1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Had Department of Justice money pack virus. Now computer is acting strange. Could someone take a look at my hijackthis log?

Discussion in 'Windows - Virus and spyware problems' started by wheelstb, Dec 9, 2012.

  1. wheelstb

    wheelstb Regular member

    Joined:
    Jan 15, 2007
    Messages:
    531
    Likes Received:
    0
    Trophy Points:
    26



    I had the Department of Justice money pack virus. The only way I could get it removed without paying money for a removal tool was to do a system restore. My computer is still acting a little slow and slightly odd. But now that I think about it was doing that before I had the infection.

    I have done a scan with kaspersk rescue disk as well as malwarebytes.

    Would anyone mind taking a look at my log and pointing me in the right direction?


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 5:42:55 PM, on 12/9/2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16455)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
    C:\ProgramData\FLEXnet\Connect\11\agent.exe
    C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
    C:\Program Files (x86)\Cloudmark\Desktop\Service\cdswin.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files (x86)\Google\Google Talk\googletalk.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Users\Tommy\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Bho - {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ieShim.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: ShopAtHomeIEHelper - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (file missing)
    O2 - BHO: Download and Sa - {F5DC4535-D55A-B7DF-58D6-F9317C7209CA} - C:\ProgramData\Download and Sa\50a6be56978c3.ocx
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
    O3 - Toolbar: ShopAtHome.com Toolbar - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (file missing)
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart
    O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
    O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking12\Ereg.ini"
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
    O4 - HKCU\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Tommy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
    O4 - HKCU\..\Run: [Steam] "F:\Program Files (x86)\Steam\Steam.exe" -silent
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-1727603458-3655430775-3759167011-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
    O4 - HKUS\S-1-5-21-1727603458-3655430775-3759167011-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
    O4 - Global Startup: AutorunsDisabled
    O4 - Global Startup: Cloudmark DesktopOne.lnk = C:\Program Files (x86)\Cloudmark\Desktop\Service\cdswin.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
    O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://ec2-174-129-18-125.compute-1.amazonaws.com/intel-systeminfo-api/receivers/FMSI.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    O23 - Service: Dragon Service (DragonSvc) - Nuance Communications, Inc. - C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
    O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Unknown owner - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NMSAccess - Unknown owner - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.22\bin\httpd.exe
    O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 13723 bytes
     
    Last edited: Dec 9, 2012
  2. AfterDawn

    AfterDawn Advertisement

  3. 2oldGeek

    2oldGeek Regular member

    Joined:
    Jun 16, 2005
    Messages:
    3,104
    Likes Received:
    0
    Trophy Points:
    46
    Hi wheelstb,

    Had a fellow the other day with a fixed money pack virus and it left him a nasty little rootkit.

    Let’s see if you have the same problem…..
    Your HJT Log is not bad, just a few leftovers that are not harmful.


    Please download the TDSSKiller.exe by Kaspersky...
    http://www.bleepingcomputer.com/download/tdsskiller/dl/4/
    save it to your Desktop. <-Important!!!

    • Right-click on TDSSKiller.exe and select "Run as administrator" to run the tool for known TDSS variants.

    • Click the Start Scan button. Do not use the computer during the scan!

    • If the scan completes with nothing found, click Close to exit.

    • If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.

    o Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.


    Next:

    Download Emsisoft Emergency Kit from this page: http://www.emsisoft.com/en/software/eek/

    Once it's finished downloading, extract the contents from the zip file. Then double click on the file called "start" and open the "Emergency Kit Scanner". When prompted allow it to update the database. Once it's updated select the option to go "Back To Security Status". Then go to "Scan now" and select the option to perform a "Deep Scan". Once the scan is complete remove all detected items. Restart whenever required.

    Let me know the outcome…
    2oG
     
  4. JST1946

    JST1946 Regular member

    Joined:
    Jul 15, 2011
    Messages:
    901
    Likes Received:
    0
    Trophy Points:
    26
    I don't get anymore viruses since I installed Avast anti-virus.
     
  5. aldan

    aldan Regular member

    Joined:
    Mar 24, 2007
    Messages:
    1,239
    Likes Received:
    3
    Trophy Points:
    48
    dont rely too much on any one antivirus.prudence when surfing the net is your first line of defence.ive used avast in the past and gotten stung.i guess what im saying is that virus and malware defence relies on more than one defence.
     
  6. wheelstb

    wheelstb Regular member

    Joined:
    Jan 15, 2007
    Messages:
    531
    Likes Received:
    0
    Trophy Points:
    26
    I just switched to a vast antivirus and that's when the problem occurred. But I agree with Alden. The best defense is a layered approach. Every time I switch antivirus programs the new one always find something else that the other one was missing when you complete a scan.
     
  7. wheelstb

    wheelstb Regular member

    Joined:
    Jan 15, 2007
    Messages:
    531
    Likes Received:
    0
    Trophy Points:
    26

    Okay, I will definitely give you advice a try. First I want to read about it so I know exactly what I'm doing. I don't doubt you, I just like to take the opportunity to learn something. That's why I don't mind getting a virus in the first place because I always get to learn something during the removal. As long as the virus isn't catastrophic of course.

    I will write back letting everyone know how it goes.

    Thanks again.
     
  8. 2oldGeek

    2oldGeek Regular member

    Joined:
    Jun 16, 2005
    Messages:
    3,104
    Likes Received:
    0
    Trophy Points:
    46
    After working with computers for 50 yrs I feel my advice is sound.
    Good judgment comes from experience and experience comes from a lot of bad judgment. [​IMG]

    All kidding aside, ask anyone on here who knows my reputation, if you want your computer fixed, follow my advice.

    You can either do the things I ask, or not. Your choice. Your computer. Helping you is my choice, my time. If you didn’t know it, the pay on this site “SUCKS POUND WATER!” [​IMG]

    2oG
    That’s 2 not “Too”, old with a small “o” and Geek with a Capital “G”….
     
  9. wheelstb

    wheelstb Regular member

    Joined:
    Jan 15, 2007
    Messages:
    531
    Likes Received:
    0
    Trophy Points:
    26
    The Kaspersky root kit removal tool found one entry of a medium threat level. I did not see a cure option available so, I chose to copy the object to the quarantine. Then I reran the scan and deleted the object. I do not remember what it was called. It seems to have been part of a possibly necessary file because now when I boot the computer I receive an error message from Damon tools.


    Below I have posted the results for my emsisoft scan. It seems to me like Emisisoft is a remarkable anti-malware program. I ran several anti-malware programs all of them missed these issues. Can anyone explain to me what makes it so unique or remarkable? Just curious.

    Emsisoft Emergency Kit - Version 3.0
    Last update: 12/11/2012 5:52:58 PM

    Scan settings:

    Scan type: Deep Scan
    Objects: Rootkits, Memory, Traces, C:\, F:\, H:\

    Detect Riskware: Off
    Scan archives: On
    ADS Scan: On
    File extension filter: Off
    Advanced caching: On
    Direct disk access: Off

    Scan start: 12/11/2012 5:53:20 PM

    C:\Program Files (x86)\Rushmore Casino\ detected: Trace.File.RushmoreCasino (A)
    C:\Program Files (x86)\Rushmore Casino\_patch\ detected: Trace.File.RushmoreCasino (A)
    C:\Program Files (x86)\Rushmore Casino\fonts\ detected: Trace.File.RushmoreCasino (A)
    C:\Program Files (x86)\Rushmore Casino\installed\ detected: Trace.File.RushmoreCasino (A)
    C:\Program Files (x86)\Rushmore Casino\rsc\ detected: Trace.File.RushmoreCasino (A)
    C:\Program Files (x86)\Rushmore Casino\sounds\ detected: Trace.File.RushmoreCasino (A)
    C:\Program Files (x86)\Rushmore Casino\temp\ detected: Trace.File.RushmoreCasino (A)
    C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rushmore Casino\ detected: Trace.File.RushmoreCasino (A)
    C:\Program Files (x86)\Rushmore Casino\Rushmore Casino.ico detected: Trace.File.RushmoreCasino (A)
    C:\Program Files (x86)\Rushmore Casino\casino.dll detected: Trace.File.RushmoreCasino (A)
    C:\Program Files (x86)\Rushmore Casino\lobby.dll detected: Trace.File.RushmoreCasino (A)
    C:\Program Files (x86)\Rushmore Casino\casino.ico detected: Trace.File.RushmoreCasino (A)
    C:\Program Files (x86)\Rushmore Casino\casino.ini detected: Trace.File.RushmoreCasino (A)
    C:\Program Files (x86)\Rushmore Casino\lobby.ini detected: Trace.File.RushmoreCasino (A)
    C:\Users\Tommy\Desktop\Rushmore Casino.lnk detected: Trace.File.RushmoreCasino (A)
    C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rushmore Casino\Rushmore Casino.lnk detected: Trace.File.RushmoreCasino (A)
    Value: HKEY_CLASSES_ROOT\CLSID\{0AF8185C-26D7-4607-A005-7D586B750C38}\INPROCSERVER32 -> ThreadingModel detected: Trace.Registry.Blubster (A)
    Value: HKEY_CLASSES_ROOT\CLSID\{5BF31631-3D94-4267-B6F4-0CE18B008928}\INPROCSERVER32 -> ThreadingModel detected: Trace.Registry.Blubster (A)
    F:\Program Files (x86)\Microsoft Games\Fable III\paul.dll detected: Trojan.Generic.8197235 (B)
    H:\artisteer\use\2s\Linezer0.part01.rar -> Lz0\Keygen.exe detected: Gen:Variant.Minggy.2 (B)
    H:\artisteer\use\lzumma15.zip -> Linezer0.part01.rar -> Lz0\Keygen.exe detected: Gen:Variant.Minggy.2 (B)

    Scanned 709390
    Found 21
     
  10. wheelstb

    wheelstb Regular member

    Joined:
    Jan 15, 2007
    Messages:
    531
    Likes Received:
    0
    Trophy Points:
    26
    I trust your opinion. You have helped me a couple of times before. I hope I didn't offend you in that post. I wasn't questioning anything you were telling me I was simply trying to understand what you were telling me so that I can learn something instead of blindly following directions. Thank you for the help I really do appreciate it.
     
  11. 2oldGeek

    2oldGeek Regular member

    Joined:
    Jun 16, 2005
    Messages:
    3,104
    Likes Received:
    0
    Trophy Points:
    46
    Kaspersky has some false positives.. if you believe that is what you had you can restore it from quarantine..

    emsisoft is unique because it gets malware signatures from other malware companies. right now it has over 12 1/2 million signatures that it scans for.

    gotta go to work now will catch you later...

    2oG
     
  12. wheelstb

    wheelstb Regular member

    Joined:
    Jan 15, 2007
    Messages:
    531
    Likes Received:
    0
    Trophy Points:
    26
    Thank you for the help.

    I do have a couple of quick questions for you if you don't mind. I have been bouncing around between free antivirus and anti-spyware programs, I just can't seem to find any I like. What are your recommendations for free antivirus and anti-spyware?

    Thanks and I apologize again if I offended you earlier I did not mean to.
     
  13. 2oldGeek

    2oldGeek Regular member

    Joined:
    Jun 16, 2005
    Messages:
    3,104
    Likes Received:
    0
    Trophy Points:
    46
    Hey,wheels, I’m sorry if I sounded offended. I was NOT! I never get offended, but I try to tell it like it is without offending someone else…

    Your AV and ASW programs humm.. you must know that I don’t run in the same channel as everyone else and use scanning progs that most have never heard of.

    I believe in layered protection and being able to recover from a catastrophe in as little as 7 or 8 minutes. I very seldom get a virus that I didn’t knowingly download just to see what has to be done to defeat it. I know, but it’s very difficult to guide someone else on removing it.. I work 40+ hours a week and have little time for writing guides and trying to keep my bride happy.. lol

    I do think I will list what I am using and what I recommend so a few may learn from that… maybe soon, I hope.

    In the meantime, do this for me and I’ll help you get your machine in top shape.

    Please download and save SecurityCheck.exe to your Desktop from one of the links below.

    Link 1 http://www.bleepingcomputer.com/download/securitycheck/
    Link 2 http://screen317.spywareinfoforum.org/SecurityCheck.exe

    • Double-click SecurityCheck.exe then follow the on-screen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt

    Please post the contents of that document and a fresh HJT Log in your next reply.
    Also, tell me and try to describe any problems that you are having with your computer.
    I may ask for some more logs. I must rely on that in order to see into your computer.

    TNX,
    2oG
     
  14. wheelstb

    wheelstb Regular member

    Joined:
    Jan 15, 2007
    Messages:
    531
    Likes Received:
    0
    Trophy Points:
    26
    I will do that. Thank you for the help.
     
  15. Ripper

    Ripper Regular member

    Joined:
    Feb 20, 2006
    Messages:
    4,961
    Likes Received:
    8
    Trophy Points:
    48
    Who are you again? ;)

    My laptop runs Comodo Firewall (don't particularly rate Comodo 'Internet Security', which it's also a part of) and Avira antivirus, FWIW. Used to always go with avast! but ditched it for a reason that I no longer recall. HitmanPro is another similar to emsisoft, Malwarebytes etc.

    I wouldn't call them recommendations because I'm reasonably confident I would get by just fine without them, but you should be running an ad-blocker and a reasonable sense of web-awareness is definitely important.
     
  16. 2oldGeek

    2oldGeek Regular member

    Joined:
    Jun 16, 2005
    Messages:
    3,104
    Likes Received:
    0
    Trophy Points:
    46
    Gees, Ripper.. I’m glad you bit your tongue and didn’t tell what you know about me… LOL

    No.1 get a Router set it to a Secure DNS like Comodo Firewall has or I like Norton DNS

    2. use a safe browser like Firefox and use Adblock plus and maybe NoScript if you are knowledgable

    3. use an AV most are good enough some are just a little better check them out at AV Comparitives Avast is good has a sandbox and HIPS (I think)

    After those 3 things don’t worry about the rest………
     
  17. 2oldGeek

    2oldGeek Regular member

    Joined:
    Jun 16, 2005
    Messages:
    3,104
    Likes Received:
    0
    Trophy Points:
    46
    Sorry I didn’t give much info on the last post. Was really tired from a long day and my thinking cap wasn’t working…..

    Why use a router? And why is that my No.1 priority for blocking malware?

    Do you really need a router when you get a cable broadband Internet service?

    My answer, is always, "Yes!"

    Your cable company might tell you that you only need a router if you’re going to have a home network. Remember that these are the same people that used to tell us that we don’t need a firewall because they had one.

    You DO need a router, even if you only have one computer that you’re connecting.
    Think of it this way. Do you need a lock on your door?

    The router functions to lock the Internet away from your computer. If your computer asks for something from the Internet, it asks the router. The router asks the IP address on the Internet.
    The server at the other end can respond, and the router will know to which computer to route the response. But, no computer on the Internet side can INITIATE communications with your computer. In order to receive something you must request it.

    With a router your computer will not have an IP address on the Internet. Its address would be on the local home network (even if that network is nothing but one router and one computer). The WAN port of the router is the only thing that has exposure to the Internet.

    So, what’s the big protection if you’re already running a software firewall? The importance is that you simply are not accessible. Some of the Windows flaws have been such that Windows itself would be subverted before a firewall program ever had a chance to block an incoming connection. With a router, we prevent that incoming connection…

    Also, you will need something to keep you from clicking on and requesting an ad that has a Nasty under its belt… That is why, I recommend Adblock Plus so they will be blocked and not tempt you to click on them.


    You should also use a secure DNS service - I'll give more detail on that one later..


    What AntiVirus should I use?

    AV-Comparatives is a non-profit, independent, AV Testing Organization that test all AV’s the same way with NO hype.

    This is the November tests. Check it out:
    http://www.av-comparatives.org/images/docs/avc_fdt_201209_en.pdf

    They have a rating system that has 4 categories. 3 Stars = Advanced+, 2 Stars = Advanced, 1Star = Standard and no Star = just Tested and not up to an award.

    Why pay for an Antivirus, several Antivirus publishers offer a free version.
    e.g. Avira, Avast, AVG and Microsoft

    Avira is no.1 and Avast is no.10 in the Advanced+, 3 Star category.
    AVG and Microsoft are both in the Standard, 1 Star Category.

    I've been a user of free versions for many years.

    Generally speaking the detection engine and libraries are the same in FREE and Paid version.

    One glaring difference is that the FREE version is for HOME use only.

    Other than that, there ARE some differences in the paid version over the free version. All of which can be found on the respective websites of each product. They want you to know the difference so you are encouraged to buy the product.

    I recently found this about AVAST,... it appears they are bridging the gap between free and paid versions.

    I have been a big fan of Avira over the past years. I use the paid version of Malwarebytes with a real time scanner and have found it to be extremely efficient. The newest version of Avira has conflicts with MBAM and so I have been trying out and testing Avast. So far, I love it! Even the Free version has 8 different shields to block crapola….

    Chew on that and I’ll tell you what I use to keep from loosing my OS, Settings, Data and programs due to Malware or Drive failure….


    2oG
    Not 2 old 2 Geek I still know how to get rid of bugs..[​IMG]
     
  18. wheelstb

    wheelstb Regular member

    Joined:
    Jan 15, 2007
    Messages:
    531
    Likes Received:
    0
    Trophy Points:
    26
    Wow! Thank you for all of the information. I think it's going to take me a while to digest it all. Again, I appreciate the wealth of information you have presented me with because I always like to take any opportunity to learn as much as I can.

    I have usedAntivir as well and I like that quite a bit. I don't know why I decided to go with something else different this time.

    Since our last conversation my computer has been running increasingly slowly. Granted, I think it has been about three years since I have reformatted but I noticed that everything have been noticeably slower over the past couple of weeks.

    I have my hard drives automatically defragmented once a week using the Windows defragmentation tool.

    I have found nothing with any of the various malware scanning programs.

    Use the registry cleaning tool in CC cleaner. Surprisingly it has never reported that anything is needing to be fixed or out of place. That seems odd to me I would have expected it to come up with at least something, it has been several months since I have run it and I don't remember exactly what changes I have made the my computer during that time but I'm sure there is something that should have had an effect on the registry.

    Thanks for the help I appreciate it. Have a great holiday season.
     
  19. 2oldGeek

    2oldGeek Regular member

    Joined:
    Jun 16, 2005
    Messages:
    3,104
    Likes Received:
    0
    Trophy Points:
    46

    Hi wheels,

    I, and other Geeks, have found that; over time Windows Defrag will develop what we call “Bit Rot” and will become increasingly slower. There are several ways to correct this that are not as intrusive as a re-format/re-install.

    I will make notes in red italics so that you and anyone that follows this will know what and why I am doing what I call for…

    Let’s do a little looking and see if we can figure out just why you have slowed down…

    Please send me the Logs I request so that I’ll be able to look into your computer for some clues..

    First, let’s do a little Pre-Cleaning of any leftover unused files and Post the Logs so I can see what we need to do…

    Download and Run Temp File Cleaner (TFC.exe)
    This gets rid of unused Temp Files better than CCleaner.

    Download Temp File Cleaner and save it to your desktop.

    You might want to Save any unsaved work. TFC will close ALL open programs... including your browser!

    Double click to run it.
    If you have a lot of junk files to remove, it could take a while, so please be patient and let it finish.
    When it's done, it will report the total size of files removed. If it asks to Reboot, choose to do so. This will remove files that could not be removed while Windows was running.
    After Restart, log back in to your usual account.



    Junkware Removal Tool
    This will get rid of unnecessary files that may have been downloaded by not clicking the right box when downloading something else. Not always bad but usually unnecessary.

    1. Please download jrt.exe ... and save it to your desktop. Alternate download here.
    2. Please temporarily disable your security/protection software as found here, to avoid potential conflicts.
    3. If running Vista or Win7... right-click jrt.exe and select "Run as Administrator",
    otherwise just double click it.
    The tool will open and start scanning your system. Please be patient, it can take a while depending on your system.
    On completion, a log file JRT.txt is saved to your desktop and will automatically open.
    4. Please copy and paste the contents of JRT.txt and post in your next reply.



    Security Application Check:
    This will give me your Security and Hard drive (fragmentation) Status.

    Please download and save SecurityCheck.exe to your Desktop from one of the links below.

    Link 1 http://www.bleepingcomputer.com/download/securitycheck/
    Link 2 http://screen317.spywareinfoforum.org/SecurityCheck.exe
    • Double-click SecurityCheck.exe then follow the on-screen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt
    • Please post the contents of the checkup.txt in your next reply.



    Download and Run HijackThis.exe
    HJT has never been updated to a 64bit version but, if one knows its limitations, it is still a good tool.

    Download TrendMicro HijackThis.exe and save it to your desktop.
    • Double-click on HJTInstall.exe
    • Click on the Install button.
    • It will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe.
    • Upon install, HijackThis should open for you.
    • Click on the Main Menu button
    • Click on the Do a system scan and save a log file button
    • Hijackthis will scan and then a log will open in notepad.
    Copy and then paste the entire contents of the log in your next post.
    Do not have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.



    Make an uninstall list using HijackThis
    This will give me a list of the programs installed on your computer and which ones, if needed, can be uninstalled easily.

    To access the Uninstall Manager you would do the following:

    1. Start HijackThis
    2. Click on the Config button
    3. Click on the Misc Tools button
    4. Click on the Open Uninstall Manager button.
    5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in your next reply.



    Please post the HijackThis log, JRT Log, Checkup Log and Uninstall list in your next reply.

    That’s 4 Logs I need so that I can find any problems you may have that are slowing you down.

    TNX
    2OG
     
  20. wheelstb

    wheelstb Regular member

    Joined:
    Jan 15, 2007
    Messages:
    531
    Likes Received:
    0
    Trophy Points:
    26
    I have let my avast subscription expire, im going to go with antivir wich i will install tonight. that being said, here are mo logs. thanks again for the help.


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.2.8 (12.27.2012:2)
    OS: Windows 7 Home Premium x64
    Ran by Tommy on Thu 12/27/2012 at 19:51:36.90
    Blog: http://thisisudax.blogspot.com
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{98279c38-de4b-4bcf-93c9-8ec26069d6f4}



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] hkey_current_user\software\conduit
    Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
    Successfully deleted: [Registry Key] hkey_current_user\software\datamngr
    Successfully deleted: [Registry Key] hkey_current_user\software\softonic
    Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\searchqutoolbar
    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\searchqumediabar_rasapi32
    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\searchqumediabar_rasmancs
    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\setupdatamngr_searchqu_rasapi32
    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\setupdatamngr_searchqu_rasmancs
    Successfully deleted: [Registry Key] hkey_classes_root\clsid\{98279c38-de4b-4bcf-93c9-8ec26069d6f4}
    Successfully deleted: [Registry Key] hkey_classes_root\clsid\{99079a25-328f-4bd4-be04-00955acaa0a7}
    Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2406}
    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2406}
    Successfully deleted: [Registry Key] hkey_classes_root\clsid\{e8daaa30-6caa-4b58-9603-8e54238219e2}
    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{e8daaa30-6caa-4b58-9603-8e54238219e2}



    ~~~ Files

    Successfully deleted: [File] C:\eula.1028.txt
    Successfully deleted: [File] C:\eula.1031.txt
    Successfully deleted: [File] C:\eula.1033.txt
    Successfully deleted: [File] C:\eula.1036.txt
    Successfully deleted: [File] C:\eula.1040.txt
    Successfully deleted: [File] C:\eula.1041.txt
    Successfully deleted: [File] C:\eula.1042.txt
    Successfully deleted: [File] C:\eula.2052.txt
    Successfully deleted: [File] C:\install.res.1028.dll
    Successfully deleted: [File] C:\install.res.1031.dll
    Successfully deleted: [File] C:\install.res.1033.dll
    Successfully deleted: [File] C:\install.res.1036.dll
    Successfully deleted: [File] C:\install.res.1040.dll
    Successfully deleted: [File] C:\install.res.1041.dll
    Successfully deleted: [File] C:\install.res.1042.dll
    Successfully deleted: [File] C:\install.res.2052.dll
    Successfully deleted: [File] C:\install.res.3082.dll



    ~~~ Folders

    Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
    Successfully deleted: [Folder] "C:\ProgramData\download and sa"
    Successfully deleted: [Folder] "C:\ProgramData\installmate"
    Successfully deleted: [Folder] "C:\ProgramData\premium"
    Successfully deleted: [Folder] "C:\Users\Tommy\AppData\Roaming\opencandy"
    Successfully deleted: [Folder] "C:\Users\Tommy\appdata\locallow\datamngr"
    Successfully deleted: [Folder] "C:\Users\Tommy\appdata\locallow\searchquband"
    Successfully deleted: [Folder] "C:\Program Files (x86)\daemon tools toolbar"



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Thu 12/27/2012 at 19:58:18.63
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    when I try to run securitycheck, it says unsupported operating system and the program does not proceed any further. I am running Windows 7 64-bit which is supposed to be supported by the program.


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 8:17:21 PM, on 12/27/2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
    C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
    F:\Program Files (x86)\Steam\steam.exe
    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    C:\Program Files (x86)\Cloudmark\Desktop\Service\cdswin.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\ProgramData\FLEXnet\Connect\11\agent.exe
    C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
    C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files (x86)\Google\Google Talk\googletalk.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files (x86)\KnowBrainer2012\start.exe
    C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\natspeak.exe
    C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\dnsspserver.exe
    C:\Users\Tommy\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Bho - {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ieShim.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Download and Sa - {F5DC4535-D55A-B7DF-58D6-F9317C7209CA} - C:\ProgramData\Download and Sa\50a6be56978c3.ocx (file missing)
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart
    O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
    O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking12\Ereg.ini"
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
    O4 - HKCU\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Tommy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
    O4 - HKCU\..\Run: [Steam] "F:\Program Files (x86)\Steam\Steam.exe" -silent
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-1727603458-3655430775-3759167011-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
    O4 - HKUS\S-1-5-21-1727603458-3655430775-3759167011-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
    O4 - Global Startup: AutorunsDisabled
    O4 - Global Startup: Cloudmark DesktopOne.lnk = C:\Program Files (x86)\Cloudmark\Desktop\Service\cdswin.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
    O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://ec2-174-129-18-125.compute-1.amazonaws.com/intel-systeminfo-api/receivers/FMSI.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    O23 - Service: Dragon Service (DragonSvc) - Nuance Communications, Inc. - C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
    O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Unknown owner - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NMSAccess - Unknown owner - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.22\bin\httpd.exe
    O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 13467 bytes







    1Click DVD Copy Pro 4.0.6.2
    2007 Microsoft Office Suite Service Pack 2 (SP2)
    2007 Microsoft Office Suite Service Pack 2 (SP2)
    2007 Microsoft Office Suite Service Pack 2 (SP2)
    2007 Microsoft Office Suite Service Pack 2 (SP2)
    2007 Microsoft Office Suite Service Pack 2 (SP2)
    2007 Microsoft Office Suite Service Pack 2 (SP2)
    2007 Microsoft Office Suite Service Pack 2 (SP2)
    2007 Microsoft Office Suite Service Pack 2 (SP2)
    2007 Microsoft Office Suite Service Pack 2 (SP2)
    2007 Microsoft Office Suite Service Pack 2 (SP2)
    2007 Microsoft Office Suite Service Pack 2 (SP2)
    2007 Microsoft Office Suite Service Pack 2 (SP2)
    2007 Microsoft Office Suite Service Pack 2 (SP2)
    2007 Microsoft Office Suite Service Pack 2 (SP2)
    2007 Microsoft Office Suite Service Pack 2 (SP2)
    2007 Microsoft Office Suite Service Pack 2 (SP2)
    2007 Microsoft Office Suite Service Pack 2 (SP2)
    2007 Microsoft Office Suite Service Pack 2 (SP2)
    2007 Microsoft Office Suite Service Pack 2 (SP2)
    2007 Microsoft Office Suite Service Pack 2 (SP2)
    7-Zip 9.20
    Acrobat.com
    Acrobat.com
    Acronis True Image Home
    Adobe Community Help
    Adobe Community Help
    Adobe Creative Suite 5 Master Collection
    Adobe Download Assistant
    Adobe Download Assistant
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Media Player
    Adobe Media Player
    Adobe Reader 9.4.7
    Apple Application Support
    Apple Software Update
    Assassin's Creed II
    Audible Download Manager
    AudibleManager
    Auslogics Duplicate File Finder
    avast! Free Antivirus
    CDBurnerXP
    Cloudmark DesktopOne
    Comodo Dragon
    Company of Heroes
    CueCard (remove only)
    DAEMON Tools Lite
    DiRT 3
    DiRT 3
    Download and Sa
    Dragon NaturallySpeaking 12
    Driver San Francisco
    DVD Shrink 3.2
    Fable III
    Fable III
    Fable III
    Fraps
    Free NaturalReader
    Full Tilt Poker
    Futuremark SystemInfo
    Google Talk (remove only)
    Google Talk Plugin
    HijackThis 1.99.1
    HP Product Detection
    HP Update
    ImgBurn
    Java(TM) 6 Update 20
    Java(TM) 6 Update 21
    jMemorize
    KB2011
    Kernel EML Viewer ver 10.09.01
    KnowBrainer2012
    Malwarebytes Anti-Malware version 1.65.1.1000
    MediaMonkey 3.2
    Microsoft Games for Windows - LIVE
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Text-to-Speech Engine 4.0 (English)
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFCLOC_x86
    Minefield (3.7a5pre)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Need for Speed Most Wanted
    Need for Speed(TM) Hot Pursuit
    Need for Speed™ Carbon
    Need for Speed™ Most Wanted
    Need for Speed™ SHIFT
    Need for Speed™ The Run
    Nero 7 Premium
    neroxml
    NewsLeecher v5.0 Beta 15
    NHL® 09
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    OnLive
    OpenAL
    Origin
    PDF Settings CS5
    Portal 2
    Portal 2
    Prince of Persia The Forgotten Sands
    Prince of Persia® Las Arenas Olvidadas
    Pure
    PxMergeModule
    QuickPar 0.9
    QuickTime
    Rainlendar2 (remove only)
    Rapture3D 2.4.8 Game
    Rayman Origins
    ResumeMaker
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    SHIFT 2 UNLEASHED™
    ShopAtHome.com Toolbar
    Slice Audio File Splitter
    Sonic Adventure 2 (c) SEGA version 1
    Split/Second
    Spybot - Search & Destroy
    StarCraft II
    Steam
    SUPERAntiSpyware Free Edition
    Time Clock MTS V2.5.8
    TMPGEnc 4.0 XPress
    Tom Clancy's H.A.W.X
    Tom Clancy's H.A.W.X. 2
    TomTom HOME 2.8.3.2499
    TomTom HOME Visual Studio Merge Modules
    TuneUp 2.4.6.4
    Ubisoft Game Launcher
    Ultimate Spider-Man (TM)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Visual Studio 2008 x64 Redistributables
    VLC media player 1.1.9
    WampServer 2.2
    WavePad Sound Editor
    winLAME 2010 beta 1
    World in Conflict
    ZipALot (remove only)
     
  21. wheelstb

    wheelstb Regular member

    Joined:
    Jan 15, 2007
    Messages:
    531
    Likes Received:
    0
    Trophy Points:
    26
    I am also using the commando firewall. I haven't exactly figured out what commando Internet security is for. I am probably going to remove it. Like you I am also using and prefer avira free edition. I don't know why but it seems like I always keep coming back to avira, it seems to do a fairly decent job and is very un-invasive.


    I thought somebody above asked how many programs I am running. According to the processes tab in the task manager there are 73 processes running. I did just delete a bunch of programs.
     
    Last edited: Dec 28, 2012

Share This Page