wheelstb,

Had a fellow the other day with a fixed money pack virus and it left him a nasty little rootkit.

Let’s see if you have the same problem…..
Your HJT Log is not bad, just a few leftovers that are not harmful.


Please download the TDSSKiller.exe by Kaspersky...
http://www.bleepingcomputer.com/download/tdsskiller/dl/4/
save it to your Desktop. <-Important!!!

• Right-click on TDSSKiller.exe and select "Run as administrator" to run the tool for known TDSS variants.

• Click the Start Scan button. Do not use the computer during the scan!

• If the scan completes with nothing found, click Close to exit.

• If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.

o Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.


Next:

Download Emsisoft Emergency Kit from this page: http://www.emsisoft.com/en/software/eek/

Once it's finished downloading, extract the contents from the zip file. Then double click on the file called "start" and open the "Emergency Kit Scanner". When prompted allow it to update the database. Once it's updated select the option to go "Back To Security Status". Then go to "Scan now" and select the option to perform a "Deep Scan". Once the scan is complete remove all detected items. Restart whenever required.

Let me know the outcome…
2oG

Okay, I will definitely give you advice a try. First I want to read about it so I know exactly what I'm doing. I don't doubt you, I just like to take the opportunity to learn something. That's why I don't mind getting a virus in the first place because I always get to learn something during the removal. As long as the virus isn't catastrophic of course.

I will write back letting everyone know how it goes.

Thanks again.
#7
Originally posted by wheelstb:

Okay, I will definitely give you advice a try. First I want to read about it so I know exactly what I'm doing. I don't doubt you, I just like to take the opportunity to learn something. That's why I don't mind getting a virus in the first place because I always get to learn something during the removal. As long as the virus isn't catastrophic of course.

I will write back letting everyone know how it goes.

Thanks again.
After working with computers for 50 yrs I feel my advice is sound.
Good judgment comes from experience and experience comes from a lot of bad judgment.


All kidding aside, ask anyone on here who knows my reputation, if you want your computer fixed, follow my advice.

You can either do the things I ask, or not. Your choice. Your computer. Helping you is my choice, my time. If you didn’t know it, the pay on this site “SUCKS POUND WATER!”


2oG
That’s 2 not “Too”, old with a small “o” and Geek with a Capital “G”….



There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
#8
The Kaspersky root kit removal tool found one entry of a medium threat level. I did not see a cure option available so, I chose to copy the object to the quarantine. Then I reran the scan and deleted the object. I do not remember what it was called. It seems to have been part of a possibly necessary file because now when I boot the computer I receive an error message from Damon tools.


Below I have posted the results for my emsisoft scan. It seems to me like Emisisoft is a remarkable anti-malware program. I ran several anti-malware programs all of them missed these issues. Can anyone explain to me what makes it so unique or remarkable? Just curious.

Emsisoft Emergency Kit - Version 3.0
Last update: 12/11/2012 5:52:58 PM

Scan settings:

Scan type: Deep Scan
Objects: Rootkits, Memory, Traces, C:\, F:\, H:\

Detect Riskware: Off
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start: 12/11/2012 5:53:20 PM

C:\Program Files (x86)\Rushmore Casino\ detected: Trace.File.RushmoreCasino (A)
C:\Program Files (x86)\Rushmore Casino\_patch\ detected: Trace.File.RushmoreCasino (A)
C:\Program Files (x86)\Rushmore Casino\fonts\ detected: Trace.File.RushmoreCasino (A)
C:\Program Files (x86)\Rushmore Casino\installed\ detected: Trace.File.RushmoreCasino (A)
C:\Program Files (x86)\Rushmore Casino\rsc\ detected: Trace.File.RushmoreCasino (A)
C:\Program Files (x86)\Rushmore Casino\sounds\ detected: Trace.File.RushmoreCasino (A)
C:\Program Files (x86)\Rushmore Casino\temp\ detected: Trace.File.RushmoreCasino (A)
C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rushmore Casino\ detected: Trace.File.RushmoreCasino (A)
C:\Program Files (x86)\Rushmore Casino\Rushmore Casino.ico detected: Trace.File.RushmoreCasino (A)
C:\Program Files (x86)\Rushmore Casino\casino.dll detected: Trace.File.RushmoreCasino (A)
C:\Program Files (x86)\Rushmore Casino\lobby.dll detected: Trace.File.RushmoreCasino (A)
C:\Program Files (x86)\Rushmore Casino\casino.ico detected: Trace.File.RushmoreCasino (A)
C:\Program Files (x86)\Rushmore Casino\casino.ini detected: Trace.File.RushmoreCasino (A)
C:\Program Files (x86)\Rushmore Casino\lobby.ini detected: Trace.File.RushmoreCasino (A)
C:\Users\Tommy\Desktop\Rushmore Casino.lnk detected: Trace.File.RushmoreCasino (A)
C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rushmore Casino\Rushmore Casino.lnk detected: Trace.File.RushmoreCasino (A)
Value: HKEY_CLASSES_ROOT\CLSID\{0AF8185C-26D7-4607-A005-7D586B750C38}\INPROCSERVER32 -> ThreadingModel detected: Trace.Registry.Blubster (A)
Value: HKEY_CLASSES_ROOT\CLSID\{5BF31631-3D94-4267-B6F4-0CE18B008928}\INPROCSERVER32 -> ThreadingModel detected: Trace.Registry.Blubster (A)
F:\Program Files (x86)\Microsoft Games\Fable III\paul.dll detected: Trojan.Generic.8197235 (B)
H:\artisteer\use\2s\Linezer0.part01.rar -> Lz0\Keygen.exe detected: Gen:Variant.Minggy.2 (B)
H:\artisteer\use\lzumma15.zip -> Linezer0.part01.rar -> Lz0\Keygen.exe detected: Gen:Variant.Minggy.2 (B)

Scanned 709390
Found 21
#9
Originally posted by 2oldGeek:
Originally posted by wheelstb:

Okay, I will definitely give you advice a try. First I want to read about it so I know exactly what I'm doing. I don't doubt you, I just like to take the opportunity to learn something. That's why I don't mind getting a virus in the first place because I always get to learn something during the removal. As long as the virus isn't catastrophic of course.

I will write back letting everyone know how it goes.

Thanks again.
After working with computers for 50 yrs I feel my advice is sound.
Good judgment comes from experience and experience comes from a lot of bad judgment.


All kidding aside, ask anyone on here who knows my reputation, if you want your computer fixed, follow my advice.

You can either do the things I ask, or not. Your choice. Your computer. Helping you is my choice, my time. If you didn’t know it, the pay on this site “SUCKS POUND WATER!”


2oG
That’s 2 not “Too”, old with a small “o” and Geek with a Capital “G”….
I trust your opinion. You have helped me a couple of times before. I hope I didn't offend you in that post. I wasn't questioning anything you were telling me I was simply trying to understand what you were telling me so that I can learn something instead of blindly following directions. Thank you for the help I really do appreciate it.
#10
Originally posted by wheelstb:
The Kaspersky root kit removal tool found one entry of a medium threat level. I did not see a cure option available so, I chose to copy the object to the quarantine. Then I reran the scan and deleted the object. I do not remember what it was called. It seems to have been part of a possibly necessary file because now when I boot the computer I receive an error message from Damon tools.


Below I have posted the results for my emsisoft scan. It seems to me like Emisisoft is a remarkable anti-malware program. I ran several anti-malware programs all of them missed these issues. Can anyone explain to me what makes it so unique or remarkable? Just curious.

Kaspersky has some false positives.. if you believe that is what you had you can restore it from quarantine..

emsisoft is unique because it gets malware signatures from other malware companies. right now it has over 12 1/2 million signatures that it scans for.

gotta go to work now will catch you later...

2oG



There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
#11
Thank you for the help.

I do have a couple of quick questions for you if you don't mind. I have been bouncing around between free antivirus and anti-spyware programs, I just can't seem to find any I like. What are your recommendations for free antivirus and anti-spyware?

Thanks and I apologize again if I offended you earlier I did not mean to.
#12
Originally posted by wheelstb:
Thanks and I apologize again if I offended you earlier I did not mean to.
Hey,wheels, I’m sorry if I sounded offended. I was NOT! I never get offended, but I try to tell it like it is without offending someone else…

Your AV and ASW programs humm.. you must know that I don’t run in the same channel as everyone else and use scanning progs that most have never heard of.

I believe in layered protection and being able to recover from a catastrophe in as little as 7 or 8 minutes. I very seldom get a virus that I didn’t knowingly download just to see what has to be done to defeat it. I know, but it’s very difficult to guide someone else on removing it.. I work 40+ hours a week and have little time for writing guides and trying to keep my bride happy.. lol

I do think I will list what I am using and what I recommend so a few may learn from that… maybe soon, I hope.

In the meantime, do this for me and I’ll help you get your machine in top shape.

Please download and save SecurityCheck.exe to your Desktop from one of the links below.

Link 1 http://www.bleepingcomputer.com/download/securitycheck/
Link 2 http://screen317.spywareinfoforum.org/SecurityCheck.exe

• Double-click SecurityCheck.exe then follow the on-screen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt

Please post the contents of that document and a fresh HJT Log in your next reply.
Also, tell me and try to describe any problems that you are having with your computer.
I may ask for some more logs. I must rely on that in order to see into your computer.

TNX,
2oG



There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
#13
I will do that. Thank you for the help.
#14
Quote:
All kidding aside, ask anyone on here who knows my reputation, if you want your computer fixed, follow my advice.
Who are you again? ;)

Quote:
What are your recommendations for free antivirus and anti-spyware?
My laptop runs Comodo Firewall (don't particularly rate Comodo 'Internet Security', which it's also a part of) and Avira antivirus, FWIW. Used to always go with avast! but ditched it for a reason that I no longer recall. HitmanPro is another similar to emsisoft, Malwarebytes etc.

I wouldn't call them recommendations because I'm reasonably confident I would get by just fine without them, but you should be running an ad-blocker and a reasonable sense of web-awareness is definitely important.


#15
Gees, Ripper.. I’m glad you bit your tongue and didn’t tell what you know about me… LOL

No.1 get a Router set it to a Secure DNS like Comodo Firewall has or I like Norton DNS

2. use a safe browser like Firefox and use Adblock plus and maybe NoScript if you are knowledgable

3. use an AV most are good enough some are just a little better check them out at AV Comparitives Avast is good has a sandbox and HIPS (I think)

After those 3 things don’t worry about the rest………



There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
#16
Originally posted by wheelstb:
I do have a couple of quick questions for you if you don't mind. I have been bouncing around between free antivirus and anti-spyware programs, I just can't seem to find any I like. What are your recommendations for free antivirus and anti-spyware?
Sorry I didn’t give much info on the last post. Was really tired from a long day and my thinking cap wasn’t working…..

Why use a router? And why is that my No.1 priority for blocking malware?

Do you really need a router when you get a cable broadband Internet service?

My answer, is always, "Yes!"

Your cable company might tell you that you only need a router if you’re going to have a home network. Remember that these are the same people that used to tell us that we don’t need a firewall because they had one.

You DO need a router, even if you only have one computer that you’re connecting.
Think of it this way. Do you need a lock on your door?

The router functions to lock the Internet away from your computer. If your computer asks for something from the Internet, it asks the router. The router asks the IP address on the Internet.
The server at the other end can respond, and the router will know to which computer to route the response. But, no computer on the Internet side can INITIATE communications with your computer. In order to receive something you must request it.

With a router your computer will not have an IP address on the Internet. Its address would be on the local home network (even if that network is nothing but one router and one computer). The WAN port of the router is the only thing that has exposure to the Internet.

So, what’s the big protection if you’re already running a software firewall? The importance is that you simply are not accessible. Some of the Windows flaws have been such that Windows itself would be subverted before a firewall program ever had a chance to block an incoming connection. With a router, we prevent that incoming connection…

Also, you will need something to keep you from clicking on and requesting an ad that has a Nasty under its belt… That is why, I recommend Adblock Plus so they will be blocked and not tempt you to click on them.


You should also use a secure DNS service - I'll give more detail on that one later..


What AntiVirus should I use?

AV-Comparatives is a non-profit, independent, AV Testing Organization that test all AV’s the same way with NO hype.

This is the November tests. Check it out:
http://www.av-comparatives.org/images/docs/avc_fdt_201209_en.pdf

They have a rating system that has 4 categories. 3 Stars = Advanced+, 2 Stars = Advanced, 1Star = Standard and no Star = just Tested and not up to an award.

Why pay for an Antivirus, several Antivirus publishers offer a free version.
e.g. Avira, Avast, AVG and Microsoft

Avira is no.1 and Avast is no.10 in the Advanced+, 3 Star category.
AVG and Microsoft are both in the Standard, 1 Star Category.

I've been a user of free versions for many years.

Generally speaking the detection engine and libraries are the same in FREE and Paid version.

One glaring difference is that the FREE version is for HOME use only.

Other than that, there ARE some differences in the paid version over the free version. All of which can be found on the respective websites of each product. They want you to know the difference so you are encouraged to buy the product.

I recently found this about AVAST,... it appears they are bridging the gap between free and paid versions.

I have been a big fan of Avira over the past years. I use the paid version of Malwarebytes with a real time scanner and have found it to be extremely efficient. The newest version of Avira has conflicts with MBAM and so I have been trying out and testing Avast. So far, I love it! Even the Free version has 8 different shields to block crapola….

Chew on that and I’ll tell you what I use to keep from loosing my OS, Settings, Data and programs due to Malware or Drive failure….


2oG
Not 2 old 2 Geek I still know how to get rid of bugs..




There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
#17
Wow! Thank you for all of the information. I think it's going to take me a while to digest it all. Again, I appreciate the wealth of information you have presented me with because I always like to take any opportunity to learn as much as I can.

I have usedAntivir as well and I like that quite a bit. I don't know why I decided to go with something else different this time.

Since our last conversation my computer has been running increasingly slowly. Granted, I think it has been about three years since I have reformatted but I noticed that everything have been noticeably slower over the past couple of weeks.

I have my hard drives automatically defragmented once a week using the Windows defragmentation tool.

I have found nothing with any of the various malware scanning programs.

Use the registry cleaning tool in CC cleaner. Surprisingly it has never reported that anything is needing to be fixed or out of place. That seems odd to me I would have expected it to come up with at least something, it has been several months since I have run it and I don't remember exactly what changes I have made the my computer during that time but I'm sure there is something that should have had an effect on the registry.

Thanks for the help I appreciate it. Have a great holiday season.
#18
Originally posted by wheelstb:
Since our last conversation my computer has been running increasingly slowly. Granted, I think it has been about three years since I have reformatted but I noticed that everything have been noticeably slower over the past couple of weeks.

I have my hard drives automatically defragmented once a week using the Windows defragmentation tool.

I have found nothing with any of the various malware scanning programs.

Hi wheels,

I, and other Geeks, have found that; over time Windows Defrag will develop what we call “Bit Rot” and will become increasingly slower. There are several ways to correct this that are not as intrusive as a re-format/re-install.

I will make notes in red italics so that you and anyone that follows this will know what and why I am doing what I call for…

Let’s do a little looking and see if we can figure out just why you have slowed down…

Please send me the Logs I request so that I’ll be able to look into your computer for some clues..

First, let’s do a little Pre-Cleaning of any leftover unused files and Post the Logs so I can see what we need to do…

Download and Run Temp File Cleaner (TFC.exe)
This gets rid of unused Temp Files better than CCleaner.

Download Temp File Cleaner and save it to your desktop.

You might want to Save any unsaved work. TFC will close ALL open programs... including your browser!

Double click to run it.
If you have a lot of junk files to remove, it could take a while, so please be patient and let it finish.
When it's done, it will report the total size of files removed. If it asks to Reboot, choose to do so. This will remove files that could not be removed while Windows was running.
After Restart, log back in to your usual account.



Junkware Removal Tool
This will get rid of unnecessary files that may have been downloaded by not clicking the right box when downloading something else. Not always bad but usually unnecessary.

1. Please download jrt.exe ... and save it to your desktop. Alternate download here.
2. Please temporarily disable your security/protection software as found here, to avoid potential conflicts.
3. If running Vista or Win7... right-click jrt.exe and select "Run as Administrator",
otherwise just double click it.
The tool will open and start scanning your system. Please be patient, it can take a while depending on your system.
On completion, a log file JRT.txt is saved to your desktop and will automatically open.
4. Please copy and paste the contents of JRT.txt and post in your next reply.



Security Application Check:
This will give me your Security and Hard drive (fragmentation) Status.

Please download and save SecurityCheck.exe to your Desktop from one of the links below.

Link 1 http://www.bleepingcomputer.com/download/securitycheck/
Link 2 http://screen317.spywareinfoforum.org/SecurityCheck.exe
• Double-click SecurityCheck.exe then follow the on-screen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt
• Please post the contents of the checkup.txt in your next reply.



Download and Run HijackThis.exe
HJT has never been updated to a 64bit version but, if one knows its limitations, it is still a good tool.

Download TrendMicro HijackThis.exe and save it to your desktop.
• Double-click on HJTInstall.exe
• Click on the Install button.
• It will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe.
• Upon install, HijackThis should open for you.
• Click on the Main Menu button
• Click on the Do a system scan and save a log file button
• Hijackthis will scan and then a log will open in notepad.
Copy and then paste the entire contents of the log in your next post.
Do not have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.



Make an uninstall list using HijackThis
This will give me a list of the programs installed on your computer and which ones, if needed, can be uninstalled easily.

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in your next reply.



Please post the HijackThis log, JRT Log, Checkup Log and Uninstall list in your next reply.

That’s 4 Logs I need so that I can find any problems you may have that are slowing you down.

TNX
2OG



There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
#19
I have let my avast subscription expire, im going to go with antivir wich i will install tonight. that being said, here are mo logs. thanks again for the help.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.2.8 (12.27.2012:2)
OS: Windows 7 Home Premium x64
Ran by Tommy on Thu 12/27/2012 at 19:51:36.90
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{98279c38-de4b-4bcf-93c9-8ec26069d6f4}



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\conduit
Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\datamngr
Successfully deleted: [Registry Key] hkey_current_user\software\softonic
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\searchqutoolbar
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\searchqumediabar_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\searchqumediabar_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\setupdatamngr_searchqu_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\setupdatamngr_searchqu_rasmancs
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{98279c38-de4b-4bcf-93c9-8ec26069d6f4}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{99079a25-328f-4bd4-be04-00955acaa0a7}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2406}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2406}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{e8daaa30-6caa-4b58-9603-8e54238219e2}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{e8daaa30-6caa-4b58-9603-8e54238219e2}



~~~ Files

Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\download and sa"
Successfully deleted: [Folder] "C:\ProgramData\installmate"
Successfully deleted: [Folder] "C:\ProgramData\premium"
Successfully deleted: [Folder] "C:\Users\Tommy\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\Tommy\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Users\Tommy\appdata\locallow\searchquband"
Successfully deleted: [Folder] "C:\Program Files (x86)\daemon tools toolbar"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 12/27/2012 at 19:58:18.63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


when I try to run securitycheck, it says unsupported operating system and the program does not proceed any further. I am running Windows 7 64-bit which is supposed to be supported by the program.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:17:21 PM, on 12/27/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
F:\Program Files (x86)\Steam\steam.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Cloudmark\Desktop\Service\cdswin.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\ProgramData\FLEXnet\Connect\11\agent.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Google\Google Talk\googletalk.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\KnowBrainer2012\start.exe
C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\natspeak.exe
C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\dnsspserver.exe
C:\Users\Tommy\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Bho - {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ieShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Download and Sa - {F5DC4535-D55A-B7DF-58D6-F9317C7209CA} - C:\ProgramData\Download and Sa\50a6be56978c3.ocx (file missing)
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking12\Ereg.ini"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
O4 - HKCU\..\Run: [Google Update] "C:\Users\Tommy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [Steam] "F:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1727603458-3655430775-3759167011-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1727603458-3655430775-3759167011-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: Cloudmark DesktopOne.lnk = C:\Program Files (x86)\Cloudmark\Desktop\Service\cdswin.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/i...tDetection2.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://ec2-174-129-18-125.compute-1.ama...eivers/FMSI.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Dragon Service (DragonSvc) - Nuance Communications, Inc. - C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Unknown owner - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.22\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13467 bytes







1Click DVD Copy Pro 4.0.6.2
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
7-Zip 9.20
Acrobat.com
Acrobat.com
Acronis True Image Home
Adobe Community Help
Adobe Community Help
Adobe Creative Suite 5 Master Collection
Adobe Download Assistant
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Media Player
Adobe Reader 9.4.7
Apple Application Support
Apple Software Update
Assassin's Creed II
Audible Download Manager
AudibleManager
Auslogics Duplicate File Finder
avast! Free Antivirus
CDBurnerXP
Cloudmark DesktopOne
Comodo Dragon
Company of Heroes
CueCard (remove only)
DAEMON Tools Lite
DiRT 3
DiRT 3
Download and Sa
Dragon NaturallySpeaking 12
Driver San Francisco
DVD Shrink 3.2
Fable III
Fable III
Fable III
Fraps
Free NaturalReader
Full Tilt Poker
Futuremark SystemInfo
Google Talk (remove only)
Google Talk Plugin
HijackThis 1.99.1
HP Product Detection
HP Update
ImgBurn
Java(TM) 6 Update 20
Java(TM) 6 Update 21
jMemorize
KB2011
Kernel EML Viewer ver 10.09.01
KnowBrainer2012
Malwarebytes Anti-Malware version 1.65.1.1000
MediaMonkey 3.2
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Minefield (3.7a5pre)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Need for Speed Most Wanted
Need for Speed(TM) Hot Pursuit
Need for Speed™ Carbon
Need for Speed™ Most Wanted
Need for Speed™ SHIFT
Need for Speed™ The Run
Nero 7 Premium
neroxml
NewsLeecher v5.0 Beta 15
NHL® 09
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OnLive
OpenAL
Origin
PDF Settings CS5
Portal 2
Portal 2
Prince of Persia The Forgotten Sands
Prince of Persia® Las Arenas Olvidadas
Pure
PxMergeModule
QuickPar 0.9
QuickTime
Rainlendar2 (remove only)
Rapture3D 2.4.8 Game
Rayman Origins
ResumeMaker
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
SHIFT 2 UNLEASHED™
ShopAtHome.com Toolbar
Slice Audio File Splitter
Sonic Adventure 2 (c) SEGA version 1
Split/Second
Spybot - Search & Destroy
StarCraft II
Steam
SUPERAntiSpyware Free Edition
Time Clock MTS V2.5.8
TMPGEnc 4.0 XPress
Tom Clancy's H.A.W.X
Tom Clancy's H.A.W.X. 2
TomTom HOME 2.8.3.2499
TomTom HOME Visual Studio Merge Modules
TuneUp 2.4.6.4
Ubisoft Game Launcher
Ultimate Spider-Man (TM)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Visual Studio 2008 x64 Redistributables
VLC media player 1.1.9
WampServer 2.2
WavePad Sound Editor
winLAME 2010 beta 1
World in Conflict
ZipALot (remove only)
#20
Quote:
My laptop runs Comodo Firewall (don't particularly rate Comodo 'Internet Security', which it's also a part of) and Avira antivirus, FWIW. Used to always go with avast! but ditched it for a reason that I no longer recall. HitmanPro is another similar to emsisoft, Malwarebytes etc.

I wouldn't call them recommendations because I'm reasonably confident I would get by just fine without them, but you should be running an ad-blocker and a reasonable sense of web-awareness is definitely important.

--------------------------------------------------------------------------------

I am also using the commando firewall. I haven't exactly figured out what commando Internet security is for. I am probably going to remove it. Like you I am also using and prefer avira free edition. I don't know why but it seems like I always keep coming back to avira, it seems to do a fairly decent job and is very un-invasive.


I thought somebody above asked how many programs I am running. According to the processes tab in the task manager there are 73 processes running. I did just delete a bunch of programs.
This message has been edited since its posting. Latest edit was made on 28 Dec 2012 @ 20:53
#21
I have just removed a bunch of programs and various software. Here is a new copy of my hiJackthis uninstall log.



1Click DVD Copy Pro 4.0.6.2
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
7-Zip 9.20
Acronis True Image Home
Adobe Creative Suite 5 Master Collection
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.4.7
Apple Application Support
Apple Software Update
Assassin's Creed II
Audible Download Manager
AudibleManager
Auslogics Duplicate File Finder
Avira Free Antivirus
CDBurnerXP
Cloudmark DesktopOne
Comodo Dragon
Company of Heroes
DAEMON Tools Lite
Dragon NaturallySpeaking 12
Driver San Francisco
DVD Shrink 3.2
Fable III
Fable III
Fable III
Google Talk (remove only)
Google Talk Plugin
HijackThis 1.99.1
HP Product Detection
HP Update
ImgBurn
Java(TM) 6 Update 20
Java(TM) 6 Update 21
jMemorize
Kernel EML Viewer ver 10.09.01
KnowBrainer2012
Malwarebytes Anti-Malware version 1.65.1.1000
MediaMonkey 3.2
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Minefield (3.7a5pre)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Need for Speed(TM) Hot Pursuit
Need for Speed™ Carbon
Need for Speed™ Most Wanted
Need for Speed™ SHIFT
Need for Speed™ The Run
neroxml
NewsLeecher v5.0 Beta 15
NHL® 09
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OnLive
Origin
PDF Settings CS5
Portal 2
Portal 2
Pure
PxMergeModule
QuickPar 0.9
Rainlendar2 (remove only)
Rapture3D 2.4.8 Game
Rayman Origins
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Slice Audio File Splitter
Split/Second
Spybot - Search & Destroy
StarCraft II
Steam
SUPERAntiSpyware Free Edition
Time Clock MTS V2.5.8
TMPGEnc 4.0 XPress
Tom Clancy's H.A.W.X
Tom Clancy's H.A.W.X. 2
TomTom HOME 2.8.3.2499
TomTom HOME Visual Studio Merge Modules
TuneUp 2.4.6.4
Ubisoft Game Launcher
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Visual Studio 2008 x64 Redistributables
VLC media player 1.1.9
WampServer 2.2
ZipALot (remove only)

thank you again to everyone for the help. I really do appreciate it.
#22
that is not a HJT log it's just a installed programs list which can be used but, if you keep changing things before I have a chance to look at your Logs..... you don't need and help.



There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
#23
sorry.
#24
Quote:
I thought somebody above asked how many programs I am running. According to the processes tab in the task manager there are 73 processes running. I did just delete a bunch of programs.
out of 25 programs you are starting, only about 6 are unnecessary to run all the time.

the computer needs a LOT of processes running in order to operate correctly. task manager is NOT the place to see what processes are really needed. you can kill your machine by deleting processes there! all you should be concerned with are the programs that appear in the 04 lines in HJT...

I can help anyone that follows my instructions and doesn't add/delete or run programs that I do not ask for. that makes it extremely difficult to keep up with what is happening and to much time is wasted having to re-read and re-analyze the logs two or three times.

as I always say, it's your computer, your choice but if you need or want help, do as I say do.. My Time, My Choice.

Try not to pee on the electric fence.....



There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
#25
I did not do any of the removing of programs in the task manager. I went through the control panel.
This discussion thread has been automatically closed, as it hasn't received any new posts during the last 180 days. This means that you can't post replies or new questions to this discussion thread.

If you have something to add to this topic, use this page to post your question or comments to a new discussion thread.