• Announcements

    • LS.Andy

      Support for other products than adaware, ad block, web protection and Web Companion   05/05/2017

      Support for the following products is handled by the Lavasoft support team: Lavasoft Tuneup Kit Lavasoft PC Optimizer Lavasoft Driver Updater Lavasoft Registry Tuner Lavasoft Privacy Toolbox Lavasoft File Shredder Lavasoft Digital Lock

      For help with these products, contact the support team here: http://www.lavasoft.com/support/supportcenter/
       
Sign in to follow this  
Followers 0
dodger39

HTTP FAKE SCAN WEBPAGE

65 posts in this topic

Searching for stuff this am. Norton notified me it had blocked an attempted intrusion.  Checked Norton log. Said MY computer had attempted an attack on another site. Quoted  HTTP Fake Scan Webpage..After looking through websites to determine what this was, came across an item that suggested Antivirus Online Scan.com may be the problem. Searched my pc for this, got nothing. Searched for HTTP fake Scan Webpage, got one entry.Clicked to go to the location on my pc and it opened up IE.Just my home page opened, nothing else. I have never used Antivirus Online Scan.com so I don't know how,if its hidden somewhere, it got on my pc.

 

PC has been running slow while on the internet and in a lot of cases going from one page or another site the pc virtually comes to a halt or IE stops responding.

 

Can anyone help me get rid of this http fake scan webpage. :(

 

Vista Premium

ie 7

Norton Internet Security 2008

Adaware Free (The full scan won't work)

Spybot SD

Windows Defender.

 

Searching for stuff this am. Norton notified me it had blocked an attempted intrusion.  Checked Norton log. Said MY computer had attempted an attack on another site. Quoted  HTTP Fake Scan Webpage..After looking through websites to determine what this was, came across an item that suggested Antivirus Online Scan.com may be the problem. Searched my pc for this, got nothing. Searched for HTTP fake Scan Webpage, got one entry.Clicked to go to the location on my pc and it opened up IE.Just my home page opened, nothing else. I have never used Antivirus Online Scan.com so I don't know how,if its hidden somewhere, it got on my pc.

 

PC has been running slow while on the internet and in a lot of cases going from one page or another site the pc virtually comes to a halt or IE stops responding.

 

Can anyone help me get rid of this http fake scan webpage. :mellow:

 

Vista Premium

ie 7

Norton Internet Security 2008

Adaware Free (The full scan won't work)

Spybot SD

Windows Defender.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:17:27 AM, on 25/10/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\WINDOWS\RtHDVCpl.exe

C:\hp\support\hpsysdrv.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\hp\kbd\kbd.exe

C:\Program Files\Windows Mail\WinMail.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Users\Charlie\Desktop\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE

O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"

O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [sunJavaUpdateReg] "C:\Windows\system32\jureg.exe" -delete

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 8488 bytes

 

 

 

Mod.Edit/merged/Raziel

adware_scan.txt

Edited by Raziel v. Nosgoth

Share this post


Link to post
Share on other sites

Hey charlie2,

 

Welcome to Lavasoft Support Forum! I'm Ltangelic and I'll be helping you fix your computer problem. Sorry for the long wait, we have very limited number of staff here, and it can take a while before someone replies to your thread. Thanks for your patience in waiting. :(

 

Your logs don't look very bad, we'll need to do deeper scans.

 

Please follow my instructions in the order they were given, and print out a copy of it as you may not have access to the forums during the fix.

 

1) Fix entries with HijackThis

 

Please re-open HijackThis and Do a System Scan Only. Check the boxes next to all the entries listed below.

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

 

Now close all windows other than HijackThis, then click Fix Checked. Close HijackThis.

 

2) Run RSIT

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Next reply (please include):

 

Note: Please do NOT attach the logs and post ONE log in each post

 

RSIT logs (log.txt and info.txt)

Share this post


Link to post
Share on other sites
Hey charlie2,

 

Welcome to Lavasoft Support Forum! I'm Ltangelic and I'll be helping you fix your computer problem. Sorry for the long wait, we have very limited number of staff here, and it can take a while before someone replies to your thread. Thanks for your patience in waiting. :)

 

Your logs don't look very bad, we'll need to do deeper scans.

 

Please follow my instructions in the order they were given, and print out a copy of it as you may not have access to the forums during the fix.

 

1) Fix entries with HijackThis

 

Please re-open HijackThis and Do a System Scan Only. Check the boxes next to all the entries listed below.

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

 

Now close all windows other than HijackThis, then click Fix Checked. Close HijackThis.

 

2) Run RSIT

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Next reply (please include):

 

Note: Please do NOT attach the logs and post ONE log in each post

 

RSIT logs (log.txt and info.txt)

 

Sorry for taking so long to respond, been away sick.

 

When I done another hjt scan, the 2 redirect items you told me to tick and fix came up with a different url, not sure whether I should remove them, so heres another hjt log, Can you advise whether, even though theres only a slight difference in the url whether I should remove them, thanks.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 4:46:18 AM, on 6/11/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\WINDOWS\RtHDVCpl.exe

C:\hp\support\hpsysdrv.exe

C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe

c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\hp\kbd\kbd.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe

C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Users\Charlie\Desktop\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE

O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"

O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [sunJavaUpdateReg] "C:\Windows\system32\jureg.exe" -delete

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 8575 bytes

Share this post


Link to post
Share on other sites

Hey charlie2,

 

Yes, please go on to fix the entries, then do a RSIT scan and post the logs on here. :)

Share this post


Link to post
Share on other sites
Hey charlie2,

 

Yes, please go on to fix the entries, then do a RSIT scan and post the logs on here. :)

 

 

Logfile of random's system information tool 1.04 (written by random/random)

Run by Charlie at 2008-11-06 18:21:14

Microsoft® Windows Vista™ Home Premium Service Pack 1

System drive C: has 175 GB (59%) free of 295 GB

Total RAM: 1918 MB (47% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:21:30 PM, on 6/11/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\WINDOWS\RtHDVCpl.exe

C:\hp\support\hpsysdrv.exe

C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe

c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\hp\kbd\kbd.exe

C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe

C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe

C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe

C:\Windows\system32\msfeedssync.exe

C:\Users\Charlie\Desktop\HiJackThis.exe

C:\Users\Charlie\Desktop\RSIT.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Charlie\Desktop\Charlie.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE

O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"

O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [sunJavaUpdateReg] "C:\Windows\system32\jureg.exe" -delete

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil9c.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 9014 bytes

 

======Scheduled tasks folder======

 

C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Charlie.job

C:\Windows\tasks\User_Feed_Synchronization-{F9317237-BD81-4915-97EC-9D09B3520DF1}.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}]

SnagIt Toolbar Loader - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll [2006-11-08 63048]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]

Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-06-03 1404928]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll [2007-08-25 316784]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]

Symantec Intrusion Prevention - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [2008-06-09 116088]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]

McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-30 145424]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Show Norton Toolbar - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-25 316784]

{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - SnagIt - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll [2006-11-08 157256]

{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-30 145424]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]

"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-07-03 6266880]

"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2007-04-19 65536]

"KBD"=C:\HP\KBD\KbdStub.EXE [2006-12-09 65536]

"OsdMaestro"=C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2007-02-15 118784]

"HP Health Check Scheduler"=[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe []

"SunJavaUpdateReg"=C:\Windows\system32\jureg.exe [2007-04-07 54936]

"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]

"ccApp"=c:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-10-17 51048]

""= []

"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe [2006-12-22 67752]

"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-06-02 81920]

"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-05-22 13539872]

"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-05-22 92704]

"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

"mxomssmenu"=C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe [2008-07-21 169312]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Power2GoExpress"= []

"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]

"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"FlashPlayerUpdate"=C:\Windows\system32\Macromed\Flash\FlashUtil9c.exe [2007-03-30 190696]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableUIADesktopToggle"=0

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

 

======List of files/folders created in the last 1 months======

 

2008-11-06 18:21:14 ----D---- C:\rsit

2008-11-05 05:24:19 ----A---- C:\Windows\system32\wups2.dll

2008-11-05 05:24:19 ----A---- C:\Windows\system32\wucltux.dll

2008-11-05 05:24:19 ----A---- C:\Windows\system32\wuaueng.dll

2008-11-05 05:24:19 ----A---- C:\Windows\system32\wuauclt.exe

2008-11-05 05:23:59 ----A---- C:\Windows\system32\wups.dll

2008-11-05 05:23:59 ----A---- C:\Windows\system32\wudriver.dll

2008-11-05 05:23:57 ----A---- C:\Windows\system32\wuapi.dll

2008-11-05 05:23:52 ----A---- C:\Windows\system32\wuwebv.dll

2008-11-05 05:23:52 ----A---- C:\Windows\system32\wuapp.exe

2008-10-29 07:17:00 ----A---- C:\Windows\system32\wersvc.dll

2008-10-29 07:17:00 ----A---- C:\Windows\system32\Faultrep.dll

2008-10-29 06:06:36 ----A---- C:\Windows\system32\win32spl.dll

2008-10-24 05:35:47 ----A---- C:\Windows\system32\netapi32.dll

2008-10-21 20:26:47 ----D---- C:\Users\Charlie\AppData\Roaming\muvee Technologies

2008-10-21 20:26:13 ----D---- C:\ProgramData\TEMP

2008-10-16 10:38:09 ----A---- C:\Windows\system32\Apphlpdm.dll

2008-10-16 10:38:08 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll

2008-10-16 10:38:04 ----A---- C:\Windows\system32\EncDec.dll

2008-10-16 10:38:02 ----A---- C:\Windows\system32\psisdecd.dll

2008-10-16 09:05:01 ----A---- C:\Windows\system32\ntoskrnl.exe

2008-10-16 09:05:01 ----A---- C:\Windows\system32\ntkrnlpa.exe

2008-10-16 09:04:57 ----A---- C:\Windows\system32\mshtml.dll

2008-10-16 09:04:57 ----A---- C:\Windows\system32\ieframe.dll

2008-10-16 09:04:56 ----A---- C:\Windows\system32\wininet.dll

2008-10-16 09:04:56 ----A---- C:\Windows\system32\urlmon.dll

2008-10-16 09:04:56 ----A---- C:\Windows\system32\iertutil.dll

2008-10-16 09:04:55 ----A---- C:\Windows\system32\mstime.dll

2008-10-16 09:04:54 ----A---- C:\Windows\system32\jsproxy.dll

2008-10-15 15:39:17 ----D---- C:\Program Files\Maxtor

 

======List of files/folders modified in the last 1 months======

 

2008-11-06 18:21:30 ----D---- C:\Windows\Prefetch

2008-11-06 18:21:22 ----D---- C:\Windows\Temp

2008-11-06 16:02:43 ----D---- C:\ProgramData\Symantec

2008-11-06 07:16:47 ----SHD---- C:\System Volume Information

2008-11-06 04:35:05 ----D---- C:\Windows\System32

2008-11-06 04:35:05 ----D---- C:\Windows\inf

2008-11-06 04:35:05 ----A---- C:\Windows\system32\PerfStringBackup.INI

2008-11-06 03:46:55 ----D---- C:\Windows\rescache

2008-11-06 03:40:59 ----D---- C:\Windows\winsxs

2008-11-06 03:30:55 ----D---- C:\Windows\system32\catroot

2008-11-06 03:30:10 ----D---- C:\Windows\system32\en-US

2008-11-05 08:29:15 ----D---- C:\Users\Charlie\AppData\Roaming\VSO

2008-11-05 05:23:52 ----D---- C:\Windows\system32\catroot2

2008-10-31 12:16:21 ----D---- C:\Program Files\McAfee

2008-10-31 12:15:51 ----D---- C:\Program Files\Common Files\Symantec Shared

2008-10-29 23:12:54 ----D---- C:\Users\Charlie\AppData\Roaming\Skype

2008-10-29 16:03:00 ----D---- C:\Users\Charlie\AppData\Roaming\skypePM

2008-10-24 08:41:42 ----D---- C:\WINDOWS

2008-10-24 08:41:34 ----SHD---- C:\Windows\Installer

2008-10-21 20:26:13 ----HD---- C:\ProgramData

2008-10-19 21:47:32 ----D---- C:\ProgramData\HPSSUPPLY

2008-10-19 17:34:49 ----D---- C:\Program Files\Acoustica CD Label Maker

2008-10-16 11:14:48 ----D---- C:\Windows\Microsoft.NET

2008-10-16 11:14:26 ----RSD---- C:\Windows\assembly

2008-10-16 10:48:37 ----D---- C:\Windows\ehome

2008-10-16 10:48:37 ----D---- C:\Windows\AppPatch

2008-10-16 10:48:37 ----D---- C:\Program Files\Windows Mail

2008-10-16 10:48:36 ----D---- C:\Windows\system32\drivers

2008-10-16 10:48:35 ----D---- C:\Windows\system32\migration

2008-10-15 15:40:26 ----HD---- C:\Program Files\InstallShield Installation Information

2008-10-15 15:39:17 ----RD---- C:\Program Files

2008-10-15 15:35:22 ----D---- C:\Windows\Downloaded Installations

2008-10-09 19:32:48 ----A---- C:\Windows\win.ini

2008-10-08 05:49:40 ----A---- C:\Windows\system32\mrt.exe

2008-10-07 11:52:15 ----D---- C:\Program Files\Spybot - Search & Destroy

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2008-09-02 371248]

R1 IDSvix86;Symantec Intrusion Prevention Driver; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20081104.005\IDSvix86.sys [2008-09-12 270384]

R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [2008-09-05 447024]

R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2007-12-01 43696]

R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys [2008-06-13 24112]

R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2008-06-13 184240]

R2 CO_Mon;CO_Mon; \??\C:\Windows\system32\drivers\CO_Mon.sys [2007-08-08 36056]

R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-20 12672]

R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]

R3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]

R3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]

R3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-02 99376]

R3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\HSX_DP.sys [2008-05-08 980992]

R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2008-05-08 266752]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-07-03 2152088]

R3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20081105.039\NAVENG.SYS [2008-08-22 89104]

R3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20081105.039\NAVEX15.SYS [2008-08-22 873552]

R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-11-18 1040544]

R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-05-22 7465312]

R3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-13 19072]

R3 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2007-12-01 279088]

R3 SYMDNS;SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [2008-06-13 13616]

R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2008-06-09 123952]

R3 SYMFW;SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [2008-06-13 96432]

R3 SYMNDISV;SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [2008-06-13 41008]

R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2008-06-13 22320]

R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-05-08 661504]

R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

S3 COH_Mon;COH_Mon; \??\C:\Windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]

S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]

S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]

S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]

S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]

S3 MXOPSWD;Maxtor OneTouch Security Driver; C:\Windows\system32\DRIVERS\mxopswd.sys [2007-05-03 22152]

S3 PcdrNdisuio;PCDRNDISUIO Usermode I/O Protocol; C:\Windows\system32\DRIVERS\pcdrndisuio.sys []

S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2007-12-01 317616]

S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []

S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]

S4 nvrd32;NVIDIA nForce RAID Driver; C:\Windows\system32\drivers\nvrd32.sys [2007-12-08 131616]

S4 nvsmu;nvsmu; C:\Windows\system32\drivers\nvsmu.sys [2007-10-13 13312]

S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-02 611664]

R2 AdobeActiveFileMonitor5.0;Adobe Active File Monitor V5; C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [2006-12-22 108712]

R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2007-08-31 243064]

R2 ccEvtMgr;Symantec Event Manager; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]

R2 ccSetMgr;Symantec Settings Manager; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]

R2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]

R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-09-20 65536]

R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-19 21504]

R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-11-20 79136]

R2 LiveUpdate Notice;LiveUpdate Notice; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]

R2 Maxtor Sync Service;Maxtor Service; C:\Program Files\Maxtor\Sync\SyncServices.exe [2008-07-21 193888]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-10-08 203280]

R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]

R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-05-22 118784]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]

R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]

R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]

R3 Symantec Core LC;Symantec Core LC; C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2008-06-09 1251720]

S3 comHost;COM Host; c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2007-08-22 55640]

S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2007-07-24 181800]

S3 LiveUpdate;LiveUpdate; c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [2007-08-23 3192184]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-27 441136]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-27 145184]

S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

 

-----------------EOF-----------------

Share this post


Link to post
Share on other sites

info.txt logfile of random's system information tool 1.04 2008-11-06 18:21:33

 

======Uninstall list======

 

-->"C:\Program Files\HP Games\3D Ultra Minigolf Adventures\Uninstall.exe"

-->"C:\Program Files\HP Games\7 Wonders of the Ancient World\Uninstall.exe"

-->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"

-->"C:\Program Files\HP Games\Blasterball 2 Revolution\Uninstall.exe"

-->"C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"

-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"

-->"C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"

-->"C:\Program Files\HP Games\Diner Dash\Uninstall.exe"

-->"C:\Program Files\HP Games\FATE\Uninstall.exe"

-->"C:\Program Files\HP Games\Fish Tycoon\Uninstall.exe"

-->"C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"

-->"C:\Program Files\HP Games\Jewel Quest Solitaire\Uninstall.exe"

-->"C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"

-->"C:\Program Files\HP Games\Magic Academy\Uninstall.exe"

-->"C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"

-->"C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"

-->"C:\Program Files\HP Games\Otto's Magic Blocks\Uninstall.exe"

-->"C:\Program Files\HP Games\Peggle\Uninstall.exe"

-->"C:\Program Files\HP Games\Penguins!\Uninstall.exe"

-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"

-->"C:\Program Files\HP Games\Polar Golfer Pineapple Cup\Uninstall.exe"

-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"

-->"C:\Program Files\HP Games\Ricochet Lost Worlds\Uninstall.exe"

-->"C:\Program Files\HP Games\Shooting Stars Pool\Uninstall.exe"

-->"C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe"

-->"C:\Program Files\HP Games\Super Granny\Uninstall.exe"

-->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe"

-->"C:\Program Files\HP Games\Virtual Villagers - A New Home\Uninstall.exe"

-->"C:\Program Files\HP Games\Virtual Villagers - Chapter 2 - The Lost Children\Uninstall.exe"

-->"C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"

-->"c:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U

-->MsiExec.exe /I{C4CBAD7E-DF4A-4FEC-AC17-8BC709AFB844}

2007 Microsoft Office system-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROHYBRIDR /dll OSETUP.DLL

32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}

Acoustica CD/DVD Label Maker-->C:\Program Files\Acoustica CD Label Maker\cdlabel.exe UNINSTALL

Acoustica Effects Pack-->C:\PROGRA~1\ACOUST~3\UNWISE.EXE C:\PROGRA~1\ACOUST~3\INSTALL.LOG

Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}

Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{B3C2C1CD-6B77-4A96-B670-F734AC2A1CBC}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE

Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}

Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall

Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}

Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Help Center 2.1-->MsiExec.exe /I{25569723-DC5A-4467-A639-79535BF01B71}

Adobe Photoshop Elements 5.0-->msiexec /I {A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}

Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}

AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}

ArcSoft Panorama Maker 4 Pro-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06FE635A-BE8C-4208-91A9-FB6E641A4F52}\Setup.exe" -l0x9

Blood Pressure Tracker-->"C:\Program Files\SoundTells\Blood Pressure Tracker\Uninstall.exe" "C:\Program Files\SoundTells\Blood Pressure Tracker\install.log"

ccCommon-->MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}

CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"

Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}

Component Framework-->MsiExec.exe /I{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}

CyberLink DVD Suite Deluxe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" -uninstall

Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u

G-Force-->C:\Program Files\SoundSpectrum\G-Force\Uninstall.exe

Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}

Hardware Diagnostic Tools-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe

Hewlett-Packard Active Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}

Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}

HijackThis 2.0.2-->"C:\Users\Charlie\Desktop\HijackThis.exe" /uninstall

HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C8D47273-7A1A-4614-A3D8-263632D8A5ED}\setup.exe" -l0x9 -removeonly

HP Customer Feedback-->MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC}

HP Customer Participation Program 9.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat

HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1BCE2581-B7CA-4BB4-BDFB-D113506AA38B}\setup.exe" -l0x9 -removeonly

HP Imaging Device Functions 9.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat

HP OCR Software 9.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat

HP On-Screen Cap/Num/Scroll Lock Indicator-->C:\Windows\system32\OsdRemove.exe

HP Photosmart All-In-One Software 9.0-->C:\Program Files\HP\Digital Imaging\{B46AC30C-22D2-4610-B041-1DA7BB29EB57}\setup\hpzscr01.exe -datfile hposcr21.dat

HP Photosmart Essential 3.0-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat

HP Photosmart Printer Software 9.0-->C:\Program Files\HP\Digital Imaging\{4FC583C2-45DB-44ac-AD30-8837DB845588}\setup\hpzscr01.exe -datfile hposcr16.dat

HP Picasso Media Center Add-In-->MsiExec.exe /I{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}

HP Solution Center 9.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat

HP Total Care Advisor-->MsiExec.exe /X{fef8097e-662d-49b3-aa77-2919db3746d7}

HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}

HPSSupply-->MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}

Jasc Paint Shop Pro 8-->MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}

Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}

LabelPrint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" -uninstall

LightScribe System Software 1.10.23.1-->MsiExec.exe /X{0E19A83E-F53B-40CF-8C91-96F32D955E6A}

LiveUpdate (Symantec Corporation)-->MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "c:\ProgramData\LuUninstall.LiveUpdate"

LiveUpdate (Symantec Corporation)-->MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}

Maxtor Manager-->"C:\Program Files\InstallShield Installation Information\{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}\setup.exe" -runfromtemp -l0x0409 -removeonly

Maxtor Manager-->MsiExec.exe /I{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}

McAfee SiteAdvisor-->C:\Program Files\McAfee\SiteAdvisor\Uninstall.exe

MediaRing Talk-->"C:\Program Files\MediaRing\MediaRing Talk\Uninstall.exe" "C:\Program Files\MediaRing\MediaRing Talk\install.log"

Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}

Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}

Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}

Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}

Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}

Microsoft Office Professional Edition 2003-->MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}

Microsoft Office Professional Hybrid 2007-->MsiExec.exe /X{91120000-0031-0000-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}

Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}

Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}

Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}

Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}

Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}

MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}

muvee autoProducer 6.1-->C:\Program Files\InstallShield Installation Information\{5115C036-C0D5-4E1B-81C9-542CA967478A}\muveesetup.exe -removeonly -runfromtemp

My Blood Pressure v2.11-->"C:\Program Files\My-BP\unins000.exe"

My HP Games-->"C:\Program Files\HP Games\Uninstall.exe"

MyBP NHLBI Documents 1-->"C:\Program Files\MyBP NHLBI Documents\unins000.exe"

Norton AntiVirus Help-->MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}

Norton AntiVirus-->MsiExec.exe /X{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}

Norton Confidential Core-->MsiExec.exe /I{55A6283C-638A-4EE0-B491-51118554BDA2}

Norton Internet Security (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_0_0_60\Setup.exe" /X

Norton Internet Security-->MsiExec.exe /I{3672B097-EA69-4BFE-B92F-29AE6D9D2B34}

Norton Internet Security-->MsiExec.exe /I{C1C185CA-C531-49F5-A6FA-B838405A049D}

Norton Protection Center-->MsiExec.exe /I{62120008-8E1E-4807-860D-A8B48F8552DB}

NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI

OLYMPUS Master 2-->MsiExec.exe /X{13453DAA-8424-4B9C-844F-FC44C621F9E3}

OLYMPUS xD-Picture Card Pack-->MsiExec.exe /X{782E6262-E509-48F1-9BB4-94A164EB82E9}

Power2Go-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" -uninstall

PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall

Python 2.5-->MsiExec.exe /I{0A2C5854-557E-48C8-835A-3B9F074BDCAA}

Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly

Security Update for Excel 2007 (KB946974)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}

Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}

Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}

Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}

Security Update for Office 2007 (KB947801)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}

Skypeâ„¢ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}

SnagIt 8-->MsiExec.exe /I{A1C4EE2B-DF14-4488-BC8A-F9336D588E97}

Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\UIU32m.exe -U -ITrx200Cz.INF

Some PDF Image Extractr 1.4-->"C:\Program Files\SomePDF\Some PDF Image Extractr\unins000.exe"

SPBBC 32bit-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}

Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}

Spin It Again-->C:\PROGRA~1\ACOUST~2\UNWISE.EXE C:\PROGRA~1\ACOUST~2\INSTALL.LOG

Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"

Switch Sound File Converter-->C:\Program Files\NCH Swift Sound\Switch\uninst.exe

Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}

Update for Office 2007 (KB932080)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}

Update for Office 2007 (KB946691)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}

Update for Office System 2007 Setup (KB929722)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {D8E9BEBD-655F-467D-8176-CA9959C140A3}

Update for Outlook 2007 Junk Email Filter (kb953463)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {1B78D541-9FF1-4330-ADD8-CED14F0C1E8E}

VSO Image Resizer 2.0.1.7-->"C:\Program Files\VSO\Image Resizer\unins000.exe"

Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}

Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}

Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}

Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}

 

=====HijackThis Backups=====

 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

 

======Security center information======

 

AV: Norton Internet Security

FW: Norton Internet Security

AS: Windows Defender

AS: Norton Internet Security

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\hp\bin\Python

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=x86

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 2, AuthenticAMD

"PROCESSOR_REVISION"=6b02

"NUMBER_OF_PROCESSORS"=2

"PLATFORM"=HPD

"PCBRAND"=Presario

"OnlineServices"=Online Services

 

-----------------EOF-----------------

Share this post


Link to post
Share on other sites

Hey charlie2,

 

From your log, you seem to have multiple anti-spyware resident running on your computer. This is not recommended as multiple protection of the same kind can cause conflicts and reduce the efficiency of the softwares. Please disable the following:

 

Windows Defender

 

Strange that despite fixing the entries, it comes right back. We need a stronger tool on this.

 

Download ComboFix from one of these locations:

 

Link 1

Link 2

Link 3

 

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
     
  • Double click on ComboFix.exe & follow the prompts.
     
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
     
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

RcAuto1.gif

 

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

 

whatnext.png

 

Click on Yes, to continue scanning for malware.

 

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt and fresh HijackThis log in your next reply.

Share this post


Link to post
Share on other sites

Do I have to disable norton internet security as well as windows defender?

 

C:\ComboFix.txt and fresh HijackThis log Is this all one file or do I have to run HJT again after I've run combo fix?

 

Sorry if I appear a bit dumb but I'm not real good at this stuff

Share this post


Link to post
Share on other sites

Before you run ComboFix, please disable Norton Internet Security and Windows Defender, after you have run ComboFix, re-enable Norton Internet Security ONLY.

 

Combofix.txt is generated by ComboFix, HijackThis log is generated by HijackThis, both are different tools, so you have to run both to get both logs.

 

It's good that you clarify with me, if there are any other questions, feel free to ask. :)

Share this post


Link to post
Share on other sites

LtAngelic, I have to go out now , before the shops shut. Do you mind if I continue this tomorrow?

 

Charlie

Share this post


Link to post
Share on other sites

No problem, just post me the logs when you're ready. :)

Share this post


Link to post
Share on other sites
No problem, just post me the logs when you're ready. ;)

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:52:30 AM, on 7/11/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\WINDOWS\RtHDVCpl.exe

C:\hp\support\hpsysdrv.exe

C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

C:\Windows\system32\taskeng.exe

c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\hp\kbd\kbd.exe

C:\Windows\Explorer.exe

C:\Users\Charlie\Desktop\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE

O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"

O4 - HKLM\..\Run: [sunJavaUpdateReg] "C:\Windows\system32\jureg.exe" -delete

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 7402 bytes

 

ComboFix 08-11-05.02 - Charlie 2008-11-07 10:39:23.1 - NTFSx86

Microsoft� Windows Vista� Home Premium 6.0.6001.1.1252.1.1033.18.980 [GMT 10.5:30]

Running from: c:\users\Charlie\Desktop\ComboFix.exe

* Created a new restore point

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\users\Charlie\AppData\Local\Microsoft\Windows\Temporary Internet Files\pse_300_enu.exe

c:\windows\system32\AutoRun.inf

 

.

((((((((((((((((((((((((( Files Created from 2008-10-07 to 2008-11-07 )))))))))))))))))))))))))))))))

.

 

2008-11-06 18:21 . 2008-11-06 18:21 <DIR> d-------- C:\rsit

2008-11-05 05:24 . 2008-10-17 07:43 1,809,944 --a------ c:\windows\System32\wuaueng.dll

2008-11-05 05:24 . 2008-10-17 07:26 1,524,736 --a------ c:\windows\System32\wucltux.dll

2008-11-05 05:24 . 2008-10-17 07:39 51,224 --a------ c:\windows\System32\wuauclt.exe

2008-11-05 05:24 . 2008-10-17 07:39 43,544 --a------ c:\windows\System32\wups2.dll

2008-11-05 05:23 . 2008-10-17 07:42 561,688 --a------ c:\windows\System32\wuapi.dll

2008-11-05 05:23 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll

2008-11-05 05:23 . 2008-10-17 07:25 83,456 --a------ c:\windows\System32\wudriver.dll

2008-11-05 05:23 . 2008-10-17 07:38 34,328 --a------ c:\windows\System32\wups.dll

2008-11-05 05:23 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe

2008-10-29 07:17 . 2008-09-18 15:26 147,456 --a------ c:\windows\System32\Faultrep.dll

2008-10-29 07:17 . 2008-09-18 15:26 125,952 --a------ c:\windows\System32\wersvc.dll

2008-10-29 06:06 . 2008-08-12 14:09 443,392 --a------ c:\windows\System32\win32spl.dll

2008-10-24 08:41 . 2008-10-17 05:55 143,993 --------- c:\windows\hpoins16.dat.temp

2008-10-24 08:41 . 2007-08-13 14:18 5,279 --------- c:\windows\hpomdl16.dat.temp

2008-10-21 20:26 . 2008-10-21 20:53 <DIR> d-------- c:\users\Charlie\AppData\Roaming\muvee Technologies

2008-10-21 20:26 . 2008-10-21 20:26 <DIR> d-------- c:\users\All Users\TEMP

2008-10-21 20:26 . 2008-10-21 20:26 <DIR> d-------- c:\programdata\TEMP

2008-10-16 10:38 . 2008-07-31 11:43 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll

2008-10-16 10:38 . 2008-08-05 20:19 428,544 --a------ c:\windows\System32\EncDec.dll

2008-10-16 10:38 . 2008-08-05 20:19 293,376 --a------ c:\windows\System32\psisdecd.dll

2008-10-16 10:38 . 2008-08-05 20:18 217,088 --a------ c:\windows\System32\psisrndr.ax

2008-10-16 10:38 . 2008-08-05 20:18 177,664 --a------ c:\windows\System32\mpg2splt.ax

2008-10-16 10:38 . 2008-08-05 20:18 80,896 --a------ c:\windows\System32\MSNP.ax

2008-10-16 10:38 . 2008-07-31 14:02 28,160 --a------ c:\windows\System32\Apphlpdm.dll

2008-10-16 09:05 . 2008-09-18 15:39 3,601,464 --a------ c:\windows\System32\ntkrnlpa.exe

2008-10-16 09:05 . 2008-09-18 15:39 3,549,240 --a------ c:\windows\System32\ntoskrnl.exe

2008-10-16 09:05 . 2008-09-18 12:46 2,032,640 --a------ c:\windows\System32\win32k.sys

2008-10-16 09:05 . 2008-08-27 11:36 288,768 --a------ c:\windows\System32\drivers\srv.sys

2008-10-16 09:04 . 2008-10-02 12:02 1,383,424 --a------ c:\windows\System32\mshtml.tlb

2008-10-16 09:04 . 2008-10-02 14:19 827,392 --a------ c:\windows\System32\wininet.dll

2008-10-15 15:39 . 2008-10-15 15:39 <DIR> d-------- c:\program files\Maxtor

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-06 23:10 --------- d-----w c:\programdata\Symantec

2008-11-04 21:59 --------- d-----w c:\users\Charlie\AppData\Roaming\VSO

2008-10-31 01:46 --------- d-----w c:\program files\McAfee

2008-10-31 01:45 --------- d-----w c:\program files\Common Files\Symantec Shared

2008-10-29 12:42 --------- d-----w c:\users\Charlie\AppData\Roaming\Skype

2008-10-29 05:33 --------- d-----w c:\users\Charlie\AppData\Roaming\skypePM

2008-10-19 11:17 --------- d-----w c:\programdata\HPSSUPPLY

2008-10-19 07:04 --------- d-----w c:\program files\Acoustica CD Label Maker

2008-10-16 00:18 --------- d-----w c:\program files\Windows Mail

2008-10-15 05:10 --------- d--h--w c:\program files\InstallShield Installation Information

2008-10-07 01:22 --------- d-----w c:\program files\Spybot - Search & Destroy

2008-10-04 21:36 --------- d-----w c:\programdata\SiteAdvisor

2008-10-04 21:35 --------- d-----w c:\programdata\McAfee

2008-10-04 21:35 --------- d-----w c:\program files\Common Files\McAfee

2008-09-29 02:12 --------- d-----w c:\programdata\Kodak

2008-09-14 12:43 --------- d-----w c:\program files\Common Files\Adobe AIR

2008-09-14 12:42 --------- d-----w c:\program files\Common Files\Adobe

2008-09-14 12:16 --------- d-----w c:\program files\Java

2008-09-14 12:15 --------- d-----w c:\program files\Common Files\Java

2008-08-20 08:37 2,560 ----a-w c:\windows\_MSRSTRT.EXE

2008-08-18 10:55 319,456 ----a-w c:\windows\DIFxAPI.dll

2008-08-18 10:55 315,392 ----a-w c:\windows\HideWin.exe

2008-08-03 10:23 262,144 ----a-w c:\programdata\ntuser.dat

2008-06-27 04:24 56 ---ha-w c:\users\All Users\ezsidmv.dat

2008-06-27 04:24 56 ---ha-w c:\programdata\ezsidmv.dat

2008-06-14 07:37 174 --sha-w c:\program files\desktop.ini

2008-06-12 09:45 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2008-06-12 09:45 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2008-06-12 09:45 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-19 65536]

"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-09 65536]

"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]

"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-12-22 67752]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 81920]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-22 13539872]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-22 92704]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]

"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 c:\windows\RtHDVCpl.exe]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3codecp"= l3codecp.acm

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000001

"InternetSettingsDisableNotify"=dword:00000001

"AutoUpdateDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{9114E626-A50A-4CAC-9720-4C9670A0090C}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector

"{876E3634-B7A8-464C-ACEF-3785FBEF74C7}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{DA4D75CD-B458-46AB-A6FF-A567A5509E81}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe

"{6D4A789E-0E70-40C2-A4C3-A7EFE071C520}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe

"{39FD184D-A111-419A-929C-567FEDE27029}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe

"{054DFADA-3C1A-4DA2-BECB-012C83DE0538}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe

"{61010454-CBBC-4326-A626-3A2917DE8000}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe

"{05BE9E99-2F0A-4F44-9A76-35EDC29ADD65}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe

"{7CD504E4-93AF-417D-B14F-8E15EB9011EB}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe

"{9CF41B4A-FDE1-47DA-8DA0-547BE6C36D63}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe

"{624C6A7C-1144-44BD-A090-D077D708C065}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe

"{766C8848-344E-42CA-AC52-8B219EE30C7A}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe

"{FC4FE70A-3846-4582-9BD9-EA9576DAD380}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe

"{A4F30294-8B1C-4E6B-8D49-FF988BC04BA0}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe

"{2EF6AD83-2743-42A4-9EF1-32235F7DC4DA}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe

"{A4CCB681-1CF2-4286-832D-1D20DE0E8EBB}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe

"{907198B2-B2E9-4342-8A3D-EE8110F81B85}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe

"{4EAE6B4E-37D7-4CC5-B0ED-D9C123F4F8BE}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe

"{7C388FBB-96B2-43F6-9DEA-BA0DB37FC0D2}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe

"{F85CDD18-4084-4A5D-8AA0-E07472F6939C}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe

"{9DB14414-94A5-4096-9156-579DC08AA371}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe

"{74AD7B4A-2D51-4E14-A4F0-ABAE6718FC9D}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe

"{88C77A7D-F76C-4DE7-AD9E-B54BFD3EEDEB}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server

"{0BD3607E-48AD-492B-936A-92ADA12B946C}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server

"{CA349CDA-F4B4-4C8F-B62E-E35D976363AA}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{69C487EA-46B2-4EC7-90E8-93B42F2D119D}"= c:\program files\Skype\Phone\Skype.exe:Skype

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20081104.005\IDSvix86.sys [2008-09-12 270384]

R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]

R2 Maxtor Sync Service;Maxtor Service;c:\program files\Maxtor\Sync\SyncServices.exe [2008-07-21 193888]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-10-08 203280]

R3 SYMNDISV;SYMNDISV;c:\windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 41008]

S3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]

S3 GameConsoleService;GameConsoleService;c:\program files\HP Games\My HP Game Console\GameConsoleService.exe [2007-07-24 181800]

S4 nvrd32;NVIDIA nForce RAID Driver;c:\windows\system32\drivers\nvrd32.sys [2007-12-08 131616]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

 

*Newly Created Service* - COMHOST

*Newly Created Service* - PROCEXP90

.

Contents of the 'Scheduled Tasks' folder

 

2008-11-03 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Charlie.job

- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-26 21:49]

 

2008-11-07 c:\windows\Tasks\User_Feed_Synchronization-{F9317237-BD81-4915-97EC-9D09B3520DF1}.job

- c:\windows\system32\msfeedssync.exe [2008-01-19 18:03]

.

- - - - ORPHANS REMOVED - - - -

 

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)

HKCU-Run-Power2GoExpress - (no file)

HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

 

 

.

------- Supplementary Scan -------

.

R0 -: HKCU-Main,Start Page = hxxp://www.google.com.au/

R0 -: HKLM-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=81&bd=Presario&pf=desktop

O8 -: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-07 10:43:29

Windows 6.0.6001 Service Pack 1 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-11-07 10:44:47

ComboFix-quarantined-files.txt 2008-11-07 00:14:43

 

Pre-Run: 184,210,145,280 bytes free

Post-Run: 184,188,309,504 bytes free

 

197 --- E O F --- 2008-11-06 19:04:41

 

Edit: Please do not attach the logs unless I tell you to, thanks. :D ~Ltangelic~

ComboFix.txt

Share this post


Link to post
Share on other sites

Sorry about that. Thought you wanted it attached. Told you I wasn't to crash hot on this sort of thing ;)

 

Well, somethings happened, machines been going like a dream today.

Edited by charlie2

Share this post


Link to post
Share on other sites

No worries charlie. ;)

 

Cool, glad to hear that your machine is doing much better. I'm looking at your logs now, will get back with a fix in around 30 mins.

 

LT

Share this post


Link to post
Share on other sites

Hey charlie2,

 

Your logs look good to me, let's run a final round of scan and hope we can close this soon. ;)

 

1) Run ATF Cleaner

 

Please download ATF Cleaner by Atribune.

This program is for Windows 98/ME/2K/XP and Vista

    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.

If you use Firefox browser

    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

 

2) Fix an entry with HijackThis

 

Please re-open HijackThis and Do a System Scan Only. Check the boxes next to all the entries listed below.

 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

 

Now close all windows other than HijackThis, then click Fix Checked. Close HijackThis.

 

3) Run Malwarebytes' Anti-Malware

 

Please download Malwarebytes' Anti-Malware from Here or Here

 

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

 

4) Update Java

 

Your Java is out of date.

  • Download the latest version of Java Runtime Environment (JRE) 6 Update 10.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u10-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.

Next reply (please include):

 

Note: Please do NOT attach the logs and post ONE log in each post

 

Fresh HijackThis log

ComboFix.txt (please run ComboFix again)

Malwarebytes' Anti-Malware scan log

Tell me how your computer is doing

Share this post


Link to post
Share on other sites

Can't find the Java Runtime that says "the J2Se Runtime ........allows end users to runJava Applications.

 

Is this the one I should download

 

Java SE Runtime Environment (JRE) 6 Update 10

This release provides a new Java Plug-in that combines features of applet and Java Web Start technologies, a new Direct3D pipeline for Microsoft platforms, an updated documentation bundle, and more.

Share this post


Link to post
Share on other sites

Yes Charlie, that's the one you want to download. Remember to remove all previous versions of Java AFTER you have installed the above. ;)

Share this post


Link to post
Share on other sites

Remember to remove all previous versions of Java AFTER you have installed the above ?

 

Ltangelic, in the earlier instructions, you said to remove all old versions of Java then reboot and then doubleclick the download to instal the new version.

 

Hate to be a nuisance but do you mean for me to download the new version to my desktop, then remove old versions,reboot, THEN instal the new version.

Share this post


Link to post
Share on other sites

Oops sorry for the confusion caused. ;)

 

Please ignore "Remember to remove all previous versions of Java AFTER you have installed the above" and go on to follow the proper instructions given earlier on. Thanks. :D

Share this post


Link to post
Share on other sites

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:01:32 PM, on 7/11/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\WINDOWS\RtHDVCpl.exe

C:\hp\support\hpsysdrv.exe

C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe

c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Windows\System32\mobsync.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\hp\kbd\kbd.exe

C:\Windows\system32\msfeedssync.exe

C:\Users\Charlie\Desktop\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE

O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"

O4 - HKLM\..\Run: [sunJavaUpdateReg] "C:\Windows\system32\jureg.exe" -delete

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 7449 bytes

Share this post


Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.30

Database version: 1371

Windows 6.0.6001 Service Pack 1

 

7/11/2008 5:55:37 PM

mbam-log-2008-11-07 (17-55-37).txt

 

Scan type: Quick Scan

Objects scanned: 46213

Time elapsed: 3 minute(s), 8 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

Share this post


Link to post
Share on other sites

Thanks for the logs, just one little problem. This entry is still in your HijackThis log:

 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

 

Did you use Hijackthis to fix it?

 

Also, how is your computer doing now? :)

Share this post


Link to post
Share on other sites

I did fix that bho but it keeps coming back. (Ididn't fix it on the last scan so that you could see it's come back again)

 

The pc's going like a dream now. Obviously you've fixed something for me.

 

Here's the new combofix log

 

ComboFix 08-11-05.02 - Charlie 2008-11-07 19:10:01.2 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1086 [GMT 10.5:30]

Running from: c:\users\Charlie\Desktop\ComboFix.exe

.

 

((((((((((((((((((((((((( Files Created from 2008-10-07 to 2008-11-07 )))))))))))))))))))))))))))))))

.

 

2008-11-07 18:56 . 2008-11-07 18:56 <DIR> d-------- c:\program files\Java

2008-11-07 18:56 . 2008-11-07 18:56 410,976 --a------ c:\windows\System32\deploytk.dll

2008-11-07 17:50 . 2008-11-07 17:50 <DIR> d-------- c:\users\Charlie\AppData\Roaming\Malwarebytes

2008-11-07 17:50 . 2008-11-07 17:50 <DIR> d-------- c:\users\All Users\Malwarebytes

2008-11-07 17:50 . 2008-11-07 17:50 <DIR> d-------- c:\programdata\Malwarebytes

2008-11-07 17:50 . 2008-11-07 17:50 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2008-11-07 17:50 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys

2008-11-07 17:50 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys

2008-11-06 18:21 . 2008-11-06 18:21 <DIR> d-------- C:\rsit

2008-11-05 05:24 . 2008-10-17 07:43 1,809,944 --a------ c:\windows\System32\wuaueng.dll

2008-11-05 05:24 . 2008-10-17 07:26 1,524,736 --a------ c:\windows\System32\wucltux.dll

2008-11-05 05:24 . 2008-10-17 07:39 51,224 --a------ c:\windows\System32\wuauclt.exe

2008-11-05 05:24 . 2008-10-17 07:39 43,544 --a------ c:\windows\System32\wups2.dll

2008-11-05 05:23 . 2008-10-17 07:42 561,688 --a------ c:\windows\System32\wuapi.dll

2008-11-05 05:23 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll

2008-11-05 05:23 . 2008-10-17 07:25 83,456 --a------ c:\windows\System32\wudriver.dll

2008-11-05 05:23 . 2008-10-17 07:38 34,328 --a------ c:\windows\System32\wups.dll

2008-11-05 05:23 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe

2008-10-29 07:17 . 2008-09-18 15:26 147,456 --a------ c:\windows\System32\Faultrep.dll

2008-10-29 07:17 . 2008-09-18 15:26 125,952 --a------ c:\windows\System32\wersvc.dll

2008-10-29 06:06 . 2008-08-12 14:09 443,392 --a------ c:\windows\System32\win32spl.dll

2008-10-24 08:41 . 2008-10-17 05:55 143,993 --------- c:\windows\hpoins16.dat.temp

2008-10-24 08:41 . 2007-08-13 14:18 5,279 --------- c:\windows\hpomdl16.dat.temp

2008-10-21 20:26 . 2008-10-21 20:53 <DIR> d-------- c:\users\Charlie\AppData\Roaming\muvee Technologies

2008-10-21 20:26 . 2008-10-21 20:26 <DIR> d-------- c:\users\All Users\TEMP

2008-10-21 20:26 . 2008-10-21 20:26 <DIR> d-------- c:\programdata\TEMP

2008-10-16 10:38 . 2008-07-31 11:43 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll

2008-10-16 10:38 . 2008-08-05 20:19 428,544 --a------ c:\windows\System32\EncDec.dll

2008-10-16 10:38 . 2008-08-05 20:19 293,376 --a------ c:\windows\System32\psisdecd.dll

2008-10-16 10:38 . 2008-08-05 20:18 217,088 --a------ c:\windows\System32\psisrndr.ax

2008-10-16 10:38 . 2008-08-05 20:18 177,664 --a------ c:\windows\System32\mpg2splt.ax

2008-10-16 10:38 . 2008-08-05 20:18 80,896 --a------ c:\windows\System32\MSNP.ax

2008-10-16 10:38 . 2008-07-31 14:02 28,160 --a------ c:\windows\System32\Apphlpdm.dll

2008-10-16 09:05 . 2008-09-18 15:39 3,601,464 --a------ c:\windows\System32\ntkrnlpa.exe

2008-10-16 09:05 . 2008-09-18 15:39 3,549,240 --a------ c:\windows\System32\ntoskrnl.exe

2008-10-16 09:05 . 2008-09-18 12:46 2,032,640 --a------ c:\windows\System32\win32k.sys

2008-10-16 09:05 . 2008-08-27 11:36 288,768 --a------ c:\windows\System32\drivers\srv.sys

2008-10-16 09:04 . 2008-10-02 12:02 1,383,424 --a------ c:\windows\System32\mshtml.tlb

2008-10-16 09:04 . 2008-10-02 14:19 827,392 --a------ c:\windows\System32\wininet.dll

2008-10-15 15:39 . 2008-10-15 15:39 <DIR> d-------- c:\program files\Maxtor

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-07 03:40 --------- d-----w c:\programdata\Symantec

2008-11-04 21:59 --------- d-----w c:\users\Charlie\AppData\Roaming\VSO

2008-10-31 01:46 --------- d-----w c:\program files\McAfee

2008-10-31 01:45 --------- d-----w c:\program files\Common Files\Symantec Shared

2008-10-29 12:42 --------- d-----w c:\users\Charlie\AppData\Roaming\Skype

2008-10-29 05:33 --------- d-----w c:\users\Charlie\AppData\Roaming\skypePM

2008-10-19 11:17 --------- d-----w c:\programdata\HPSSUPPLY

2008-10-19 07:04 --------- d-----w c:\program files\Acoustica CD Label Maker

2008-10-16 00:18 --------- d-----w c:\program files\Windows Mail

2008-10-15 05:10 --------- d--h--w c:\program files\InstallShield Installation Information

2008-10-07 01:22 --------- d-----w c:\program files\Spybot - Search & Destroy

2008-10-04 21:36 --------- d-----w c:\programdata\SiteAdvisor

2008-10-04 21:35 --------- d-----w c:\programdata\McAfee

2008-10-04 21:35 --------- d-----w c:\program files\Common Files\McAfee

2008-09-29 02:12 --------- d-----w c:\programdata\Kodak

2008-09-14 12:43 --------- d-----w c:\program files\Common Files\Adobe AIR

2008-09-14 12:42 --------- d-----w c:\program files\Common Files\Adobe

2008-08-20 08:37 2,560 ----a-w c:\windows\_MSRSTRT.EXE

2008-08-18 10:55 319,456 ----a-w c:\windows\DIFxAPI.dll

2008-08-18 10:55 315,392 ----a-w c:\windows\HideWin.exe

2008-08-03 10:23 262,144 ----a-w c:\programdata\ntuser.dat

2008-06-27 04:24 56 ---ha-w c:\users\All Users\ezsidmv.dat

2008-06-27 04:24 56 ---ha-w c:\programdata\ezsidmv.dat

2008-06-14 07:37 174 --sha-w c:\program files\desktop.ini

2008-06-12 09:45 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2008-06-12 09:45 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2008-06-12 09:45 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

.

 

((((((((((((((((((((((((((((( [email protected]_10.43.51.43 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-11-06 18:56:34 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2008-11-07 08:20:22 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2008-11-06 18:56:34 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2008-11-07 08:20:22 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2008-11-06 18:57:33 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-11-07 08:22:41 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-11-07 08:22:41 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1

- 2008-11-06 18:58:09 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-11-07 08:22:36 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-11-07 08:22:36 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

- 2008-11-06 23:58:56 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-11-07 08:38:25 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2008-11-06 23:58:56 65,536 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-11-07 08:38:25 65,536 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-11-06 23:58:56 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-11-07 08:38:25 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-11-07 07:16:05 5,910 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\34109D51568C2A00C6D0FD812651E8114B2584FA\34109D51568C2A00C6D0FD812651E8114B2584FA\Data.dat

+ 2008-11-07 08:32:49 5,790 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\6424794E152699BF6A60AE579F367DB9EFF60E99\6424794E152699BF6A60AE579F367DB9EFF60E99\Data.dat

+ 2008-11-07 07:16:59 5,728 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\98A86F6157A06665D311F30C39FE29ECD10B32F6\98A86F6157A06665D311F30C39FE29ECD10B32F6\Data.dat

+ 2008-11-07 07:11:02 6,158 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\CE5ABED1462D33837BA1ECBF1B7640A5D5D45911\CE5ABED1462D33837BA1ECBF1B7640A5D5D45911\Data.dat

+ 2008-11-07 07:29:50 6,072 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\F86F27D1C280924D45F2030FBC03AE134561E059\F86F27D1C280924D45F2030FBC03AE134561E059\Data.dat

- 2008-06-09 15:51:01 135,168 ----a-w c:\windows\System32\java.exe

+ 2008-11-07 08:26:12 144,792 ----a-w c:\windows\System32\java.exe

- 2008-06-09 15:51:04 135,168 ----a-w c:\windows\System32\javaw.exe

+ 2008-11-07 08:26:12 144,792 ----a-w c:\windows\System32\javaw.exe

- 2008-06-09 17:02:34 139,264 ----a-w c:\windows\System32\javaws.exe

+ 2008-11-07 08:26:12 148,888 ----a-w c:\windows\System32\javaws.exe

- 2008-11-06 19:01:32 105,448 ----a-w c:\windows\System32\perfc009.dat

+ 2008-11-07 08:25:21 105,448 ----a-w c:\windows\System32\perfc009.dat

- 2008-11-06 19:01:32 599,942 ----a-w c:\windows\System32\perfh009.dat

+ 2008-11-07 08:25:21 599,942 ----a-w c:\windows\System32\perfh009.dat

- 2008-11-06 18:58:31 8,622 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3299106393-3475166286-697493000-1000_UserData.bin

+ 2008-11-07 08:23:07 8,638 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3299106393-3475166286-697493000-1000_UserData.bin

- 2008-11-06 18:58:31 81,988 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2008-11-07 08:23:07 82,106 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2008-11-06 18:58:30 46,642 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2008-11-07 08:23:05 46,642 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-19 65536]

"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-09 65536]

"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]

"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-12-22 67752]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 81920]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-22 13539872]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-22 92704]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-07 136600]

"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 c:\windows\RtHDVCpl.exe]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3codecp"= l3codecp.acm

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000001

"InternetSettingsDisableNotify"=dword:00000001

"AutoUpdateDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{9114E626-A50A-4CAC-9720-4C9670A0090C}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector

"{876E3634-B7A8-464C-ACEF-3785FBEF74C7}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{DA4D75CD-B458-46AB-A6FF-A567A5509E81}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe

"{6D4A789E-0E70-40C2-A4C3-A7EFE071C520}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe

"{39FD184D-A111-419A-929C-567FEDE27029}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe

"{054DFADA-3C1A-4DA2-BECB-012C83DE0538}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe

"{61010454-CBBC-4326-A626-3A2917DE8000}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe

"{05BE9E99-2F0A-4F44-9A76-35EDC29ADD65}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe

"{7CD504E4-93AF-417D-B14F-8E15EB9011EB}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe

"{9CF41B4A-FDE1-47DA-8DA0-547BE6C36D63}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe

"{624C6A7C-1144-44BD-A090-D077D708C065}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe

"{766C8848-344E-42CA-AC52-8B219EE30C7A}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe

"{FC4FE70A-3846-4582-9BD9-EA9576DAD380}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe

"{A4F30294-8B1C-4E6B-8D49-FF988BC04BA0}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe

"{2EF6AD83-2743-42A4-9EF1-32235F7DC4DA}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe

"{A4CCB681-1CF2-4286-832D-1D20DE0E8EBB}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe

"{907198B2-B2E9-4342-8A3D-EE8110F81B85}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe

"{4EAE6B4E-37D7-4CC5-B0ED-D9C123F4F8BE}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe

"{7C388FBB-96B2-43F6-9DEA-BA0DB37FC0D2}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe

"{F85CDD18-4084-4A5D-8AA0-E07472F6939C}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe

"{9DB14414-94A5-4096-9156-579DC08AA371}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe

"{74AD7B4A-2D51-4E14-A4F0-ABAE6718FC9D}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe

"{88C77A7D-F76C-4DE7-AD9E-B54BFD3EEDEB}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server

"{0BD3607E-48AD-492B-936A-92ADA12B946C}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server

"{CA349CDA-F4B4-4C8F-B62E-E35D976363AA}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{69C487EA-46B2-4EC7-90E8-93B42F2D119D}"= c:\program files\Skype\Phone\Skype.exe:Skype

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20081106.001\IDSvix86.sys [2008-09-12 270384]

R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]

R2 Maxtor Sync Service;Maxtor Service;c:\program files\Maxtor\Sync\SyncServices.exe [2008-07-21 193888]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-10-08 203280]

R3 SYMNDISV;SYMNDISV;c:\windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 41008]

S3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]

S3 GameConsoleService;GameConsoleService;c:\program files\HP Games\My HP Game Console\GameConsoleService.exe [2007-07-24 181800]

S4 nvrd32;NVIDIA nForce RAID Driver;c:\windows\system32\drivers\nvrd32.sys [2007-12-08 131616]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

 

*Newly Created Service* - COMHOST

.

Contents of the 'Scheduled Tasks' folder

 

2008-11-03 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Charlie.job

- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-26 21:49]

 

2008-11-07 c:\windows\Tasks\User_Feed_Synchronization-{F9317237-BD81-4915-97EC-9D09B3520DF1}.job

- c:\windows\system32\msfeedssync.exe [2008-01-19 18:03]

.

- - - - ORPHANS REMOVED - - - -

 

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)

 

 

.

------- Supplementary Scan -------

.

R0 -: HKCU-Main,Start Page = hxxp://www.google.com.au/

R0 -: HKLM-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=81&bd=Presario&pf=desktop

O8 -: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-07 19:12:59

Windows 6.0.6001 Service Pack 1 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: c:\windows\Explorer.exe

-> c:\program files\McAfee\SiteAdvisor\saHook.dll

.

Completion time: 2008-11-07 19:14:20

ComboFix-quarantined-files.txt 2008-11-07 08:44:15

ComboFix2.txt 2008-11-07 00:14:48

 

Pre-Run: 183,987,859,456 bytes free

Post-Run: 183,957,852,160 bytes free

 

241 --- E O F --- 2008-11-06 19:04:41

Share this post


Link to post
Share on other sites

Hey charlie2,

 

It's strange that the entry keeps coming back, seems like there is more to what I am seeing here. We'll need to do deeper scans. Please be patient with me. :)

 

1) Run CFScript

 

1. Please open Notepad

  • Click Start , then Run
  • Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

 

KillAll:

 

Registry::

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

R0 -: HKLM-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=81&bd=Presario&pf=desktop

 

3. Save the above as CFScript.txt

 

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

 

CFScriptB-4.gif

 

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

  • Combofix.txt
  • A new HijackThis log.

2) Run Runscanner

 

Please download Runscanner to your desktop and run it.

  • When the first page comes up select Beginner Mode
  • On the next page select Save a binary .Run file (Recommended) then click Start full scan at the top.
  • At this time Runscanner.exe may request access to the Internet through your firewall please allow it to do so, it will then run for two or three minutes.
  • On completion it will ask for a location to save the file and a name. It will do this for both the .run file and the log file
  • Call the .run file "Select a name" and save it to your desktop. You will see the .run file on your desktop. Upload that file here.

3) Run F-Secure Blacklight

 

Please download F-Secure Blacklight (fsbl.exe) and save to your C:\ drive.

  • Open a command window by going to Start > Run and typing: cmd
  • Copy/paste or type the following in the command window: C:\fsbl.exe /expert
  • Hit "Enter" to start the program and then close the cmd box.
  • Accept the user agreement and click "Next".
  • Click "Scan".
  • After the scan is complete, click "Next", then "Exit".
  • BlackLight will create a log in C:\ drive named "fsbl-xxxxxxx.log" (the xxxxxxx will be the date and time of the scan).
  • The log will have a list of all items found. Do not choose to rename any yet!
    I want to see the log first because legitimate items can also be present...like "wbemtest.exe" and "tcptest.exe.
  • Exit Blacklight and post the contents of the log in your next reply.

Next reply (please include):

 

Note: Please do NOT attach the logs and post ONE log in each post

 

Fresh HijackThis log

Combofix.txt

Runscanner log

F-Secure Blacklight log

Share this post


Link to post
Share on other sites

ComboFix 08-11-07.01 - Charlie 2008-11-08 20:28:24.3 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1058 [GMT 10.5:30]

Running from: c:\users\Charlie\Desktop\ComboFix.exe

Command switches used :: c:\users\Charlie\Desktop\CFScript.txt

* Created a new restore point

.

 

((((((((((((((((((((((((( Files Created from 2008-10-08 to 2008-11-08 )))))))))))))))))))))))))))))))

.

 

2008-11-07 18:56 . 2008-11-07 18:56 <DIR> d-------- c:\program files\Java

2008-11-07 18:56 . 2008-11-07 18:56 410,976 --a------ c:\windows\System32\deploytk.dll

2008-11-07 17:50 . 2008-11-07 17:50 <DIR> d-------- c:\users\Charlie\AppData\Roaming\Malwarebytes

2008-11-07 17:50 . 2008-11-07 17:50 <DIR> d-------- c:\users\All Users\Malwarebytes

2008-11-07 17:50 . 2008-11-07 17:50 <DIR> d-------- c:\programdata\Malwarebytes

2008-11-07 17:50 . 2008-11-07 17:50 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2008-11-07 17:50 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys

2008-11-07 17:50 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys

2008-11-06 18:21 . 2008-11-06 18:21 <DIR> d-------- C:\rsit

2008-11-05 05:24 . 2008-10-17 07:43 1,809,944 --a------ c:\windows\System32\wuaueng.dll

2008-11-05 05:24 . 2008-10-17 07:26 1,524,736 --a------ c:\windows\System32\wucltux.dll

2008-11-05 05:24 . 2008-10-17 07:39 51,224 --a------ c:\windows\System32\wuauclt.exe

2008-11-05 05:24 . 2008-10-17 07:39 43,544 --a------ c:\windows\System32\wups2.dll

2008-11-05 05:23 . 2008-10-17 07:42 561,688 --a------ c:\windows\System32\wuapi.dll

2008-11-05 05:23 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll

2008-11-05 05:23 . 2008-10-17 07:25 83,456 --a------ c:\windows\System32\wudriver.dll

2008-11-05 05:23 . 2008-10-17 07:38 34,328 --a------ c:\windows\System32\wups.dll

2008-11-05 05:23 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe

2008-10-29 07:17 . 2008-09-18 15:26 147,456 --a------ c:\windows\System32\Faultrep.dll

2008-10-29 07:17 . 2008-09-18 15:26 125,952 --a------ c:\windows\System32\wersvc.dll

2008-10-29 06:06 . 2008-08-12 14:09 443,392 --a------ c:\windows\System32\win32spl.dll

2008-10-24 08:41 . 2008-10-17 05:55 143,993 --------- c:\windows\hpoins16.dat.temp

2008-10-24 08:41 . 2007-08-13 14:18 5,279 --------- c:\windows\hpomdl16.dat.temp

2008-10-21 20:26 . 2008-10-21 20:53 <DIR> d-------- c:\users\Charlie\AppData\Roaming\muvee Technologies

2008-10-21 20:26 . 2008-10-21 20:26 <DIR> d-------- c:\users\All Users\TEMP

2008-10-21 20:26 . 2008-10-21 20:26 <DIR> d-------- c:\programdata\TEMP

2008-10-16 10:38 . 2008-07-31 11:43 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll

2008-10-16 10:38 . 2008-08-05 20:19 428,544 --a------ c:\windows\System32\EncDec.dll

2008-10-16 10:38 . 2008-08-05 20:19 293,376 --a------ c:\windows\System32\psisdecd.dll

2008-10-16 10:38 . 2008-08-05 20:18 217,088 --a------ c:\windows\System32\psisrndr.ax

2008-10-16 10:38 . 2008-08-05 20:18 177,664 --a------ c:\windows\System32\mpg2splt.ax

2008-10-16 10:38 . 2008-08-05 20:18 80,896 --a------ c:\windows\System32\MSNP.ax

2008-10-16 10:38 . 2008-07-31 14:02 28,160 --a------ c:\windows\System32\Apphlpdm.dll

2008-10-16 09:05 . 2008-09-18 15:39 3,601,464 --a------ c:\windows\System32\ntkrnlpa.exe

2008-10-16 09:05 . 2008-09-18 15:39 3,549,240 --a------ c:\windows\System32\ntoskrnl.exe

2008-10-16 09:05 . 2008-09-18 12:46 2,032,640 --a------ c:\windows\System32\win32k.sys

2008-10-16 09:05 . 2008-08-27 11:36 288,768 --a------ c:\windows\System32\drivers\srv.sys

2008-10-16 09:04 . 2008-10-02 12:02 1,383,424 --a------ c:\windows\System32\mshtml.tlb

2008-10-16 09:04 . 2008-10-02 14:19 827,392 --a------ c:\windows\System32\wininet.dll

2008-10-15 15:39 . 2008-10-15 15:39 <DIR> d-------- c:\program files\Maxtor

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-08 09:31 --------- d-----w c:\users\Charlie\AppData\Roaming\Skype

2008-11-08 09:02 --------- d-----w c:\users\Charlie\AppData\Roaming\skypePM

2008-11-08 07:57 --------- d-----w c:\program files\Spybot - Search & Destroy

2008-11-08 04:43 --------- d-----w c:\programdata\Symantec

2008-11-04 21:59 --------- d-----w c:\users\Charlie\AppData\Roaming\VSO

2008-10-31 01:46 --------- d-----w c:\program files\McAfee

2008-10-31 01:45 --------- d-----w c:\program files\Common Files\Symantec Shared

2008-10-19 11:17 --------- d-----w c:\programdata\HPSSUPPLY

2008-10-19 07:04 --------- d-----w c:\program files\Acoustica CD Label Maker

2008-10-16 00:18 --------- d-----w c:\program files\Windows Mail

2008-10-15 05:10 --------- d--h--w c:\program files\InstallShield Installation Information

2008-10-04 21:36 --------- d-----w c:\programdata\SiteAdvisor

2008-10-04 21:35 --------- d-----w c:\programdata\McAfee

2008-10-04 21:35 --------- d-----w c:\program files\Common Files\McAfee

2008-09-29 02:12 --------- d-----w c:\programdata\Kodak

2008-09-14 12:43 --------- d-----w c:\program files\Common Files\Adobe AIR

2008-09-14 12:42 --------- d-----w c:\program files\Common Files\Adobe

2008-08-20 08:37 2,560 ----a-w c:\windows\_MSRSTRT.EXE

2008-08-18 10:55 319,456 ----a-w c:\windows\DIFxAPI.dll

2008-08-18 10:55 315,392 ----a-w c:\windows\HideWin.exe

2008-08-03 10:23 262,144 ----a-w c:\programdata\ntuser.dat

2008-06-27 04:24 56 ---ha-w c:\users\All Users\ezsidmv.dat

2008-06-27 04:24 56 ---ha-w c:\programdata\ezsidmv.dat

2008-06-14 07:37 174 --sha-w c:\program files\desktop.ini

2008-06-12 09:45 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2008-06-12 09:45 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2008-06-12 09:45 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

.

 

((((((((((((((((((((((((((((( snapshot_2008-11-07_19.13.24.89 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-11-07 08:22:41 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-11-08 10:02:57 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-11-08 10:02:57 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1

- 2008-11-07 08:22:36 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-11-08 10:02:57 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-11-08 10:02:57 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

- 2008-11-07 08:38:25 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-11-08 10:00:25 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2008-11-07 08:38:25 65,536 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-11-08 10:00:25 65,536 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-11-07 08:38:25 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-11-08 10:00:25 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-11-07 07:16:05 5,910 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\34109D51568C2A00C6D0FD812651E8114B2584FA\34109D51568C2A00C6D0FD812651E8114B2584FA\Data.dat

+ 2008-11-08 08:33:23 5,910 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\34109D51568C2A00C6D0FD812651E8114B2584FA\34109D51568C2A00C6D0FD812651E8114B2584FA\Data.dat

+ 2008-11-08 09:34:19 4,862 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\54261A5E7866045FBF90D783E5D5464B18D76A76\54261A5E7866045FBF90D783E5D5464B18D76A76\Data.dat

- 2008-11-07 08:32:49 5,790 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\6424794E152699BF6A60AE579F367DB9EFF60E99\6424794E152699BF6A60AE579F367DB9EFF60E99\Data.dat

+ 2008-11-08 09:36:32 5,794 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\6424794E152699BF6A60AE579F367DB9EFF60E99\6424794E152699BF6A60AE579F367DB9EFF60E99\Data.dat

+ 2008-11-08 09:18:25 5,084 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\6446554B6C234D6440FDD37B842B7171C0A0E935\6446554B6C234D6440FDD37B842B7171C0A0E935\Data.dat

+ 2008-11-08 09:20:35 5,202 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\85A34F0987118E0A56CFBCB125369C26C25E3A4A\85A34F0987118E0A56CFBCB125369C26C25E3A4A\Data.dat

+ 2008-11-08 08:33:29 3,384 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\C24788328F3516DD5B0BE283325CDAAAE830DA17\C24788328F3516DD5B0BE283325CDAAAE830DA17\Data.dat

+ 2008-11-08 09:19:31 5,714 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\C39CBFB939163872F6FCC779F5D069EE95E92114\C39CBFB939163872F6FCC779F5D069EE95E92114\Data.dat

+ 2008-11-08 09:21:15 5,700 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\C7AAE102DCAF37896B5ABA3F38F7326F239C60E3\C7AAE102DCAF37896B5ABA3F38F7326F239C60E3\Data.dat

+ 2008-11-08 08:34:04 4,918 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\C834E0684F12E9770E1BB4F249CFD38DC277BF8A\C834E0684F12E9770E1BB4F249CFD38DC277BF8A\Data.dat

+ 2008-11-08 09:16:09 5,686 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\E0FBE1A270B33EF4FBBC18F772B9C2A31DE95517\E0FBE1A270B33EF4FBBC18F772B9C2A31DE95517\Data.dat

- 2008-11-07 00:09:15 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat

+ 2008-11-08 09:57:58 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat

+ 2008-11-08 09:57:58 262,144 ---ha-w c:\windows\System32\config\systemprofile\ntuser.dat.LOG1

- 2008-11-07 08:25:21 105,448 ----a-w c:\windows\System32\perfc009.dat

+ 2008-11-08 09:41:25 105,448 ----a-w c:\windows\System32\perfc009.dat

- 2008-11-07 08:25:21 599,942 ----a-w c:\windows\System32\perfh009.dat

+ 2008-11-08 09:41:25 599,942 ----a-w c:\windows\System32\perfh009.dat

- 2008-11-07 08:23:07 8,638 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3299106393-3475166286-697493000-1000_UserData.bin

+ 2008-11-08 05:24:53 8,638 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3299106393-3475166286-697493000-1000_UserData.bin

- 2008-11-07 08:23:07 82,106 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2008-11-08 05:24:53 82,106 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2008-11-07 08:23:05 46,642 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2008-11-08 05:24:52 46,988 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-19 65536]

"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-09 65536]

"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]

"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-12-22 67752]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 81920]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-22 13539872]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-22 92704]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-07 136600]

"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 c:\windows\RtHDVCpl.exe]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3codecp"= l3codecp.acm

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000001

"InternetSettingsDisableNotify"=dword:00000001

"AutoUpdateDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{9114E626-A50A-4CAC-9720-4C9670A0090C}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector

"{876E3634-B7A8-464C-ACEF-3785FBEF74C7}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{DA4D75CD-B458-46AB-A6FF-A567A5509E81}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe

"{6D4A789E-0E70-40C2-A4C3-A7EFE071C520}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe

"{39FD184D-A111-419A-929C-567FEDE27029}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe

"{054DFADA-3C1A-4DA2-BECB-012C83DE0538}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe

"{61010454-CBBC-4326-A626-3A2917DE8000}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe

"{05BE9E99-2F0A-4F44-9A76-35EDC29ADD65}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe

"{7CD504E4-93AF-417D-B14F-8E15EB9011EB}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe

"{9CF41B4A-FDE1-47DA-8DA0-547BE6C36D63}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe

"{624C6A7C-1144-44BD-A090-D077D708C065}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe

"{766C8848-344E-42CA-AC52-8B219EE30C7A}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe

"{FC4FE70A-3846-4582-9BD9-EA9576DAD380}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe

"{A4F30294-8B1C-4E6B-8D49-FF988BC04BA0}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe

"{2EF6AD83-2743-42A4-9EF1-32235F7DC4DA}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe

"{A4CCB681-1CF2-4286-832D-1D20DE0E8EBB}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe

"{907198B2-B2E9-4342-8A3D-EE8110F81B85}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe

"{4EAE6B4E-37D7-4CC5-B0ED-D9C123F4F8BE}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe

"{7C388FBB-96B2-43F6-9DEA-BA0DB37FC0D2}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe

"{F85CDD18-4084-4A5D-8AA0-E07472F6939C}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe

"{9DB14414-94A5-4096-9156-579DC08AA371}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe

"{74AD7B4A-2D51-4E14-A4F0-ABAE6718FC9D}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe

"{88C77A7D-F76C-4DE7-AD9E-B54BFD3EEDEB}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server

"{0BD3607E-48AD-492B-936A-92ADA12B946C}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server

"{CA349CDA-F4B4-4C8F-B62E-E35D976363AA}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{69C487EA-46B2-4EC7-90E8-93B42F2D119D}"= c:\program files\Skype\Phone\Skype.exe:Skype

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20081108.003\IDSvix86.sys [2008-09-12 270384]

R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]

R2 Maxtor Sync Service;Maxtor Service;c:\program files\Maxtor\Sync\SyncServices.exe [2008-07-21 193888]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-10-08 203280]

R3 SYMNDISV;SYMNDISV;c:\windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 41008]

S3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]

S3 GameConsoleService;GameConsoleService;c:\program files\HP Games\My HP Game Console\GameConsoleService.exe [2007-07-24 181800]

S4 nvrd32;NVIDIA nForce RAID Driver;c:\windows\system32\drivers\nvrd32.sys [2007-12-08 131616]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

 

*Newly Created Service* - COMHOST

.

Contents of the 'Scheduled Tasks' folder

 

2008-11-03 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Charlie.job

- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-26 21:49]

 

2008-11-08 c:\windows\Tasks\User_Feed_Synchronization-{F9317237-BD81-4915-97EC-9D09B3520DF1}.job

- c:\windows\system32\msfeedssync.exe [2008-01-19 18:03]

.

- - - - ORPHANS REMOVED - - - -

 

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)

 

 

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-08 20:33:03

Windows 6.0.6001 Service Pack 1 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

 

c:\program files\Common Files\Symantec Shared\SPBBC\2008-11-08-74f3.kc 292404 bytes

 

scan completed successfully

hidden files: 1

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: c:\windows\Explorer.exe

-> c:\program files\McAfee\SiteAdvisor\saHook.dll

-> ?:\windows\system32\NSI.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\System32\nvvsvc.exe

c:\windows\System32\audiodg.exe

c:\windows\System32\rundll32.exe

c:\program files\Lavasoft\Ad-Aware\aawservice.exe

c:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\windows\System32\rundll32.exe

c:\windows\System32\drivers\XAudio.exe

c:\windows\System32\WUDFHost.exe

c:\windows\System32\rundll32.exe

c:\windows\ehome\ehmsas.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\HP\Digital Imaging\bin\hpqste08.exe

c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe

c:\hp\KBD\kbd.exe

c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe

c:\windows\System32\wbem\WMIADAP.exe

c:\windows\System32\dllhost.exe

.

**************************************************************************

.

Completion time: 2008-11-08 20:37:49 - machine was rebooted

ComboFix-quarantined-files.txt 2008-11-08 10:07:42

ComboFix2.txt 2008-11-07 08:44:21

ComboFix3.txt 2008-11-07 00:14:48

 

Pre-Run: 184,478,097,408 bytes free

Post-Run: 184,710,328,320 bytes free

 

262 --- E O F --- 2008-11-07 19:23:52

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0