Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.



Windows 7: Hijack this log

29 Nov 2010   #1

Windows 7 Ultimate X86(32 Bit)
 
 
Hijack this log

Hi i Was Told to do a hijack this scan to see what was causing my ie pop up problem eventhough im using fire fox. judt wondering if any of you can tell me what needs deleting and fixing.

Heres My Log

Code:
 
Logfile of HijackThis v1.99.1
Scan saved at 16:32:47, on 29/11/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
 
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Avast\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\HijackThis\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN by HP Notebook
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN by HP Notebook
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN by HP Notebook
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN by HP Notebook
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -  C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer -  {3049C3E9-B461-4BC5-8870-4C09146192CA} -  C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -  C:\Program Files\Microsoft\Search Enhancement Pack\Search  Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper -  {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common  Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper -  {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows  Live\Companion\companioncore.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\HyperCam Toolbar\tbcore3.dll
O3 - Toolbar: HyperCam Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Google Update] "C:\Users\Sam\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [{C9ABE953-83B1-4EBD-8EF9-C48F9B13B501}] rundll32  "C:\Users\Sam\AppData\Local\Temp\{C9ABE953-83B1-4EBD-8EF9-C48F9B13B501}\1f88.dll",DllGetClassObject  secret 18530
O4 - HKCU\..\Run: [{BB89FCA9-375A-4BA5-A6AA-01A88E10EED6}] rundll32  "C:\Users\Sam\AppData\Local\Temp\{BB89FCA9-375A-4BA5-A6AA-01A88E10EED6}\266d.dll",DllGetClassObject  secret 40941
O4 - Startup: BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send image to &Bluetooth Device... -  C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... -  C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files\Windows  Live\Companion\companionlang.dll,-600 -  {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows  Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows  Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 -  {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows  Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows  Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 -  {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows  Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote -  {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft  Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote -  {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft  Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes -  {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft  Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes -  {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft  Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth  Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} -  C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth  Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} -  C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix: 
O17 - HKLM\System\CCS\Services\Tcpip\..\{4F2FB71C-B7E0-4AB7-B721-F79D6A4DB14F}: NameServer = 10.206.65.68 10.206.65.68
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  C:\Users\Sam\AppData\Local\Microsoft\Windows  Sidebar\Gadgets\SkypeGadget1.3.gadget\wrapper\Skype4COM.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} -  C:\Program Files\Windows Live\Photo  Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} -  C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: mmcres.dll bootsvc.dll
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. -  C:\Program Files\Common Files\ArcSoft\Connection  Service\Bin\ACService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea  Electronics Corporation -  C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program  Files\Common Files\Apple\Mobile Device  Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Avast\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Avast\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. -  C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: CrossLoop Service (CrossLoopService) - Unknown owner -  C:\Users\Sam\AppData\Local\CrossLoop\CrossLoopService.exe" --service  (file missing)
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\SPLASH.SYS\config\DVMExportService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel  Corporation - C:\Program Files\Intel\Intel Matrix Storage  Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Media Center Support Service (Jasmio.MediaCenter.Service)  - Unknown owner - C:\Program Files\Jasmio\Media Center Support  Service\Jasmio.MediaCenter.Service.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) -  Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. -  C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\STacSV.exe
O23 - Service: TightVNC Server (tvnserver) - Unknown owner -  C:\Users\Sam\AppData\Local\CrossLoop\tvnserver.exe" -service (file  missing)
O23 - Service: Vodafone Mobile Broadband Service (VmbService) - Vodafone  - C:\Program Files\Vodafone\Vodafone Mobile  Broadband\Bin\VmbService.exe
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101  (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media  Player\wmpnetwk.exe (file missing)
Thanks to those who help

My System SpecsSystem Spec
29 Nov 2010   #2

WDS 7 Home Pre.x64
 
 

Look at this ....and decide for yourself ..
If it says "Nasty" .....you should take it out .
I also include the site so you can do it next time .
http://www.hijackthis.de/en
Good luck.


Code:
 
C:\Windows\system32\Dwm.exe
 
 
Very safe
 
This entry was classified from our visitors as good.
 
C:\Windows\Explorer.EXE
 
 
Very safe
 
This entry was classified from our visitors as good.
 
C:\Windows\System32\igfxtray.exe
 
 
Safe
 
This entry was classified from our visitors as good.
 
C:\Windows\System32\hkcmd.exe
 
 
Safe
 
This entry was classified from our visitors as good.
 
C:\Windows\System32\igfxpers.exe
 
 
Safe
 
This entry was classified from our visitors as good.
 
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
 
Very safe
 
This entry was classified from our visitors as good.
 
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
 
 
Very safe
 
Intel IAA RAID Event Monitor
 
C:\Program Files\IDT\WDM\sttray.exe
 
 
Safe
 
Possibly nasty! According to our database this process runs normally in c:\windows\! Check if you know this process and arrange a viruscheck where required. This entry was classified from our visitors as good.
 
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
 
 
Safe
 
Hewlett-Packard Quick Launch Buttons
 
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
 
 
Very safe
Safe (4.12 / 5.00)
 
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
 
 
Safe
This is a unknown process.
This entry was classified from our visitors as good.
 
C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
 
 
Safe
 
Part of Hewlett-Packard
 
C:\Program Files\Common Files\Java\Java Update\jusched.exe
 
 
Safe
 
Possibly nasty! According to our database this process runs normally in c:\programme\java\.*\bin\! Check if you know this process and arrange a viruscheck where required. This entry was classified from our visitors as good.
 
C:\Program Files\iTunes\iTunesHelper.exe
 
 
Safe
Not dangerous, but unnecessary.
This entry was classified from our visitors as good.
 
C:\Program Files\Real\RealPlayer\Update\realsched.exe
 
 
 
Possibly nasty! According to our database this process runs normally in c:\programme\gemeinsame dateien\real\update_ob\! Check if you know this process and arrange a viruscheck where required. Checks for updates for RealPlayer
 
C:\Program Files\Avast\AvastUI.exe
 
 
Safe (4.54 / 5.00)
 
C:\Program Files\Windows Sidebar\sidebar.exe
 
 
Very safe
 
This entry was classified from our visitors as good.
 
C:\Windows\system32\igfxsrvc.exe
 
 
Very safe
 
Intel Common User Interface
 
C:\Program Files\Skype\Phone\Skype.exe
 
 
Safe
 
This entry was classified from our visitors as good.
 
C:\Program Files\RocketDock\RocketDock.exe
 
 
Very safe
 
This entry was classified from our visitors as good.
 
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
 
 
Very safe
 
Bluetooth Software
 
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
 
 
Safe (4.36 / 5.00)
 
C:\Program Files\Mozilla Firefox\firefox.exe
 
 
Very safe
 
This entry was classified from our visitors as good.
 
C:\Program Files\Internet Explorer\iexplore.exe
 
 
Safe
 
This entry was classified from our visitors as good.
 
C:\Program Files\Internet Explorer\iexplore.exe
 
 
Safe
 
This entry was classified from our visitors as good.
 
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
 
 
Neutral
Safe (3.79 / 5.00)
 
C:\Program Files\Windows Live\Mail\wlmail.exe
 
 
Safe
 
Possibly nasty! According to our database this process runs normally in c:\programme\windows live mail desktop\! Check if you know this process and arrange a viruscheck where required. This entry was classified from our visitors as good.
 
C:\Program Files\Mozilla Firefox\plugin-container.exe
 
 
Very safe
This is a unknown process.
This entry was classified from our visitors as good.
 
C:\Program Files\Windows Live\Contacts\wlcomm.exe
 
 
Safe
Safe (4.36 / 5.00)
 
C:\Windows\system32\rundll32.exe
 
 
Neutral
 
RUNDLL32 is the Microsoft Windows program that loads DLLs into memory so that they can be used by specific programs or by Windows.
 
C:\Windows\system32\rundll32.exe
 
 
Neutral
 
RUNDLL32 is the Microsoft Windows program that loads DLLs into memory so that they can be used by specific programs or by Windows.
 
C:\Program Files\Internet Explorer\iexplore.exe
 
 
Safe
 
This entry was classified from our visitors as good.
 
C:\Windows\system32\rundll32.exe
 
 
Neutral
 
RUNDLL32 is the Microsoft Windows program that loads DLLs into memory so that they can be used by specific programs or by Windows.
 
C:\Program Files\HijackThis\HijackThis.exe
 
 
Safe
Remember that Hijackthis must be run in an own folder. Only if Hijackthis run in an own folder it will create backups! This entry was classified from our visitors as good.
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN by HP Notebook
 
 
This page has been identified as safe.
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
 
 
This page has been identified as safe.
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN by HP Notebook
 
 
This page has been identified as safe.
 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN by HP Notebook
 
 
This page has been identified as safe.
 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
 
 
This page has been identified as safe.
 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
 
 
This page has been identified as safe.
 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN by HP Notebook
 
 
This page has been identified as safe.
 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
 
 
Safe
This entry was classified from our visitors as good.
 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
 
 
Safe
This entry was classified from our visitors as good.
 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
 
 
Safe
If you do not know the entry '*.local', delete it. This entry was classified from our visitors as good.
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
 
 
Safe
This entry was classified from our visitors as good.
 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
 
 
Safe
Unknown application. This entry was classified from our visitors as good.
 
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
 
 
Very safe
rpbrowserrecordplugin.dll - RealPlayer, SuperPass - Premium Audio & Video Programming page=404__404_index.html
 
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
 
 
Very safe
Windows Live Toolbar beta Search Enhancement Pack
 
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
 
 
WindowsLiveLogin.dll - Microsoft Windows_Live, Windows Live Essentials 2011 - Download free Microsoft programs
 
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
 
 
Safe (3.86 / 5.00)
 
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL
 
 
Safe
Safe (4.17 / 5.00)
 
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
 
 
Very safe
jp2ssv.dll - Sun_Java, http://java.sun.com/javase/downloads/ind ex.jsp browser plugin
 
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\HyperCam Toolbar\tbcore3.dll
 
 
Very safe
toolbar.dll, toolbarU.dl_ - Pugi/Softomate, http://doxdesk.com/parasite/Pugi.html toolbar variant. Occasionally a Softomate toolbar will be installed by a legitimate application, but most often they're installed by various non-legitimate means and in
 
O3 - Toolbar: HyperCam Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll
 
 
Safe (4.17 / 5.00)
 
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
 
 
Neutral
Not dangerous, but unnecessary. Quick access to the control panel via a System Tray icon for graphics based upon the Intel chipsets (ie, i810). These chipsets are often included on motherboards. Available via Start -> Settings -> Control Panel
 
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
 
 
Neutral
Application that implements the Intel Hotkey command.
 
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
 
 
Safe
Intel Common User Interface Module
 
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
 
 
Safe
 
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
 
 
Very safe
IAA Event Monitor User Notification Tool - part of Intel® Application Accelerator - "a performance software package for desktop PCs using select Intel® chipsets" that "replaces the ATA drivers that come with Windows with drivers optimized for desktop and mobile PCs." If you use the RAID version it\'s required to notify you if a RAID 1 disk has failed
 
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
 
 
Safe (3.8 / 5.00)
 
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
 
 
Safe
HP Quick Launch Buttons
 
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
 
 
Safe
Not dangerous, but unnecessary. This entry was classified from our visitors as good.
 
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
 
 
Safe
Safe (4.12 / 5.00)
 
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
 
 
Very safe
Not dangerous, but unnecessary. HP software updates. If a shortcut doesn't exist
 
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
 
 
Very safe
Java von Sun
 
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
 
 
Safe
Safe (4 / 5.00)
 
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
 
 
Very safe
Not dangerous, but unnecessary. System Tray access to Apple's "Quick Time" viewer from version 5 onwards
 
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
 
 
Safe
Not dangerous, but unnecessary. This entry was classified from our visitors as good.
 
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
 
 
Part of RealPlayer
 
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Avast\avastUI.exe" /nogui
 
 
Safe (4.03 / 5.00)
 
O4 - HKCU\..\Run: [Google Update] "C:\Users\Sam\AppData\Local\Google\Update\GoogleUpdate.exe" /c
 
 
Safe (3.64 / 5.00)
 
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
 
 
Safe
This entry was classified from our visitors as good.
 
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
 
 
Safe
Not dangerous, but unnecessary. This entry was classified from our visitors as good.
 
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
 
 
Safe
This entry was classified from our visitors as good.
 
O4 - HKCU\..\Run: [{C9ABE953-83B1-4EBD-8EF9-C48F9B13B501}] rundll32 "C:\Users\Sam\AppData\Local\Temp\{C9ABE953-83B1-4EBD-8EF9-C48F9B13B501}\1f88.dll ",DllGetClassObject secret 18530
 
 
Neutral (3.1 / 5.00)
 
O4 - HKCU\..\Run: [{BB89FCA9-375A-4BA5-A6AA-01A88E10EED6}] rundll32 "C:\Users\Sam\AppData\Local\Temp\{BB89FCA9-375A-4BA5-A6AA-01A88E10EED6}\266d.dll ",DllGetClassObject secret 40941
 
 
Neutral (3.1 / 5.00)
 
O4 - Startup: BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
 
 
Very safe
Safe (4.71 / 5.00)
 
O4 - Global Startup: Bluetooth.lnk = ?
 
 
Safe
Unknown application.
The entry is unnecessary and can be fixed. This entry was classified from our visitors as good.
 
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000
 
 
The entry E&xport to Microsoft Excel has been identified as safe.
 
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105
 
 
Safe (4.17 / 5.00)
 
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
 
 
Very safe
The entry Send image to &Bluetooth Device... has been identified as safe.
 
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
 
 
The entry Send page to &Bluetooth Device... has been identified as safe.
 
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
 
 
Safe (4.23 / 5.00)
 
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
 
 
The entry @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll, has been identified as safe.
 
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
 
 
The entry @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll, has been identified as safe.
 
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
 
 
The entry Send to OneNote has been identified as safe.
 
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
 
 
The entry Se&nd to OneNote has been identified as safe.
 
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
 
 
The entry OneNote Lin&ked Notes has been identified as safe.
 
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
 
 
The entry OneNote Lin&ked Notes has been identified as safe.
 
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
 
 
The entry @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll, has been identified as safe.
 
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
 
 
The entry @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll, has been identified as safe.
 
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
 
 
Very safe
This entry should be safe. This entry should not be fixed! Your best bet to repair it is to try the LSPFix from Cexx.org.
 
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
 
 
Safe
This entry should be safe. This entry was classified from our visitors as good.
 
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
 
 
Safe
This entry should be safe. This entry was classified from our visitors as good.
 
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
 
 
Safe
Check your hard disc drive with Spybot S&D from Kolla.de or LSPFix from Cexx.org. This entry was classified from our visitors as good.
 
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
 
 
Safe
Check your hard disc drive with Spybot S&D from Kolla.de or LSPFix from Cexx.org. This entry was classified from our visitors as good.
 
O11 - Options group: [INTERNATIONAL] International
 
 
Safe
 
O13 - Gopher Prefix:
 
 
Safe
Safe (4.25 / 5.00)
 
O17 - HKLM\System\CCS\Services\Tcpip\..\{4F2FB71C-B7E0-4AB7-B721-F79D6A4DB14F}: NameServer = 10.206.65.68 10.206.65.68
 
 
The entered IP or Domain '10.206.65.68 10.206.65.68' has been identified as safe.
 
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll
 
 
This entry has been identified as safe.
 
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
 
 
Safe
This entry has been identified as safe.
 
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll
 
 
This entry has been identified as safe.
 
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Users\Sam\AppData\Local\Microsoft\Windows Sidebar\Gadgets\SkypeGadget1.3.gadget\wrapper\Skype4COM.dll
 
 
This entry has been identified as safe.
 
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
 
 
Safe
This entry has been identified as safe.
 
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
 
 
Safe (4.23 / 5.00)
 
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
 
 
Very safe
Safe (3.87 / 5.00)
 
O20 - AppInit_DLLs: mmcres.dll bootsvc.dll
 
 
 
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
 
 
Very safe
Intel Graphic card
 
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
 
 
Very safe
Safe (4.23 / 5.00)
 
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6b aaa25\aestsrv.exe
 
 
Safe (3.77 / 5.00)
 
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
 
 
Very safe
This service (AppleMobileDeviceService.exe) was identified as a good one.
 
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Avast\AvastSvc.exe
 
 
This service (AvastSvc.exe) was identified as a good one.
 
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Avast\AvastSvc.exe
 
 
This service (AvastSvc.exe) was identified as a good one.
 
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Avast\AvastSvc.exe
 
 
This service (AvastSvc.exe) was identified as a good one.
 
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
 
 
Neutral
This service (mDNSResponder.exe) was identified as a good one.
 
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
 
 
This service (btwdins.exe) was identified as a good one.
 
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
 
 
Safe
Safe (4.18 / 5.00)
 
O23 - Service: CrossLoop Service (CrossLoopService) - Unknown owner - C:\Users\Sam\AppData\Local\CrossLoop\CrossLoopService.exe" --service (file missing)
 
 
Safe (3.84 / 5.00)
 
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\SPLASH.SYS\config\DVMExportService.exe
 
 
Safe (3.88 / 5.00)
 
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe
 
 
Safe (4.85 / 5.00)
 
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
 
 
Very safe
Safe (4.39 / 5.00)
 
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
 
 
Safe
This service (hpqwmiex.exe) was identified as a good one.
 
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
 
 
Very safe
This service (IAANTMon.exe) was identified as a good one.
 
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
 
 
Very safe
This service (iPodService.exe) was identified as a good one.
 
O23 - Service: Media Center Support Service (Jasmio.MediaCenter.Service) - Unknown owner - C:\Program Files\Jasmio\Media Center Support Service\Jasmio.MediaCenter.Service.exe
 
 
Unknown service. (Jasmio.MediaCenter.Service.exe)
 
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
 
 
Very safe
This service (NBService.exe) was identified as a good one.
 
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
 
 
Safe
 
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
 
 
Very safe
 
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6b aaa25\STacSV.exe
 
 
This service (STacSV.exe) was identified as a good one.
 
O23 - Service: TightVNC Server (tvnserver) - Unknown owner - C:\Users\Sam\AppData\Local\CrossLoop\tvnserver.exe" -service (file missing)
 
 
Safe (3.84 / 5.00)
 
O23 - Service: Vodafone Mobile Broadband Service (VmbService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
 
 
Safe (3.9 / 5.00)
 
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)
 
 
Safe (4.17 / 5.00)
My System SpecsSystem Spec
29 Nov 2010   #3
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Rescan with HJT, check these items:

O4 - HKCU\..\Run: [{C9ABE953-83B1-4EBD-8EF9-C48F9B13B501}] rundll32 "C:\Users\Sam\AppData\Local\Temp\{C9ABE953-83B1-4EBD-8EF9-C48F9B13B501}\1f88.dll",DllGetClassObject secret 18530

O4 - HKCU\..\Run: [{BB89FCA9-375A-4BA5-A6AA-01A88E10EED6}] rundll32 "C:\Users\Sam\AppData\Local\Temp\{BB89FCA9-375A-4BA5-A6AA-01A88E10EED6}\266d.dll",DllGetClassObject secret 40941


Close all browser windows except HJT, then click 'fix checked'. Don't reboot, just exit out of HJT.

Download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums and save it to your desktop.
Save any unsaved work.
TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! Reboot, immediately

Next, download Malwarebytes' Anti-Malware to your desktop
|MG| Malwarebytes Anti-Malware 1.46 Download
* Right-click mbam-setup.exe to run as Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location. Copy and Paste that log into your next reply.
My System SpecsSystem Spec
.


29 Nov 2010   #4

Windows 7 Ultimate X86(32 Bit)
 
 

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 5206

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

29/11/2010 17:46:15
mbam-log-2010-11-29 (17-46-15).txt

Scan type: Full Scan
Objects scanned: 148981
Time elapsed: 16 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{db4ab874-a2eb-44f7-b7fd-a1be0ce92997} (Trojan.ObjectSec) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Sam\AppData\Local\Temp\{DB4AB874-A2EB-44F7-B7FD-A1BE0CE92997}\1732.dll (Trojan.ObjectSec) -> Delete on reboot.
My System SpecsSystem Spec
29 Nov 2010   #5
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Reboot and run MBam again. Let's see if it quarantines this file:

C:\Users\Sam\AppData\Local\Temp\{DB4AB874-A2EB-44F7-B7FD-A1BE0CE92997}\1732.dll (Trojan.ObjectSec)
My System SpecsSystem Spec
30 Nov 2010   #6

Windows 7 Ultimate X86(32 Bit)
 
 
mmcres.dll has stopped working

Hi i keep getting popups on my screen saying mmcres.dll has stopped working and it hasnt effected me so far and i am wondering what it does as on google it dosnt show up and if i need to take ACTION.
My System SpecsSystem Spec
30 Nov 2010   #7

 
 

Do you mean smcres.dll? If so, this is a component of Symantec software. On the chance that you mistyped, here is a google link:

http://www.google.com/search?hl=en&r...es.dll&spell=1


James
My System SpecsSystem Spec
30 Nov 2010   #8

Windows 7 Ultimate X86(32 Bit)
 
 

no it comes up on the pop up as mmcres.dll has stopped working
[IMG]file:///C:/Users/Sam/AppData/Local/Temp/moz-screenshot.png[/IMG]
thats the popup i get
My System SpecsSystem Spec
30 Nov 2010   #9

 
 

There seems to be nothing about it on the web, other than this post and another post on this forum here:

Hijack this log

If you do a page search (ctrl+F in IE) on the post at the above link, you'll find a couple of instances. One in the Hijack scan data (in the code window) and another in the responding post (which takes its data from the HijackThis site), which lists mmcres.dll (along with bootsvc.dll) as 'Very Safe'.

Although from the above post it appears safe (post #2 in that thread), I would search my system for the file to see where it resides. I would also download and run MalwareBytes (free version) just to be safe. You might even want to download Emsisoft Anti-Malware (a2), Mamutu, Online Armor and freeware security tools downloads (also free version) and run it. None of these (freee versions) run resident, so there should be no issue with other AV programs you may be running. Run the full scans on both.

I say this to be safe, given that available info seems to be limited. Someone else may come along with more information.

Also, here is a link giving information and registry location for appinit dlls:

Working with the AppInit_DLLs registry value

Sorry I couldn't offer more info.

If all apears well and you find that it's not a process you find neccesary, you could simply rename the file, remove the entry from the registry (after backing it up: Registry - Backup and Restore )
or uninstall the application using it.


James
My System SpecsSystem Spec
30 Nov 2010   #10
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

That is not a valid Windows file. You started a second topic on the same question you asked about here. Hijack this log

Please follow through with what I asked you to do. We can troubleshoot from that topic, so we don't get mixed up going all over the forums
My System SpecsSystem Spec
Reply

 Hijack this log





Thread Tools



Similar help and support threads for2: Hijack this log
Thread Forum
Yaa! DLL Hijack Auditor: For Microsoft DLL hijack vulnerability System Security
IE 8 hijack System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 10:53 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33