Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


possible hijacker

  • This topic is locked This topic is locked
2 replies to this topic

#1 allman71


  • Members
  • 63 posts
  • Gender:Male
  • Location:Statesville, NC
  • Local time:06:29 AM

Posted 03 January 2010 - 06:46 PM

A friend brought me his computer saying that Best Buy said he had some type of hijacker that needed to be removed. I found one program (fun web products) and one adware (mywebsearch) that I removed. I ran hijack this and root repeal and I am including the logs. I don't know how to read these logs.

Please review the logs and advise me. Also, how can I learn how to understand these reports?


Logfile of random's system information tool 1.06 (written by random/random)
Run by Tracy at 2010-01-04 09:39:53
This is a scan I did in regular mode instead of safe mode. Is there anything I should be concerned about?

Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 381 GB (82%) free of 467 GB
Total RAM: 3060 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:39:55 AM, on 1/4/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:Program FilesDell Support Centerbinsprtcmd.exe
C:Program FilesAlwil SoftwareAvast4ashDisp.exe
C:Program FilesWindows Media Playerwmpnscfg.exe
C:Program FilesSpybot - Search & DestroyTeaTimer.exe
C:Program FilesWindows DefenderMSASCui.exe
C:Program FilesTrend MicroHijackThisTracy.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://att.my.yahoo.com/?_bc=1
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Internet Explorer provided by Dell
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:Program FilesSpybot - Search & DestroySDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_04binssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier5.4.4525.1752swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:Program FilesDellBAEBAE.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:Program FilesHPDigital ImagingSmart Web Printinghpswp_BHO.dll
O4 - HKLM..Run: [WPCUMI] C:Windowssystem32WpcUmi.exe
O4 - HKLM..Run: [dellsupportcenter] "C:Program FilesDell Support Centerbinsprtcmd.exe" /P dellsupportcenter
O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKCU..Run: [ehTray.exe] C:WindowsehomeehTray.exe
O4 - HKCU..Run: [WMPNSCFG] C:Program FilesWindows Media PlayerWMPNSCFG.exe
O4 - HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot - Search & DestroyTeaTimer.exe
O4 - HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_04binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_04binssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~3Office12REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:Program FilesHPDigital ImagingSmart Web Printinghpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:Program FilesSpybot - Search & DestroySDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:Program FilesSpybot - Search & DestroySDHelper.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32wpclsp.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32wpclsp.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32wpclsp.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32wpclsp.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32wpclsp.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32wpclsp.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32wpclsp.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32wpclsp.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://intel-drv-cdn.systemrequirementslab...reqlab_srlx.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:Windowssystem32AERTSrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:Program FilesMicro InnovationsMultimedia Keyboard DriverKMWDSrv.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:Program FilesCommon FilesSymantec SharedccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:Program FilesCommon FilesMotiveMcciCMService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:Program FilesSpybot - Search & DestroySDWinSec.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:Program FilesDell Support Centerbinsprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:Program FilesCommon FilesSureThing Sharedstllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:Windowssystem32DRIVERSxaudio.exe

End of file - 6909 bytes

======Scheduled tasks folder======

C:WindowstasksGoogle Software Updater.job

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:Program FilesSpybot - Search & DestroySDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:Program FilesJavajre1.6.0_04binssv.dll [2007-12-14 509328]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:Program FilesGoogleGoogleToolbarNotifier5.4.4525.1752swg.dll [2009-12-26 764912]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:Program FilesDellBAEBAE.dll [2006-11-09 98304]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:Program FilesHPDigital ImagingSmart Web Printinghpswp_BHO.dll [2008-06-27 505136]

"WPCUMI"=C:Windowssystem32WpcUmi.exe [2006-11-02 176128]
"dellsupportcenter"=C:Program FilesDell Support Centerbinsprtcmd.exe [2009-05-21 206064]
"avast!"=C:PROGRA~1ALWILS~1Avast4ashDisp.exe [2009-11-24 81000]

"ehTray.exe"=C:WindowsehomeehTray.exe [2008-01-20 125952]
"WMPNSCFG"=C:Program FilesWindows Media PlayerWMPNSCFG.exe [2008-01-20 202240]
"SpybotSD TeaTimer"=C:Program FilesSpybot - Search & DestroyTeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe ARM]
C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe [2009-09-04 935288]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe Reader Speed Launcher]
C:Program FilesAdobeReader 9.0ReaderReader_sl.exe [2009-10-03 35696]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregdellsupportcenter]
C:Program FilesDell Support Centerbinsprtcmd.exe [2009-05-21 206064]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregdscactivate]
C:Program FilesDell Support Centergs_agentcustomdsca.exe [2008-02-13 16384]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregFlashPlayerUpdate]
C:Windowssystem32MacromedFlashFlashUtil10c.exe [2009-07-17 257440]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregGoogle Update]
C:UsersTracyAppDataLocalGoogleUpdateGoogleUpdate.exe /c []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregHotKeysCmds]
C:Windowssystem32hkcmd.exe [2008-02-11 166424]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregIgfxTray]
C:Windowssystem32igfxtray.exe [2008-02-11 141848]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregISTray]
C:Program FilesSpyware DoctorpctsTray.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMalwarebytes Anti-Malware (reboot)]
C:Program FilesMalwarebytes' Anti-Malwarembam.exe [2009-12-30 1389904]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMotiveReportAgent]
C:Program FilesCommon FilesMotiveMcciBootStrapper.exe [2004-06-25 204800]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPersistence]
C:Windowssystem32igfxpers.exe [2008-02-11 133656]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRtHDVCpl]
C:WindowsRtHDVCpl.exe [2008-01-17 4907008]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWMPNSCFG]
C:Program FilesWindows Media PlayerWMPNSCFG.exe [2008-01-20 202240]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyigfxcui]
C:Windowssystem32igfxdev.dll [2008-02-11 204800]









"C:Program FilesYahoo!Yahoo! Music JukeboxYahooMusicEngine.exe"="C:Program FilesYahoo!Yahoo! Music JukeboxYahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox"


shellAutoRuncommand - J:Autorun.exe /run
shellShell00command - J:Autorun.exe /run
shellShell01command - J:Autorun.exe /action
shellShell02command - J:Autorun.exe /uninstall

shellAutoRuncommand - J:setupSNK.exe

shellAutoRuncommand - K:LaunchU3.exe -a

shellAutoRuncommand - J:LaunchU3.exe -a

======File associations======

.js - edit - C:WindowsSystem32Notepad.exe %1
.js - open - C:WindowsSystem32WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-01-04 09:39:53 ----D---- C:rsit
2010-01-03 18:28:21 ----A---- C:RootRepeal report 01-03-10 (18-28-21).txt
2010-01-03 15:58:51 ----A---- C:Windowsntbtlog.txt
2010-01-03 15:15:19 ----D---- C:ProgramDataSpybot - Search & Destroy
2010-01-03 15:15:19 ----D---- C:Program FilesSpybot - Search & Destroy
2010-01-02 21:58:54 ----A---- C:Windowssystem32aswBoot.exe
2010-01-02 21:58:52 ----D---- C:Program FilesAlwil Software
2010-01-02 21:50:39 ----D---- C:Program FilesTrend Micro
2010-01-02 08:46:26 ----D---- C:ProgramDataGeek Squad
2010-01-01 19:16:35 ----D---- C:UsersTracyAppDataRoamingWebroot
2009-12-14 06:30:43 ----D---- C:UsersTracyAppDataRoamingU3
2009-12-09 03:01:19 ----A---- C:Windowssystem32nshhttp.dll
2009-12-09 03:01:18 ----A---- C:Windowssystem32httpapi.dll
2009-12-08 23:27:46 ----A---- C:Windowssystem32winhttp.dll
2009-12-08 23:27:37 ----A---- C:Windowssystem32mshtml.dll
2009-12-08 23:27:36 ----A---- C:Windowssystem32wininet.dll
2009-12-08 23:27:36 ----A---- C:Windowssystem32urlmon.dll
2009-12-08 23:27:36 ----A---- C:Windowssystem32occache.dll
2009-12-08 23:27:36 ----A---- C:Windowssystem32msfeeds.dll
2009-12-08 23:27:36 ----A---- C:Windowssystem32iertutil.dll
2009-12-08 23:27:36 ----A---- C:Windowssystem32ieframe.dll
2009-12-08 23:27:36 ----A---- C:Windowssystem32iedkcs32.dll
2009-12-08 23:27:35 ----A---- C:Windowssystem32msfeedssync.exe
2009-12-08 23:27:35 ----A---- C:Windowssystem32msfeedsbs.dll
2009-12-08 23:27:35 ----A---- C:Windowssystem32jsproxy.dll
2009-12-08 23:27:35 ----A---- C:Windowssystem32ieUnatt.exe
2009-12-08 23:27:35 ----A---- C:Windowssystem32ieui.dll
2009-12-08 23:27:35 ----A---- C:Windowssystem32iesysprep.dll
2009-12-08 23:27:35 ----A---- C:Windowssystem32iesetup.dll
2009-12-08 23:27:35 ----A---- C:Windowssystem32iernonce.dll
2009-12-08 23:27:35 ----A---- C:Windowssystem32iepeers.dll
2009-12-08 23:27:35 ----A---- C:Windowssystem32ie4uinit.exe
2009-12-08 23:23:25 ----A---- C:Windowssystem32rastls.dll

======List of files/folders modified in the last 1 months======

2010-01-04 09:39:55 ----D---- C:WindowsPrefetch
2010-01-04 09:39:49 ----D---- C:WindowsTemp
2010-01-04 09:06:34 ----SHD---- C:System Volume Information
2010-01-04 08:46:06 ----D---- C:WindowsSystem32
2010-01-04 08:46:06 ----D---- C:Windowsinf
2010-01-04 08:46:06 ----A---- C:Windowssystem32PerfStringBackup.INI
2010-01-04 08:43:11 ----D---- C:WindowsTasks
2010-01-03 18:19:41 ----D---- C:Windowssystem32drivers
2010-01-03 15:58:51 ----D---- C:Windows
2010-01-03 15:52:48 ----D---- C:Windowssystem32catroot2
2010-01-03 15:46:29 ----SD---- C:WindowsDownloaded Program Files
2010-01-03 15:15:19 ----RD---- C:Program Files
2010-01-03 15:15:19 ----HD---- C:ProgramData
2010-01-02 21:09:06 ----D---- C:Program FilesMalwarebytes' Anti-Malware
2010-01-02 19:52:52 ----D---- C:WindowsDebug
2010-01-02 19:50:37 ----SHD---- C:$Recycle.Bin
2009-12-31 21:31:02 ----SD---- C:UsersTracyAppDataRoamingMicrosoft
2009-12-26 16:51:40 ----RD---- C:Users
2009-12-09 03:34:11 ----D---- C:Windowsrescache
2009-12-09 03:29:29 ----D---- C:Windowswinsxs
2009-12-09 03:19:24 ----D---- C:Windowssystem32catroot
2009-12-09 03:17:26 ----D---- C:Windowssystem32migration
2009-12-09 03:17:26 ----D---- C:Windowssystem32en-US
2009-12-09 03:17:26 ----D---- C:Program FilesWindows Mail
2009-12-09 03:17:26 ----D---- C:Program FilesInternet Explorer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:Windowssystem32driversaswRdr.sys [2009-11-24 23120]
R1 aswSP;avast! Self Protection; C:Windowssystem32driversaswSP.sys [2009-11-24 114768]
R1 aswTdi;avast! Network Shield Support; C:Windowssystem32driversaswTdi.sys [2009-11-24 48560]
R2 aswFsBlk;aswFsBlk; C:Windowssystem32DRIVERSaswFsBlk.sys [2009-11-24 20560]
R2 aswMonFlt;aswMonFlt; C:Windowssystem32DRIVERSaswMonFlt.sys [2009-11-24 53328]
R2 mdmxsdk;mdmxsdk; C:Windowssystem32DRIVERSmdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:Windowssystem32DRIVERSxaudio.sys [2006-08-04 8192]
R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:Windowssystem32DRIVERSe1e6032.sys [2007-04-29 228224]
R3 HSF_DPV;HSF_DPV; C:Windowssystem32DRIVERSHSX_DPV.sys [2006-10-18 986624]
R3 HSXHWBS2;HSXHWBS2; C:Windowssystem32DRIVERSHSXHWBS2.sys [2006-10-18 258048]
R3 igfx;igfx; C:Windowssystem32DRIVERSigdkmd32.sys [2008-02-11 2302976]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:Windowssystem32driversRTKVHDA.sys [2008-01-24 2054872]
R3 winachsf;winachsf; C:Windowssystem32DRIVERSHSX_CNXT.sys [2006-10-18 659968]
R3 WUDFRd;WUDFRd; C:Windowssystem32DRIVERSWUDFRd.sys [2008-01-20 83328]
S1 ASPI32;ASPI32; C:Windowssystem32driversASPI32.sys [2002-07-17 84832]
S3 ASPI;Advanced SCSI Programming Interface Driver; ??C:WindowsSystem32DRIVERSASPI32.sys [2002-07-17 84832]
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver; ??C:Windowssystem32driversBVRPMPR5.SYS [2008-04-03 49904]
S3 DNIMp50;DNIMp50 NDIS Protocol Driver; C:WindowsSystem32DriversDNIMp50.sys [2006-11-16 21504]
S3 DNISp50;DNISp50 NDIS Protocol Driver; C:WindowsSystem32DriversDNISp50.sys [2006-11-16 20480]
S3 Dot4;MS IEEE-1284.4 Driver; C:Windowssystem32DRIVERSDot4.sys [2008-01-20 131584]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:Windowssystem32DRIVERSDot4Prt.sys [2008-01-20 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:Windowssystem32DRIVERSdot4usb.sys [2008-01-20 36864]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:Windowssystem32driversdrmkaud.sys [2008-01-20 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:Windowssystem32driversHdAudio.sys [2009-04-10 236544]
S3 KMWDFilter;KMWDFilter; ??C:WindowsSystem32DriversKMWDFilter.SYS [2007-03-29 17024]
S3 MREMP50;MREMP50 NDIS Protocol Driver; ??C:PROGRA~1COMMON~1MotiveMREMP50.SYS [2009-08-14 21248]
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; ??C:PROGRA~1COMMON~1MotiveMREMPR5.SYS [2004-11-22 19345]
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; ??C:PROGRA~1COMMON~1MotiveMRENDIS5.SYS [2004-11-22 18003]
S3 MRESP50;MRESP50 NDIS Protocol Driver; ??C:PROGRA~1COMMON~1MotiveMRESP50.SYS [2009-08-14 20096]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:Windowssystem32driversMSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:Windowssystem32driversMSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:Windowssystem32driversMSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:Windowssystem32driversMSTEE.sys [2008-01-20 6016]
S3 R300;R300; C:Windowssystem32DRIVERSatikmdag.sys [2006-11-02 2028032]
S3 rt70x86;Belkin Wireless G USB Network Adapter Driver for Vista; C:Windowssystem32DRIVERSnetr70.sys [2007-10-09 291840]
S3 usbscan;USB Scanner Driver; C:Windowssystem32DRIVERSusbscan.sys [2008-01-20 35328]
S3 WpdUsb;WpdUsb; C:Windowssystem32DRIVERSwpdusb.sys [2009-09-30 40448]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:Windowssystem32driverserrdev.sys [2008-01-20 6656]
S4 iaStor;Intel AHCI Controller; C:Windowssystem32driversiastor.sys [2007-04-26 304920]
S4 MegaSR;MegaSR; C:Windowssystem32driversmegasr.sys [2008-01-20 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:Windowssystem32driverswmiacpi.sys [2008-01-20 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AERTFilters;Andrea RT Filters Service; C:Windowssystem32AERTSrv.exe [2007-12-05 77824]
R2 aswUpdSv;avast! iAVS4 Control Service; C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe [2009-11-24 18752]
R2 avast! Antivirus;avast! Antivirus; C:Program FilesAlwil SoftwareAvast4ashServ.exe [2009-11-24 138680]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:Windowssystem32svchost.exe [2008-01-20 21504]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service; C:Program FilesMicro InnovationsMultimedia Keyboard DriverKMWDSrv.exe [2007-06-08 208896]
R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe [2008-01-29 583048]
R2 McciCMService;McciCMService; C:Program FilesCommon FilesMotiveMcciCMService.exe [2009-08-14 319488]
R2 Net Driver HPZ12;Net Driver HPZ12; C:WindowsSystem32svchost.exe [2008-01-20 21504]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:WindowsSystem32svchost.exe [2008-01-20 21504]
R2 SBSDWSCService;SBSD Security Center Service; C:Program FilesSpybot - Search & DestroySDWinSec.exe [2009-01-26 1153368]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:Program FilesDell Support Centerbinsprtsvc.exe [2008-08-13 201968]
R2 XAudioService;XAudioService; C:Windowssystem32DRIVERSxaudio.exe [2006-08-04 386560]
R3 avast! Mail Scanner;avast! Mail Scanner; C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe [2009-11-24 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:Program FilesAlwil SoftwareAvast4ashWebSv.exe [2009-11-24 352920]
R3 hpqcxs08;hpqcxs08; C:Windowssystem32svchost.exe [2008-01-20 21504]
S2 gusvc;Google Software Updater; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2009-07-22 190448]
S2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:Program FilesCommon FilesSymantec SharedccSvcHst.exe /h ccCommon []
S3 FontCache;@%systemroot%system32FntCache.dll,-100; C:Windowssystem32svchost.exe [2008-01-20 21504]
S3 NtmsSvc;@%SystemRoot%system32ntmssvc.dll,-2; C:Windowssystem32svchost.exe [2008-01-20 21504]
S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
S3 stllssvr;stllssvr; C:Program FilesCommon FilesSureThing Sharedstllssvr.exe [2007-12-02 74384]


While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large, as are other comparable sites that help others with malware issues. Athough our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, you wouldn't want someone to assist you who is not familiar with your issue and attempt to fix it, would you?

Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible.

Thank you for understanding.

Attached Files

Edited by garmanma, 04 January 2010 - 09:58 PM.

BC AdBot (Login to Remove)


#2 myrti



  • Malware Study Hall Admin
  • 33,784 posts
  • Gender:Female
  • Location:At home
  • Local time:01:29 PM

Posted 11 January 2010 - 07:11 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!


Follow BleepingComputer on: Facebook | Twitter | Google+

#3 myrti



  • Malware Study Hall Admin
  • 33,784 posts
  • Gender:Female
  • Location:At home
  • Local time:01:29 PM

Posted 17 January 2010 - 02:09 PM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!


Follow BleepingComputer on: Facebook | Twitter | Google+

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users