Skip to main content

HTTP FAKE SCAN WEBPAGE

Comments

59 comments

  • Customer

    Hey charlie2,

     

    Welcome to Lavasoft Support Forum! I'm Ltangelic and I'll be helping you fix your computer problem. Sorry for the long wait, we have very limited number of staff here, and it can take a while before someone replies to your thread. Thanks for your patience in waiting.

     

    Your logs don't look very bad, we'll need to do deeper scans.

     

    Please follow my instructions in the order they were given, and print out a copy of it as you may not have access to the forums during the fix.

     

    1) Fix entries with HijackThis

     

    Please re-open HijackThis and Do a System Scan Only. Check the boxes next to all the entries listed below.

     

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

     

    Now close all windows other than HijackThis, then click Fix Checked. Close HijackThis.

     

    2) Run RSIT

    • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.

    • Double click on RSIT.exe to run RSIT.

    • Click Continue at the disclaimer screen.

    • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

    Next reply (please include):

     

    Note: Please do NOT attach the logs and post ONE log in each post

     

    RSIT logs (log.txt and info.txt)


     

    Sorry for taking so long to respond, been away sick.

     

    When I done another hjt scan, the 2 redirect items you told me to tick and fix came up with a different url, not sure whether I should remove them, so heres another hjt log, Can you advise whether, even though theres only a slight difference in the url whether I should remove them, thanks.

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 4:46:18 AM, on 6/11/2008

    Platform: Windows Vista SP1 (WinNT 6.00.1905)

    MSIE: Internet Explorer v7.00 (7.00.6001.18000)

    Boot mode: Normal

     

    Running processes:

    C:\Windows\system32\taskeng.exe

    C:\Windows\system32\Dwm.exe

    C:\Windows\Explorer.EXE

    C:\Program Files\Windows Defender\MSASCui.exe

    C:\WINDOWS\RtHDVCpl.exe

    C:\hp\support\hpsysdrv.exe

    C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

    C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe

    c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    C:\WINDOWS\System32\rundll32.exe

    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

    C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe

    C:\WINDOWS\ehome\ehtray.exe

    C:\Program Files\Windows Media Player\wmpnscfg.exe

    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

    C:\Windows\ehome\ehmsas.exe

    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

    C:\hp\kbd\kbd.exe

    C:\Program Files\Internet Explorer\ieuser.exe

    C:\Windows\System32\mobsync.exe

    C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe

    C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

    C:\Users\Charlie\Desktop\HiJackThis.exe

     

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    O1 - Hosts: ::1 localhost

    O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll

    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

    O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe

    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE

    O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"

    O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

    O4 - HKLM\..\Run: [sunJavaUpdateReg] "C:\Windows\system32\jureg.exe" -delete

    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"

    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"

    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll

    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

    O13 - Gopher Prefix:

    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

    O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

    O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

    O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe

    O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

     

    --

    End of file - 8575 bytes

    0
  • Customer

    Hey charlie2,

     

    Welcome to Lavasoft Support Forum! I'm Ltangelic and I'll be helping you fix your computer problem. Sorry for the long wait, we have very limited number of staff here, and it can take a while before someone replies to your thread. Thanks for your patience in waiting.

     

    Your logs don't look very bad, we'll need to do deeper scans.

     

    Please follow my instructions in the order they were given, and print out a copy of it as you may not have access to the forums during the fix.

     

    1) Fix entries with HijackThis

     

    Please re-open HijackThis and Do a System Scan Only. Check the boxes next to all the entries listed below.

     

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

     

    Now close all windows other than HijackThis, then click Fix Checked. Close HijackThis.

     

    2) Run RSIT


    • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.


    • Double click on RSIT.exe to run RSIT.


    • Click Continue at the disclaimer screen.


    • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)



    Next reply (please include):

     

    Note: Please do NOT attach the logs and post ONE log in each post

     

    RSIT logs (log.txt and info.txt)

    0
  • Customer

    Hey charlie2,

     

    Yes, please go on to fix the entries, then do a RSIT scan and post the logs on here.


     

     

    Logfile of random's system information tool 1.04 (written by random/random)

    Run by Charlie at 2008-11-06 18:21:14

    Microsoft® Windows Vista™ Home Premium Service Pack 1

    System drive C: has 175 GB (59%) free of 295 GB

    Total RAM: 1918 MB (47% free)

     

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 6:21:30 PM, on 6/11/2008

    Platform: Windows Vista SP1 (WinNT 6.00.1905)

    MSIE: Internet Explorer v7.00 (7.00.6001.18000)

    Boot mode: Normal

     

    Running processes:

    C:\Windows\system32\taskeng.exe

    C:\Windows\system32\Dwm.exe

    C:\Windows\Explorer.EXE

    C:\Program Files\Windows Defender\MSASCui.exe

    C:\WINDOWS\RtHDVCpl.exe

    C:\hp\support\hpsysdrv.exe

    C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

    C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe

    c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    C:\WINDOWS\System32\rundll32.exe

    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

    C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe

    C:\WINDOWS\ehome\ehtray.exe

    C:\Program Files\Windows Media Player\wmpnscfg.exe

    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

    C:\Windows\ehome\ehmsas.exe

    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

    C:\hp\kbd\kbd.exe

    C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe

    C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe

    C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe

    C:\Windows\system32\msfeedssync.exe

    C:\Users\Charlie\Desktop\HiJackThis.exe

    C:\Users\Charlie\Desktop\RSIT.exe

    C:\Windows\system32\SearchFilterHost.exe

    C:\Users\Charlie\Desktop\Charlie.exe

     

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    O1 - Hosts: ::1 localhost

    O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll

    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

    O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe

    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE

    O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"

    O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

    O4 - HKLM\..\Run: [sunJavaUpdateReg] "C:\Windows\system32\jureg.exe" -delete

    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"

    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"

    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

    O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil9c.exe

    O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll

    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

    O13 - Gopher Prefix:

    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

    O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

    O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

    O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe

    O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

     

    --

    End of file - 9014 bytes

     

    ======Scheduled tasks folder======

     

    C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Charlie.job

    C:\Windows\tasks\User_Feed_Synchronization-{F9317237-BD81-4915-97EC-9D09B3520DF1}.job

     

    ======Registry dump======

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}]

    SnagIt Toolbar Loader - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll [2006-11-08 63048]

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

    Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]

    Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-06-03 1404928]

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

    c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll [2007-08-25 316784]

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]

    Symantec Intrusion Prevention - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [2008-06-09 116088]

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

    SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

    Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]

    McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-30 145424]

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

    {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Show Norton Toolbar - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-25 316784]

    {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - SnagIt - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll [2006-11-08 157256]

    {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-30 145424]

     

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

    "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]

    "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-07-03 6266880]

    "hpsysdrv"=c:\hp\support\hpsysdrv.exe [2007-04-19 65536]

    "KBD"=C:\HP\KBD\KbdStub.EXE [2006-12-09 65536]

    "OsdMaestro"=C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2007-02-15 118784]

    "HP Health Check Scheduler"=[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe []

    "SunJavaUpdateReg"=C:\Windows\system32\jureg.exe [2007-04-07 54936]

    "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]

    "ccApp"=c:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-10-17 51048]

    ""= []

    "Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe [2006-12-22 67752]

    "hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-06-02 81920]

    "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-05-22 13539872]

    "NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-05-22 92704]

    "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

    "mxomssmenu"=C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe [2008-07-21 169312]

     

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

    "Power2GoExpress"= []

    "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]

    "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

     

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]

    "FlashPlayerUpdate"=C:\Windows\system32\Macromed\Flash\FlashUtil9c.exe [2007-03-30 190696]

     

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

     

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

     

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

     

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

    "dontdisplaylastusername"=0

    "legalnoticecaption"=

    "legalnoticetext"=

    "shutdownwithoutlogon"=1

    "undockwithoutlogon"=1

    "EnableUIADesktopToggle"=0

     

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

     

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

     

    ======List of files/folders created in the last 1 months======

     

    2008-11-06 18:21:14 ----D---- C:\rsit

    2008-11-05 05:24:19 ----A---- C:\Windows\system32\wups2.dll

    2008-11-05 05:24:19 ----A---- C:\Windows\system32\wucltux.dll

    2008-11-05 05:24:19 ----A---- C:\Windows\system32\wuaueng.dll

    2008-11-05 05:24:19 ----A---- C:\Windows\system32\wuauclt.exe

    2008-11-05 05:23:59 ----A---- C:\Windows\system32\wups.dll

    2008-11-05 05:23:59 ----A---- C:\Windows\system32\wudriver.dll

    2008-11-05 05:23:57 ----A---- C:\Windows\system32\wuapi.dll

    2008-11-05 05:23:52 ----A---- C:\Windows\system32\wuwebv.dll

    2008-11-05 05:23:52 ----A---- C:\Windows\system32\wuapp.exe

    2008-10-29 07:17:00 ----A---- C:\Windows\system32\wersvc.dll

    2008-10-29 07:17:00 ----A---- C:\Windows\system32\Faultrep.dll

    2008-10-29 06:06:36 ----A---- C:\Windows\system32\win32spl.dll

    2008-10-24 05:35:47 ----A---- C:\Windows\system32\netapi32.dll

    2008-10-21 20:26:47 ----D---- C:\Users\Charlie\AppData\Roaming\muvee Technologies

    2008-10-21 20:26:13 ----D---- C:\ProgramData\TEMP

    2008-10-16 10:38:09 ----A---- C:\Windows\system32\Apphlpdm.dll

    2008-10-16 10:38:08 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll

    2008-10-16 10:38:04 ----A---- C:\Windows\system32\EncDec.dll

    2008-10-16 10:38:02 ----A---- C:\Windows\system32\psisdecd.dll

    2008-10-16 09:05:01 ----A---- C:\Windows\system32\ntoskrnl.exe

    2008-10-16 09:05:01 ----A---- C:\Windows\system32\ntkrnlpa.exe

    2008-10-16 09:04:57 ----A---- C:\Windows\system32\mshtml.dll

    2008-10-16 09:04:57 ----A---- C:\Windows\system32\ieframe.dll

    2008-10-16 09:04:56 ----A---- C:\Windows\system32\wininet.dll

    2008-10-16 09:04:56 ----A---- C:\Windows\system32\urlmon.dll

    2008-10-16 09:04:56 ----A---- C:\Windows\system32\iertutil.dll

    2008-10-16 09:04:55 ----A---- C:\Windows\system32\mstime.dll

    2008-10-16 09:04:54 ----A---- C:\Windows\system32\jsproxy.dll

    2008-10-15 15:39:17 ----D---- C:\Program Files\Maxtor

     

    ======List of files/folders modified in the last 1 months======

     

    2008-11-06 18:21:30 ----D---- C:\Windows\Prefetch

    2008-11-06 18:21:22 ----D---- C:\Windows\Temp

    2008-11-06 16:02:43 ----D---- C:\ProgramData\Symantec

    2008-11-06 07:16:47 ----SHD---- C:\System Volume Information

    2008-11-06 04:35:05 ----D---- C:\Windows\System32

    2008-11-06 04:35:05 ----D---- C:\Windows\inf

    2008-11-06 04:35:05 ----A---- C:\Windows\system32\PerfStringBackup.INI

    2008-11-06 03:46:55 ----D---- C:\Windows\rescache

    2008-11-06 03:40:59 ----D---- C:\Windows\winsxs

    2008-11-06 03:30:55 ----D---- C:\Windows\system32\catroot

    2008-11-06 03:30:10 ----D---- C:\Windows\system32\en-US

    2008-11-05 08:29:15 ----D---- C:\Users\Charlie\AppData\Roaming\VSO

    2008-11-05 05:23:52 ----D---- C:\Windows\system32\catroot2

    2008-10-31 12:16:21 ----D---- C:\Program Files\McAfee

    2008-10-31 12:15:51 ----D---- C:\Program Files\Common Files\Symantec Shared

    2008-10-29 23:12:54 ----D---- C:\Users\Charlie\AppData\Roaming\Skype

    2008-10-29 16:03:00 ----D---- C:\Users\Charlie\AppData\Roaming\skypePM

    2008-10-24 08:41:42 ----D---- C:\WINDOWS

    2008-10-24 08:41:34 ----SHD---- C:\Windows\Installer

    2008-10-21 20:26:13 ----HD---- C:\ProgramData

    2008-10-19 21:47:32 ----D---- C:\ProgramData\HPSSUPPLY

    2008-10-19 17:34:49 ----D---- C:\Program Files\Acoustica CD Label Maker

    2008-10-16 11:14:48 ----D---- C:\Windows\Microsoft.NET

    2008-10-16 11:14:26 ----RSD---- C:\Windows\assembly

    2008-10-16 10:48:37 ----D---- C:\Windows\ehome

    2008-10-16 10:48:37 ----D---- C:\Windows\AppPatch

    2008-10-16 10:48:37 ----D---- C:\Program Files\Windows Mail

    2008-10-16 10:48:36 ----D---- C:\Windows\system32\drivers

    2008-10-16 10:48:35 ----D---- C:\Windows\system32\migration

    2008-10-15 15:40:26 ----HD---- C:\Program Files\InstallShield Installation Information

    2008-10-15 15:39:17 ----RD---- C:\Program Files

    2008-10-15 15:35:22 ----D---- C:\Windows\Downloaded Installations

    2008-10-09 19:32:48 ----A---- C:\Windows\win.ini

    2008-10-08 05:49:40 ----A---- C:\Windows\system32\mrt.exe

    2008-10-07 11:52:15 ----D---- C:\Program Files\Spybot - Search & Destroy

     

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

     

    R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2008-09-02 371248]

    R1 IDSvix86;Symantec Intrusion Prevention Driver; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20081104.005\IDSvix86.sys [2008-09-12 270384]

    R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [2008-09-05 447024]

    R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2007-12-01 43696]

    R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys [2008-06-13 24112]

    R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2008-06-13 184240]

    R2 CO_Mon;CO_Mon; \??\C:\Windows\system32\drivers\CO_Mon.sys [2007-08-08 36056]

    R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-20 12672]

    R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]

    R3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]

    R3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]

    R3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]

    R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-02 99376]

    R3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\HSX_DP.sys [2008-05-08 980992]

    R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2008-05-08 266752]

    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-07-03 2152088]

    R3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20081105.039\NAVENG.SYS [2008-08-22 89104]

    R3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20081105.039\NAVEX15.SYS [2008-08-22 873552]

    R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-11-18 1040544]

    R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-05-22 7465312]

    R3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-13 19072]

    R3 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2007-12-01 279088]

    R3 SYMDNS;SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [2008-06-13 13616]

    R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2008-06-09 123952]

    R3 SYMFW;SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [2008-06-13 96432]

    R3 SYMNDISV;SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [2008-06-13 41008]

    R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2008-06-13 22320]

    R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-05-08 661504]

    R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

    S3 COH_Mon;COH_Mon; \??\C:\Windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]

    S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]

    S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]

    S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]

    S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]

    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]

    S3 MXOPSWD;Maxtor OneTouch Security Driver; C:\Windows\system32\DRIVERS\mxopswd.sys [2007-05-03 22152]

    S3 PcdrNdisuio;PCDRNDISUIO Usermode I/O Protocol; C:\Windows\system32\DRIVERS\pcdrndisuio.sys []

    S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2007-12-01 317616]

    S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []

    S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]

    S4 nvrd32;NVIDIA nForce RAID Driver; C:\Windows\system32\drivers\nvrd32.sys [2007-12-08 131616]

    S4 nvsmu;nvsmu; C:\Windows\system32\drivers\nvsmu.sys [2007-10-13 13312]

    S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

     

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

     

    R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-02 611664]

    R2 AdobeActiveFileMonitor5.0;Adobe Active File Monitor V5; C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [2006-12-22 108712]

    R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2007-08-31 243064]

    R2 ccEvtMgr;Symantec Event Manager; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]

    R2 ccSetMgr;Symantec Settings Manager; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]

    R2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]

    R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-09-20 65536]

    R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-19 21504]

    R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-11-20 79136]

    R2 LiveUpdate Notice;LiveUpdate Notice; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]

    R2 Maxtor Sync Service;Maxtor Service; C:\Program Files\Maxtor\Sync\SyncServices.exe [2008-07-21 193888]

    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-10-08 203280]

    R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]

    R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-05-22 118784]

    R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]

    R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]

    R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]

    R3 Symantec Core LC;Symantec Core LC; C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2008-06-09 1251720]

    S3 comHost;COM Host; c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2007-08-22 55640]

    S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2007-07-24 181800]

    S3 LiveUpdate;LiveUpdate; c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [2007-08-23 3192184]

    S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-27 441136]

    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-27 145184]

    S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

    S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

     

    -----------------EOF-----------------

    0
  • Customer

    Hey charlie2,

     

    Yes, please go on to fix the entries, then do a RSIT scan and post the logs on here.

    0
  • Customer

    info.txt logfile of random's system information tool 1.04 2008-11-06 18:21:33

     

    ======Uninstall list======

     

    -->"C:\Program Files\HP Games\3D Ultra Minigolf Adventures\Uninstall.exe"

    -->"C:\Program Files\HP Games\7 Wonders of the Ancient World\Uninstall.exe"

    -->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"

    -->"C:\Program Files\HP Games\Blasterball 2 Revolution\Uninstall.exe"

    -->"C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"

    -->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"

    -->"C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"

    -->"C:\Program Files\HP Games\Diner Dash\Uninstall.exe"

    -->"C:\Program Files\HP Games\FATE\Uninstall.exe"

    -->"C:\Program Files\HP Games\Fish Tycoon\Uninstall.exe"

    -->"C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"

    -->"C:\Program Files\HP Games\Jewel Quest Solitaire\Uninstall.exe"

    -->"C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"

    -->"C:\Program Files\HP Games\Magic Academy\Uninstall.exe"

    -->"C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"

    -->"C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"

    -->"C:\Program Files\HP Games\Otto's Magic Blocks\Uninstall.exe"

    -->"C:\Program Files\HP Games\Peggle\Uninstall.exe"

    -->"C:\Program Files\HP Games\Penguins!\Uninstall.exe"

    -->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"

    -->"C:\Program Files\HP Games\Polar Golfer Pineapple Cup\Uninstall.exe"

    -->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"

    -->"C:\Program Files\HP Games\Ricochet Lost Worlds\Uninstall.exe"

    -->"C:\Program Files\HP Games\Shooting Stars Pool\Uninstall.exe"

    -->"C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe"

    -->"C:\Program Files\HP Games\Super Granny\Uninstall.exe"

    -->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe"

    -->"C:\Program Files\HP Games\Virtual Villagers - A New Home\Uninstall.exe"

    -->"C:\Program Files\HP Games\Virtual Villagers - Chapter 2 - The Lost Children\Uninstall.exe"

    -->"C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"

    -->"c:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U

    -->MsiExec.exe /I{C4CBAD7E-DF4A-4FEC-AC17-8BC709AFB844}

    2007 Microsoft Office system-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROHYBRIDR /dll OSETUP.DLL

    32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}

    Acoustica CD/DVD Label Maker-->C:\Program Files\Acoustica CD Label Maker\cdlabel.exe UNINSTALL

    Acoustica Effects Pack-->C:\PROGRA~1\ACOUST~3\UNWISE.EXE C:\PROGRA~1\ACOUST~3\INSTALL.LOG

    Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

    Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}

    Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{B3C2C1CD-6B77-4A96-B670-F734AC2A1CBC}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE

    Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}

    Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall

    Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}

    Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe

    Adobe Help Center 2.1-->MsiExec.exe /I{25569723-DC5A-4467-A639-79535BF01B71}

    Adobe Photoshop Elements 5.0-->msiexec /I {A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}

    Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}

    AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}

    ArcSoft Panorama Maker 4 Pro-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06FE635A-BE8C-4208-91A9-FB6E641A4F52}\Setup.exe" -l0x9

    Blood Pressure Tracker-->"C:\Program Files\SoundTells\Blood Pressure Tracker\Uninstall.exe" "C:\Program Files\SoundTells\Blood Pressure Tracker\install.log"

    ccCommon-->MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}

    CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"

    Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}

    Component Framework-->MsiExec.exe /I{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}

    CyberLink DVD Suite Deluxe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" -uninstall

    Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u

    G-Force-->C:\Program Files\SoundSpectrum\G-Force\Uninstall.exe

    Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}

    Hardware Diagnostic Tools-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe

    Hewlett-Packard Active Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}

    Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}

    HijackThis 2.0.2-->"C:\Users\Charlie\Desktop\HijackThis.exe" /uninstall

    HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C8D47273-7A1A-4614-A3D8-263632D8A5ED}\setup.exe" -l0x9 -removeonly

    HP Customer Feedback-->MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC}

    HP Customer Participation Program 9.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat

    HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1BCE2581-B7CA-4BB4-BDFB-D113506AA38B}\setup.exe" -l0x9 -removeonly

    HP Imaging Device Functions 9.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat

    HP OCR Software 9.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat

    HP On-Screen Cap/Num/Scroll Lock Indicator-->C:\Windows\system32\OsdRemove.exe

    HP Photosmart All-In-One Software 9.0-->C:\Program Files\HP\Digital Imaging\{B46AC30C-22D2-4610-B041-1DA7BB29EB57}\setup\hpzscr01.exe -datfile hposcr21.dat

    HP Photosmart Essential 3.0-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat

    HP Photosmart Printer Software 9.0-->C:\Program Files\HP\Digital Imaging\{4FC583C2-45DB-44ac-AD30-8837DB845588}\setup\hpzscr01.exe -datfile hposcr16.dat

    HP Picasso Media Center Add-In-->MsiExec.exe /I{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}

    HP Solution Center 9.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat

    HP Total Care Advisor-->MsiExec.exe /X{fef8097e-662d-49b3-aa77-2919db3746d7}

    HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}

    HPSSupply-->MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}

    Jasc Paint Shop Pro 8-->MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}

    Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}

    LabelPrint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" -uninstall

    LightScribe System Software 1.10.23.1-->MsiExec.exe /X{0E19A83E-F53B-40CF-8C91-96F32D955E6A}

    LiveUpdate (Symantec Corporation)-->MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "c:\ProgramData\LuUninstall.LiveUpdate"

    LiveUpdate (Symantec Corporation)-->MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}

    Maxtor Manager-->"C:\Program Files\InstallShield Installation Information\{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}\setup.exe" -runfromtemp -l0x0409 -removeonly

    Maxtor Manager-->MsiExec.exe /I{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}

    McAfee SiteAdvisor-->C:\Program Files\McAfee\SiteAdvisor\Uninstall.exe

    MediaRing Talk-->"C:\Program Files\MediaRing\MediaRing Talk\Uninstall.exe" "C:\Program Files\MediaRing\MediaRing Talk\install.log"

    Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}

    Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}

    Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}

    Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}

    Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}

    Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}

    Microsoft Office Professional Edition 2003-->MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}

    Microsoft Office Professional Hybrid 2007-->MsiExec.exe /X{91120000-0031-0000-0000-0000000FF1CE}

    Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

    Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

    Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

    Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}

    Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}

    Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}

    Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}

    Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}

    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}

    Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}

    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

    MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}

    MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}

    muvee autoProducer 6.1-->C:\Program Files\InstallShield Installation Information\{5115C036-C0D5-4E1B-81C9-542CA967478A}\muveesetup.exe -removeonly -runfromtemp

    My Blood Pressure v2.11-->"C:\Program Files\My-BP\unins000.exe"

    My HP Games-->"C:\Program Files\HP Games\Uninstall.exe"

    MyBP NHLBI Documents 1-->"C:\Program Files\MyBP NHLBI Documents\unins000.exe"

    Norton AntiVirus Help-->MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}

    Norton AntiVirus-->MsiExec.exe /X{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}

    Norton Confidential Core-->MsiExec.exe /I{55A6283C-638A-4EE0-B491-51118554BDA2}

    Norton Internet Security (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_0_0_60\Setup.exe" /X

    Norton Internet Security-->MsiExec.exe /I{3672B097-EA69-4BFE-B92F-29AE6D9D2B34}

    Norton Internet Security-->MsiExec.exe /I{C1C185CA-C531-49F5-A6FA-B838405A049D}

    Norton Protection Center-->MsiExec.exe /I{62120008-8E1E-4807-860D-A8B48F8552DB}

    NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI

    OLYMPUS Master 2-->MsiExec.exe /X{13453DAA-8424-4B9C-844F-FC44C621F9E3}

    OLYMPUS xD-Picture Card Pack-->MsiExec.exe /X{782E6262-E509-48F1-9BB4-94A164EB82E9}

    Power2Go-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" -uninstall

    PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall

    Python 2.5-->MsiExec.exe /I{0A2C5854-557E-48C8-835A-3B9F074BDCAA}

    Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly

    Security Update for Excel 2007 (KB946974)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}

    Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}

    Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}

    Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}

    Security Update for Office 2007 (KB947801)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}

    Skypeâ„¢ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}

    SnagIt 8-->MsiExec.exe /I{A1C4EE2B-DF14-4488-BC8A-F9336D588E97}

    Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\UIU32m.exe -U -ITrx200Cz.INF

    Some PDF Image Extractr 1.4-->"C:\Program Files\SomePDF\Some PDF Image Extractr\unins000.exe"

    SPBBC 32bit-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}

    Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}

    Spin It Again-->C:\PROGRA~1\ACOUST~2\UNWISE.EXE C:\PROGRA~1\ACOUST~2\INSTALL.LOG

    Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"

    Switch Sound File Converter-->C:\Program Files\NCH Swift Sound\Switch\uninst.exe

    Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}

    Update for Office 2007 (KB932080)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}

    Update for Office 2007 (KB946691)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}

    Update for Office System 2007 Setup (KB929722)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {D8E9BEBD-655F-467D-8176-CA9959C140A3}

    Update for Outlook 2007 Junk Email Filter (kb953463)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {1B78D541-9FF1-4330-ADD8-CED14F0C1E8E}

    VSO Image Resizer 2.0.1.7-->"C:\Program Files\VSO\Image Resizer\unins000.exe"

    Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}

    Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}

    Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}

    Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}

     

    =====HijackThis Backups=====

     

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

     

    ======Security center information======

     

    AV: Norton Internet Security

    FW: Norton Internet Security

    AS: Windows Defender

    AS: Norton Internet Security

     

    ======Environment variables======

     

    "ComSpec"=%SystemRoot%\system32\cmd.exe

    "FP_NO_HOST_CHECK"=NO

    "OS"=Windows_NT

    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\hp\bin\Python

    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

    "PROCESSOR_ARCHITECTURE"=x86

    "TEMP"=%SystemRoot%\TEMP

    "TMP"=%SystemRoot%\TEMP

    "USERNAME"=SYSTEM

    "windir"=%SystemRoot%

    "PROCESSOR_LEVEL"=15

    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 2, AuthenticAMD

    "PROCESSOR_REVISION"=6b02

    "NUMBER_OF_PROCESSORS"=2

    "PLATFORM"=HPD

    "PCBRAND"=Presario

    "OnlineServices"=Online Services

     

    -----------------EOF-----------------

    0
  • Customer

    Do I have to disable norton internet security as well as windows defender?

     

    C:\ComboFix.txt and fresh HijackThis log Is this all one file or do I have to run HJT again after I've run combo fix?

     

    Sorry if I appear a bit dumb but I'm not real good at this stuff

    0
  • Customer

    Hey charlie2,

     

    From your log, you seem to have multiple anti-spyware resident running on your computer. This is not recommended as multiple protection of the same kind can cause conflicts and reduce the efficiency of the softwares. Please disable the following:

     

    Windows Defender

     

    Strange that despite fixing the entries, it comes right back. We need a stronger tool on this.

     

    Download ComboFix from one of these locations:

     

    Link 1

    Link 2

    Link 3

     

    * IMPORTANT !!! Save ComboFix.exe to your Desktop


    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
       


    • Double click on ComboFix.exe & follow the prompts.
       


    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
       


    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.



    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

     


     

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

     

     

    Click on Yes, to continue scanning for malware.

     

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt and fresh HijackThis log in your next reply.

    0
  • Customer

    Before you run ComboFix, please disable Norton Internet Security and Windows Defender, after you have run ComboFix, re-enable Norton Internet Security ONLY.

     

    Combofix.txt is generated by ComboFix, HijackThis log is generated by HijackThis, both are different tools, so you have to run both to get both logs.

     

    It's good that you clarify with me, if there are any other questions, feel free to ask.

    0
  • Customer

    LtAngelic, I have to go out now , before the shops shut. Do you mind if I continue this tomorrow?

     

    Charlie

    0
  • Customer

    No problem, just post me the logs when you're ready.

    0
  • Customer

    No problem, just post me the logs when you're ready.

     

     

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 10:52:30 AM, on 7/11/2008

    Platform: Windows Vista SP1 (WinNT 6.00.1905)

    MSIE: Internet Explorer v7.00 (7.00.6001.18000)

    Boot mode: Normal

     

    Running processes:

    C:\Windows\system32\Dwm.exe

    C:\WINDOWS\RtHDVCpl.exe

    C:\hp\support\hpsysdrv.exe

    C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

    C:\Windows\system32\taskeng.exe

    c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

    C:\WINDOWS\ehome\ehtray.exe

    C:\Program Files\Windows Media Player\wmpnscfg.exe

    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

    C:\Windows\ehome\ehmsas.exe

    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

    C:\hp\kbd\kbd.exe

    C:\Windows\Explorer.exe

    C:\Users\Charlie\Desktop\HiJackThis.exe

     

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    O1 - Hosts: ::1 localhost

    O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll

    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

    O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe

    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE

    O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"

    O4 - HKLM\..\Run: [sunJavaUpdateReg] "C:\Windows\system32\jureg.exe" -delete

    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"

    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"

    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll

    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

    O13 - Gopher Prefix:

    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

    O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

    O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

    O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe

    O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

     

    --

    End of file - 7402 bytes

     

    ComboFix 08-11-05.02 - Charlie 2008-11-07 10:39:23.1 - NTFSx86

    Microsoft� Windows Vista� Home Premium 6.0.6001.1.1252.1.1033.18.980 [GMT 10.5:30]

    Running from: c:\users\Charlie\Desktop\ComboFix.exe

    * Created a new restore point

    .

     

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

     

    c:\users\Charlie\AppData\Local\Microsoft\Windows\Temporary Internet Files\pse_300_enu.exe

    c:\windows\system32\AutoRun.inf

     

    .

    ((((((((((((((((((((((((( Files Created from 2008-10-07 to 2008-11-07 )))))))))))))))))))))))))))))))

    .

     

    2008-11-06 18:21 . 2008-11-06 18:21 <DIR> d-------- C:\rsit

    2008-11-05 05:24 . 2008-10-17 07:43 1,809,944 --a------ c:\windows\System32\wuaueng.dll

    2008-11-05 05:24 . 2008-10-17 07:26 1,524,736 --a------ c:\windows\System32\wucltux.dll

    2008-11-05 05:24 . 2008-10-17 07:39 51,224 --a------ c:\windows\System32\wuauclt.exe

    2008-11-05 05:24 . 2008-10-17 07:39 43,544 --a------ c:\windows\System32\wups2.dll

    2008-11-05 05:23 . 2008-10-17 07:42 561,688 --a------ c:\windows\System32\wuapi.dll

    2008-11-05 05:23 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll

    2008-11-05 05:23 . 2008-10-17 07:25 83,456 --a------ c:\windows\System32\wudriver.dll

    2008-11-05 05:23 . 2008-10-17 07:38 34,328 --a------ c:\windows\System32\wups.dll

    2008-11-05 05:23 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe

    2008-10-29 07:17 . 2008-09-18 15:26 147,456 --a------ c:\windows\System32\Faultrep.dll

    2008-10-29 07:17 . 2008-09-18 15:26 125,952 --a------ c:\windows\System32\wersvc.dll

    2008-10-29 06:06 . 2008-08-12 14:09 443,392 --a------ c:\windows\System32\win32spl.dll

    2008-10-24 08:41 . 2008-10-17 05:55 143,993 --------- c:\windows\hpoins16.dat.temp

    2008-10-24 08:41 . 2007-08-13 14:18 5,279 --------- c:\windows\hpomdl16.dat.temp

    2008-10-21 20:26 . 2008-10-21 20:53 <DIR> d-------- c:\users\Charlie\AppData\Roaming\muvee Technologies

    2008-10-21 20:26 . 2008-10-21 20:26 <DIR> d-------- c:\users\All Users\TEMP

    2008-10-21 20:26 . 2008-10-21 20:26 <DIR> d-------- c:\programdata\TEMP

    2008-10-16 10:38 . 2008-07-31 11:43 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll

    2008-10-16 10:38 . 2008-08-05 20:19 428,544 --a------ c:\windows\System32\EncDec.dll

    2008-10-16 10:38 . 2008-08-05 20:19 293,376 --a------ c:\windows\System32\psisdecd.dll

    2008-10-16 10:38 . 2008-08-05 20:18 217,088 --a------ c:\windows\System32\psisrndr.ax

    2008-10-16 10:38 . 2008-08-05 20:18 177,664 --a------ c:\windows\System32\mpg2splt.ax

    2008-10-16 10:38 . 2008-08-05 20:18 80,896 --a------ c:\windows\System32\MSNP.ax

    2008-10-16 10:38 . 2008-07-31 14:02 28,160 --a------ c:\windows\System32\Apphlpdm.dll

    2008-10-16 09:05 . 2008-09-18 15:39 3,601,464 --a------ c:\windows\System32\ntkrnlpa.exe

    2008-10-16 09:05 . 2008-09-18 15:39 3,549,240 --a------ c:\windows\System32\ntoskrnl.exe

    2008-10-16 09:05 . 2008-09-18 12:46 2,032,640 --a------ c:\windows\System32\win32k.sys

    2008-10-16 09:05 . 2008-08-27 11:36 288,768 --a------ c:\windows\System32\drivers\srv.sys

    2008-10-16 09:04 . 2008-10-02 12:02 1,383,424 --a------ c:\windows\System32\mshtml.tlb

    2008-10-16 09:04 . 2008-10-02 14:19 827,392 --a------ c:\windows\System32\wininet.dll

    2008-10-15 15:39 . 2008-10-15 15:39 <DIR> d-------- c:\program files\Maxtor

     

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2008-11-06 23:10 --------- d-----w c:\programdata\Symantec

    2008-11-04 21:59 --------- d-----w c:\users\Charlie\AppData\Roaming\VSO

    2008-10-31 01:46 --------- d-----w c:\program files\McAfee

    2008-10-31 01:45 --------- d-----w c:\program files\Common Files\Symantec Shared

    2008-10-29 12:42 --------- d-----w c:\users\Charlie\AppData\Roaming\Skype

    2008-10-29 05:33 --------- d-----w c:\users\Charlie\AppData\Roaming\skypePM

    2008-10-19 11:17 --------- d-----w c:\programdata\HPSSUPPLY

    2008-10-19 07:04 --------- d-----w c:\program files\Acoustica CD Label Maker

    2008-10-16 00:18 --------- d-----w c:\program files\Windows Mail

    2008-10-15 05:10 --------- d--h--w c:\program files\InstallShield Installation Information

    2008-10-07 01:22 --------- d-----w c:\program files\Spybot - Search & Destroy

    2008-10-04 21:36 --------- d-----w c:\programdata\SiteAdvisor

    2008-10-04 21:35 --------- d-----w c:\programdata\McAfee

    2008-10-04 21:35 --------- d-----w c:\program files\Common Files\McAfee

    2008-09-29 02:12 --------- d-----w c:\programdata\Kodak

    2008-09-14 12:43 --------- d-----w c:\program files\Common Files\Adobe AIR

    2008-09-14 12:42 --------- d-----w c:\program files\Common Files\Adobe

    2008-09-14 12:16 --------- d-----w c:\program files\Java

    2008-09-14 12:15 --------- d-----w c:\program files\Common Files\Java

    2008-08-20 08:37 2,560 ----a-w c:\windows\_MSRSTRT.EXE

    2008-08-18 10:55 319,456 ----a-w c:\windows\DIFxAPI.dll

    2008-08-18 10:55 315,392 ----a-w c:\windows\HideWin.exe

    2008-08-03 10:23 262,144 ----a-w c:\programdata\ntuser.dat

    2008-06-27 04:24 56 ---ha-w c:\users\All Users\ezsidmv.dat

    2008-06-27 04:24 56 ---ha-w c:\programdata\ezsidmv.dat

    2008-06-14 07:37 174 --sha-w c:\program files\desktop.ini

    2008-06-12 09:45 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

    2008-06-12 09:45 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

    2008-06-12 09:45 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

    .

     

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

     

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-19 65536]

    "KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-09 65536]

    "OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]

    "SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]

    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]

    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]

    "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-12-22 67752]

    "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 81920]

    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-22 13539872]

    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-22 92704]

    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

    "mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]

    "RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 c:\windows\RtHDVCpl.exe]

     

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

     

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "EnableUIADesktopToggle"= 0 (0x0)

     

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

    "msacm.l3codecp"= l3codecp.acm

     

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]

    "UacDisableNotify"=dword:00000001

    "InternetSettingsDisableNotify"=dword:00000001

    "AutoUpdateDisableNotify"=dword:00000001

     

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

    "DisableMonitoring"=dword:00000001

     

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

    "DisableMonitoring"=dword:00000001

     

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

    "DisableMonitoring"=dword:00000001

     

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

    "AntiVirusOverride"=dword:00000001

     

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

    "EnableFirewall"= 0 (0x0)

     

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

    "{9114E626-A50A-4CAC-9720-4C9670A0090C}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector

    "{876E3634-B7A8-464C-ACEF-3785FBEF74C7}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

    "{DA4D75CD-B458-46AB-A6FF-A567A5509E81}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe

    "{6D4A789E-0E70-40C2-A4C3-A7EFE071C520}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe

    "{39FD184D-A111-419A-929C-567FEDE27029}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe

    "{054DFADA-3C1A-4DA2-BECB-012C83DE0538}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe

    "{61010454-CBBC-4326-A626-3A2917DE8000}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe

    "{05BE9E99-2F0A-4F44-9A76-35EDC29ADD65}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe

    "{7CD504E4-93AF-417D-B14F-8E15EB9011EB}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe

    "{9CF41B4A-FDE1-47DA-8DA0-547BE6C36D63}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe

    "{624C6A7C-1144-44BD-A090-D077D708C065}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe

    "{766C8848-344E-42CA-AC52-8B219EE30C7A}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe

    "{FC4FE70A-3846-4582-9BD9-EA9576DAD380}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe

    "{A4F30294-8B1C-4E6B-8D49-FF988BC04BA0}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe

    "{2EF6AD83-2743-42A4-9EF1-32235F7DC4DA}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe

    "{A4CCB681-1CF2-4286-832D-1D20DE0E8EBB}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe

    "{907198B2-B2E9-4342-8A3D-EE8110F81B85}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe

    "{4EAE6B4E-37D7-4CC5-B0ED-D9C123F4F8BE}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe

    "{7C388FBB-96B2-43F6-9DEA-BA0DB37FC0D2}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe

    "{F85CDD18-4084-4A5D-8AA0-E07472F6939C}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe

    "{9DB14414-94A5-4096-9156-579DC08AA371}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe

    "{74AD7B4A-2D51-4E14-A4F0-ABAE6718FC9D}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe

    "{88C77A7D-F76C-4DE7-AD9E-B54BFD3EEDEB}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server

    "{0BD3607E-48AD-492B-936A-92ADA12B946C}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server

    "{CA349CDA-F4B4-4C8F-B62E-E35D976363AA}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

    "{69C487EA-46B2-4EC7-90E8-93B42F2D119D}"= c:\program files\Skype\Phone\Skype.exe:Skype

     

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

    "EnableFirewall"= 0 (0x0)

     

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

    "EnableFirewall"= 0 (0x0)

     

    R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20081104.005\IDSvix86.sys [2008-09-12 270384]

    R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]

    R2 Maxtor Sync Service;Maxtor Service;c:\program files\Maxtor\Sync\SyncServices.exe [2008-07-21 193888]

    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-10-08 203280]

    R3 SYMNDISV;SYMNDISV;c:\windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 41008]

    S3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]

    S3 GameConsoleService;GameConsoleService;c:\program files\HP Games\My HP Game Console\GameConsoleService.exe [2007-07-24 181800]

    S4 nvrd32;NVIDIA nForce RAID Driver;c:\windows\system32\drivers\nvrd32.sys [2007-12-08 131616]

     

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

     

    *Newly Created Service* - COMHOST

    *Newly Created Service* - PROCEXP90

    .

    Contents of the 'Scheduled Tasks' folder

     

    2008-11-03 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Charlie.job

    - c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-26 21:49]

     

    2008-11-07 c:\windows\Tasks\User_Feed_Synchronization-{F9317237-BD81-4915-97EC-9D09B3520DF1}.job

    - c:\windows\system32\msfeedssync.exe [2008-01-19 18:03]

    .

    - - - - ORPHANS REMOVED - - - -

     

    WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)

    HKCU-Run-Power2GoExpress - (no file)

    HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

     

     

    .

    ------- Supplementary Scan -------

    .

    R0 -: HKCU-Main,Start Page = hxxp://www.google.com.au/

    R0 -: HKLM-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=81&bd=Presario&pf=desktop

    O8 -: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

    .

     

    **************************************************************************

     

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2008-11-07 10:43:29

    Windows 6.0.6001 Service Pack 1 NTFS

     

    scanning hidden processes ...

     

    scanning hidden autostart entries ...

     

    scanning hidden files ...

     

    scan completed successfully

    hidden files: 0

     

    **************************************************************************

    .

    Completion time: 2008-11-07 10:44:47

    ComboFix-quarantined-files.txt 2008-11-07 00:14:43

     

    Pre-Run: 184,210,145,280 bytes free

    Post-Run: 184,188,309,504 bytes free

     

    197 --- E O F --- 2008-11-06 19:04:41

     

    Edit: Please do not attach the logs unless I tell you to, thanks. ~Ltangelic~

    ComboFix.txt

    0
  • Customer

    No worries charlie.

     

    Cool, glad to hear that your machine is doing much better. I'm looking at your logs now, will get back with a fix in around 30 mins.

     

    LT

    0
  • Customer

    Sorry about that. Thought you wanted it attached. Told you I wasn't to crash hot on this sort of thing

     

    Well, somethings happened, machines been going like a dream today.

    0
  • Customer

    Hey charlie2,

     

    Your logs look good to me, let's run a final round of scan and hope we can close this soon.

     

    1) Run ATF Cleaner

     

    Please download ATF Cleaner by Atribune.

    This program is for Windows 98/ME/2K/XP and Vista

      Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.


    If you use Firefox browser

      Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.


    If you use Opera browser

      Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.


    Click Exit on the Main menu to close the program.

    For Technical Support, double-click the e-mail address located at the bottom of each menu.

     

    2) Fix an entry with HijackThis

     

    Please re-open HijackThis and Do a System Scan Only. Check the boxes next to all the entries listed below.

     

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

     

    Now close all windows other than HijackThis, then click Fix Checked. Close HijackThis.

     

    3) Run Malwarebytes' Anti-Malware

     

    Please download Malwarebytes' Anti-Malware from Here or Here

     

    Double Click mbam-setup.exe to install the application.


    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.


    • If an update is found, it will download and install the latest version.


    • Once the program has loaded, select "Perform Quick Scan", then click Scan.


    • The scan may take some time to finish,so please be patient.


    • When the scan is complete, click OK, then Show Results to view the results.


    • Make sure that everything is checked, and click Remove Selected.


    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)


    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.


    • Copy&Paste the entire report in your next reply.



    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

     

    4) Update Java

     

    Your Java is out of date.


    • Download the latest version of Java Runtime Environment (JRE) 6 Update 10.


    • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".


    • Click the "Download" button to the right.


    • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".


    • Click on Continue.


    • Click on the link to download Windows Offline Installation (jre-6u10-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..


    • Close any programs you may have running - especially your web browser.


    • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.


    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.


    • Click the Remove or Change/Remove button.


    • Repeat as many times as necessary to remove each Java version.


    • Reboot your computer once all Java components are removed.


    • Then from your desktop double-click on the download to install the newest version.



    Next reply (please include):

     

    Note: Please do NOT attach the logs and post ONE log in each post

     

    Fresh HijackThis log

    ComboFix.txt (please run ComboFix again)

    Malwarebytes' Anti-Malware scan log

    Tell me how your computer is doing

    0
  • Customer

    Can't find the Java Runtime that says "the J2Se Runtime ........allows end users to runJava Applications.

     

    Is this the one I should download

     

    Java SE Runtime Environment (JRE) 6 Update 10

    This release provides a new Java Plug-in that combines features of applet and Java Web Start technologies, a new Direct3D pipeline for Microsoft platforms, an updated documentation bundle, and more.

    0
  • Customer

    Yes Charlie, that's the one you want to download. Remember to remove all previous versions of Java AFTER you have installed the above.

    0
  • Customer

    Remember to remove all previous versions of Java AFTER you have installed the above ?

     

    Ltangelic, in the earlier instructions, you said to remove all old versions of Java then reboot and then doubleclick the download to instal the new version.

     

    Hate to be a nuisance but do you mean for me to download the new version to my desktop, then remove old versions,reboot, THEN instal the new version.

    0
  • Customer

    Oops sorry for the confusion caused.

     

    Please ignore "Remember to remove all previous versions of Java AFTER you have installed the above" and go on to follow the proper instructions given earlier on. Thanks.

    0
  • Customer

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 7:01:32 PM, on 7/11/2008

    Platform: Windows Vista SP1 (WinNT 6.00.1905)

    MSIE: Internet Explorer v7.00 (7.00.6001.18000)

    Boot mode: Normal

     

    Running processes:

    C:\Windows\system32\Dwm.exe

    C:\Windows\Explorer.EXE

    C:\Windows\system32\taskeng.exe

    C:\WINDOWS\RtHDVCpl.exe

    C:\hp\support\hpsysdrv.exe

    C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

    C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe

    c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    C:\WINDOWS\System32\rundll32.exe

    C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe

    C:\WINDOWS\ehome\ehtray.exe

    C:\Program Files\Windows Media Player\wmpnscfg.exe

    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

    C:\Windows\System32\mobsync.exe

    C:\Windows\ehome\ehmsas.exe

    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

    C:\hp\kbd\kbd.exe

    C:\Windows\system32\msfeedssync.exe

    C:\Users\Charlie\Desktop\HiJackThis.exe

     

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    O1 - Hosts: ::1 localhost

    O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

    O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll

    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

    O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe

    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE

    O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"

    O4 - HKLM\..\Run: [sunJavaUpdateReg] "C:\Windows\system32\jureg.exe" -delete

    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"

    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

    O13 - Gopher Prefix:

    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

    O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

    O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

    O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe

    O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

     

    --

    End of file - 7449 bytes

    0
  • Customer

    Malwarebytes' Anti-Malware 1.30

    Database version: 1371

    Windows 6.0.6001 Service Pack 1

     

    7/11/2008 5:55:37 PM

    mbam-log-2008-11-07 (17-55-37).txt

     

    Scan type: Quick Scan

    Objects scanned: 46213

    Time elapsed: 3 minute(s), 8 second(s)

     

    Memory Processes Infected: 0

    Memory Modules Infected: 0

    Registry Keys Infected: 0

    Registry Values Infected: 0

    Registry Data Items Infected: 0

    Folders Infected: 0

    Files Infected: 0

     

    Memory Processes Infected:

    (No malicious items detected)

     

    Memory Modules Infected:

    (No malicious items detected)

     

    Registry Keys Infected:

    (No malicious items detected)

     

    Registry Values Infected:

    (No malicious items detected)

     

    Registry Data Items Infected:

    (No malicious items detected)

     

    Folders Infected:

    (No malicious items detected)

     

    Files Infected:

    (No malicious items detected)

    0
  • Customer

    Thanks for the logs, just one little problem. This entry is still in your HijackThis log:

     

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

     

    Did you use Hijackthis to fix it?

     

    Also, how is your computer doing now?

    0
  • Customer

    I did fix that bho but it keeps coming back. (Ididn't fix it on the last scan so that you could see it's come back again)

     

    The pc's going like a dream now. Obviously you've fixed something for me.

     

    Here's the new combofix log

     

    ComboFix 08-11-05.02 - Charlie 2008-11-07 19:10:01.2 - NTFSx86

    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1086 [GMT 10.5:30]

    Running from: c:\users\Charlie\Desktop\ComboFix.exe

    .

     

    ((((((((((((((((((((((((( Files Created from 2008-10-07 to 2008-11-07 )))))))))))))))))))))))))))))))

    .

     

    2008-11-07 18:56 . 2008-11-07 18:56 <DIR> d-------- c:\program files\Java

    2008-11-07 18:56 . 2008-11-07 18:56 410,976 --a------ c:\windows\System32\deploytk.dll

    2008-11-07 17:50 . 2008-11-07 17:50 <DIR> d-------- c:\users\Charlie\AppData\Roaming\Malwarebytes

    2008-11-07 17:50 . 2008-11-07 17:50 <DIR> d-------- c:\users\All Users\Malwarebytes

    2008-11-07 17:50 . 2008-11-07 17:50 <DIR> d-------- c:\programdata\Malwarebytes

    2008-11-07 17:50 . 2008-11-07 17:50 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

    2008-11-07 17:50 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys

    2008-11-07 17:50 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys

    2008-11-06 18:21 . 2008-11-06 18:21 <DIR> d-------- C:\rsit

    2008-11-05 05:24 . 2008-10-17 07:43 1,809,944 --a------ c:\windows\System32\wuaueng.dll

    2008-11-05 05:24 . 2008-10-17 07:26 1,524,736 --a------ c:\windows\System32\wucltux.dll

    2008-11-05 05:24 . 2008-10-17 07:39 51,224 --a------ c:\windows\System32\wuauclt.exe

    2008-11-05 05:24 . 2008-10-17 07:39 43,544 --a------ c:\windows\System32\wups2.dll

    2008-11-05 05:23 . 2008-10-17 07:42 561,688 --a------ c:\windows\System32\wuapi.dll

    2008-11-05 05:23 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll

    2008-11-05 05:23 . 2008-10-17 07:25 83,456 --a------ c:\windows\System32\wudriver.dll

    2008-11-05 05:23 . 2008-10-17 07:38 34,328 --a------ c:\windows\System32\wups.dll

    2008-11-05 05:23 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe

    2008-10-29 07:17 . 2008-09-18 15:26 147,456 --a------ c:\windows\System32\Faultrep.dll

    2008-10-29 07:17 . 2008-09-18 15:26 125,952 --a------ c:\windows\System32\wersvc.dll

    2008-10-29 06:06 . 2008-08-12 14:09 443,392 --a------ c:\windows\System32\win32spl.dll

    2008-10-24 08:41 . 2008-10-17 05:55 143,993 --------- c:\windows\hpoins16.dat.temp

    2008-10-24 08:41 . 2007-08-13 14:18 5,279 --------- c:\windows\hpomdl16.dat.temp

    2008-10-21 20:26 . 2008-10-21 20:53 <DIR> d-------- c:\users\Charlie\AppData\Roaming\muvee Technologies

    2008-10-21 20:26 . 2008-10-21 20:26 <DIR> d-------- c:\users\All Users\TEMP

    2008-10-21 20:26 . 2008-10-21 20:26 <DIR> d-------- c:\programdata\TEMP

    2008-10-16 10:38 . 2008-07-31 11:43 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll

    2008-10-16 10:38 . 2008-08-05 20:19 428,544 --a------ c:\windows\System32\EncDec.dll

    2008-10-16 10:38 . 2008-08-05 20:19 293,376 --a------ c:\windows\System32\psisdecd.dll

    2008-10-16 10:38 . 2008-08-05 20:18 217,088 --a------ c:\windows\System32\psisrndr.ax

    2008-10-16 10:38 . 2008-08-05 20:18 177,664 --a------ c:\windows\System32\mpg2splt.ax

    2008-10-16 10:38 . 2008-08-05 20:18 80,896 --a------ c:\windows\System32\MSNP.ax

    2008-10-16 10:38 . 2008-07-31 14:02 28,160 --a------ c:\windows\System32\Apphlpdm.dll

    2008-10-16 09:05 . 2008-09-18 15:39 3,601,464 --a------ c:\windows\System32\ntkrnlpa.exe

    2008-10-16 09:05 . 2008-09-18 15:39 3,549,240 --a------ c:\windows\System32\ntoskrnl.exe

    2008-10-16 09:05 . 2008-09-18 12:46 2,032,640 --a------ c:\windows\System32\win32k.sys

    2008-10-16 09:05 . 2008-08-27 11:36 288,768 --a------ c:\windows\System32\drivers\srv.sys

    2008-10-16 09:04 . 2008-10-02 12:02 1,383,424 --a------ c:\windows\System32\mshtml.tlb

    2008-10-16 09:04 . 2008-10-02 14:19 827,392 --a------ c:\windows\System32\wininet.dll

    2008-10-15 15:39 . 2008-10-15 15:39 <DIR> d-------- c:\program files\Maxtor

     

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2008-11-07 03:40 --------- d-----w c:\programdata\Symantec

    2008-11-04 21:59 --------- d-----w c:\users\Charlie\AppData\Roaming\VSO

    2008-10-31 01:46 --------- d-----w c:\program files\McAfee

    2008-10-31 01:45 --------- d-----w c:\program files\Common Files\Symantec Shared

    2008-10-29 12:42 --------- d-----w c:\users\Charlie\AppData\Roaming\Skype

    2008-10-29 05:33 --------- d-----w c:\users\Charlie\AppData\Roaming\skypePM

    2008-10-19 11:17 --------- d-----w c:\programdata\HPSSUPPLY

    2008-10-19 07:04 --------- d-----w c:\program files\Acoustica CD Label Maker

    2008-10-16 00:18 --------- d-----w c:\program files\Windows Mail

    2008-10-15 05:10 --------- d--h--w c:\program files\InstallShield Installation Information

    2008-10-07 01:22 --------- d-----w c:\program files\Spybot - Search & Destroy

    2008-10-04 21:36 --------- d-----w c:\programdata\SiteAdvisor

    2008-10-04 21:35 --------- d-----w c:\programdata\McAfee

    2008-10-04 21:35 --------- d-----w c:\program files\Common Files\McAfee

    2008-09-29 02:12 --------- d-----w c:\programdata\Kodak

    2008-09-14 12:43 --------- d-----w c:\program files\Common Files\Adobe AIR

    2008-09-14 12:42 --------- d-----w c:\program files\Common Files\Adobe

    2008-08-20 08:37 2,560 ----a-w c:\windows\_MSRSTRT.EXE

    2008-08-18 10:55 319,456 ----a-w c:\windows\DIFxAPI.dll

    2008-08-18 10:55 315,392 ----a-w c:\windows\HideWin.exe

    2008-08-03 10:23 262,144 ----a-w c:\programdata\ntuser.dat

    2008-06-27 04:24 56 ---ha-w c:\users\All Users\ezsidmv.dat

    2008-06-27 04:24 56 ---ha-w c:\programdata\ezsidmv.dat

    2008-06-14 07:37 174 --sha-w c:\program files\desktop.ini

    2008-06-12 09:45 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

    2008-06-12 09:45 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

    2008-06-12 09:45 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

    .

     

    ((((((((((((((((((((((((((((( snapshot@2008-11-07_10.43.51.43 )))))))))))))))))))))))))))))))))))))))))

    .

    - 2008-11-06 18:56:34 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

    + 2008-11-07 08:20:22 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

    - 2008-11-06 18:56:34 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

    + 2008-11-07 08:20:22 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

    - 2008-11-06 18:57:33 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

    + 2008-11-07 08:22:41 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

    + 2008-11-07 08:22:41 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1

    - 2008-11-06 18:58:09 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

    + 2008-11-07 08:22:36 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

    + 2008-11-07 08:22:36 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

    - 2008-11-06 23:58:56 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

    + 2008-11-07 08:38:25 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

    - 2008-11-06 23:58:56 65,536 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

    + 2008-11-07 08:38:25 65,536 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

    - 2008-11-06 23:58:56 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

    + 2008-11-07 08:38:25 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

    + 2008-11-07 07:16:05 5,910 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\34109D51568C2A00C6D0FD812651E8114B2584FA\34109D51568C2A00C6D0FD812651E8114B2584FA\Data.dat

    + 2008-11-07 08:32:49 5,790 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\6424794E152699BF6A60AE579F367DB9EFF60E99\6424794E152699BF6A60AE579F367DB9EFF60E99\Data.dat

    + 2008-11-07 07:16:59 5,728 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\98A86F6157A06665D311F30C39FE29ECD10B32F6\98A86F6157A06665D311F30C39FE29ECD10B32F6\Data.dat

    + 2008-11-07 07:11:02 6,158 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\CE5ABED1462D33837BA1ECBF1B7640A5D5D45911\CE5ABED1462D33837BA1ECBF1B7640A5D5D45911\Data.dat

    + 2008-11-07 07:29:50 6,072 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\F86F27D1C280924D45F2030FBC03AE134561E059\F86F27D1C280924D45F2030FBC03AE134561E059\Data.dat

    - 2008-06-09 15:51:01 135,168 ----a-w c:\windows\System32\java.exe

    + 2008-11-07 08:26:12 144,792 ----a-w c:\windows\System32\java.exe

    - 2008-06-09 15:51:04 135,168 ----a-w c:\windows\System32\javaw.exe

    + 2008-11-07 08:26:12 144,792 ----a-w c:\windows\System32\javaw.exe

    - 2008-06-09 17:02:34 139,264 ----a-w c:\windows\System32\javaws.exe

    + 2008-11-07 08:26:12 148,888 ----a-w c:\windows\System32\javaws.exe

    - 2008-11-06 19:01:32 105,448 ----a-w c:\windows\System32\perfc009.dat

    + 2008-11-07 08:25:21 105,448 ----a-w c:\windows\System32\perfc009.dat

    - 2008-11-06 19:01:32 599,942 ----a-w c:\windows\System32\perfh009.dat

    + 2008-11-07 08:25:21 599,942 ----a-w c:\windows\System32\perfh009.dat

    - 2008-11-06 18:58:31 8,622 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3299106393-3475166286-697493000-1000_UserData.bin

    + 2008-11-07 08:23:07 8,638 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3299106393-3475166286-697493000-1000_UserData.bin

    - 2008-11-06 18:58:31 81,988 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

    + 2008-11-07 08:23:07 82,106 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

    - 2008-11-06 18:58:30 46,642 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

    + 2008-11-07 08:23:05 46,642 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

    .

    -- Snapshot reset to current date --

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

     

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-19 65536]

    "KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-09 65536]

    "OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]

    "SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]

    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]

    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]

    "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-12-22 67752]

    "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 81920]

    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-22 13539872]

    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-22 92704]

    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

    "mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]

    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-07 136600]

    "RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 c:\windows\RtHDVCpl.exe]

     

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

     

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "EnableUIADesktopToggle"= 0 (0x0)

     

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

    "msacm.l3codecp"= l3codecp.acm

     

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]

    "UacDisableNotify"=dword:00000001

    "InternetSettingsDisableNotify"=dword:00000001

    "AutoUpdateDisableNotify"=dword:00000001

     

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

    "DisableMonitoring"=dword:00000001

     

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

    "DisableMonitoring"=dword:00000001

     

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

    "DisableMonitoring"=dword:00000001

     

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

    "AntiVirusOverride"=dword:00000001

     

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

    "EnableFirewall"= 0 (0x0)

     

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

    "{9114E626-A50A-4CAC-9720-4C9670A0090C}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector

    "{876E3634-B7A8-464C-ACEF-3785FBEF74C7}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

    "{DA4D75CD-B458-46AB-A6FF-A567A5509E81}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe

    "{6D4A789E-0E70-40C2-A4C3-A7EFE071C520}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe

    "{39FD184D-A111-419A-929C-567FEDE27029}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe

    "{054DFADA-3C1A-4DA2-BECB-012C83DE0538}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe

    "{61010454-CBBC-4326-A626-3A2917DE8000}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe

    "{05BE9E99-2F0A-4F44-9A76-35EDC29ADD65}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe

    "{7CD504E4-93AF-417D-B14F-8E15EB9011EB}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe

    "{9CF41B4A-FDE1-47DA-8DA0-547BE6C36D63}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe

    "{624C6A7C-1144-44BD-A090-D077D708C065}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe

    "{766C8848-344E-42CA-AC52-8B219EE30C7A}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe

    "{FC4FE70A-3846-4582-9BD9-EA9576DAD380}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe

    "{A4F30294-8B1C-4E6B-8D49-FF988BC04BA0}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe

    "{2EF6AD83-2743-42A4-9EF1-32235F7DC4DA}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe

    "{A4CCB681-1CF2-4286-832D-1D20DE0E8EBB}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe

    "{907198B2-B2E9-4342-8A3D-EE8110F81B85}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe

    "{4EAE6B4E-37D7-4CC5-B0ED-D9C123F4F8BE}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe

    "{7C388FBB-96B2-43F6-9DEA-BA0DB37FC0D2}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe

    "{F85CDD18-4084-4A5D-8AA0-E07472F6939C}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe

    "{9DB14414-94A5-4096-9156-579DC08AA371}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe

    "{74AD7B4A-2D51-4E14-A4F0-ABAE6718FC9D}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe

    "{88C77A7D-F76C-4DE7-AD9E-B54BFD3EEDEB}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server

    "{0BD3607E-48AD-492B-936A-92ADA12B946C}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server

    "{CA349CDA-F4B4-4C8F-B62E-E35D976363AA}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

    "{69C487EA-46B2-4EC7-90E8-93B42F2D119D}"= c:\program files\Skype\Phone\Skype.exe:Skype

     

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

    "EnableFirewall"= 0 (0x0)

     

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

    "EnableFirewall"= 0 (0x0)

     

    R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20081106.001\IDSvix86.sys [2008-09-12 270384]

    R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]

    R2 Maxtor Sync Service;Maxtor Service;c:\program files\Maxtor\Sync\SyncServices.exe [2008-07-21 193888]

    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-10-08 203280]

    R3 SYMNDISV;SYMNDISV;c:\windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 41008]

    S3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]

    S3 GameConsoleService;GameConsoleService;c:\program files\HP Games\My HP Game Console\GameConsoleService.exe [2007-07-24 181800]

    S4 nvrd32;NVIDIA nForce RAID Driver;c:\windows\system32\drivers\nvrd32.sys [2007-12-08 131616]

     

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

     

    *Newly Created Service* - COMHOST

    .

    Contents of the 'Scheduled Tasks' folder

     

    2008-11-03 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Charlie.job

    - c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-26 21:49]

     

    2008-11-07 c:\windows\Tasks\User_Feed_Synchronization-{F9317237-BD81-4915-97EC-9D09B3520DF1}.job

    - c:\windows\system32\msfeedssync.exe [2008-01-19 18:03]

    .

    - - - - ORPHANS REMOVED - - - -

     

    WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)

     

     

    .

    ------- Supplementary Scan -------

    .

    R0 -: HKCU-Main,Start Page = hxxp://www.google.com.au/

    R0 -: HKLM-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=81&bd=Presario&pf=desktop

    O8 -: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

    .

     

    **************************************************************************

     

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2008-11-07 19:12:59

    Windows 6.0.6001 Service Pack 1 NTFS

     

    scanning hidden processes ...

     

    scanning hidden autostart entries ...

     

    scanning hidden files ...

     

    scan completed successfully

    hidden files: 0

     

    **************************************************************************

    .

    --------------------- DLLs Loaded Under Running Processes ---------------------

     

    PROCESS: c:\windows\Explorer.exe

    -> c:\program files\McAfee\SiteAdvisor\saHook.dll

    .

    Completion time: 2008-11-07 19:14:20

    ComboFix-quarantined-files.txt 2008-11-07 08:44:15

    ComboFix2.txt 2008-11-07 00:14:48

     

    Pre-Run: 183,987,859,456 bytes free

    Post-Run: 183,957,852,160 bytes free

     

    241 --- E O F --- 2008-11-06 19:04:41

    0
  • Customer

    Hey charlie2,

     

    It's strange that the entry keeps coming back, seems like there is more to what I am seeing here. We'll need to do deeper scans. Please be patient with me.

     

    1) Run CFScript

     

    1. Please open Notepad


    • Click Start , then Run



    • Type notepad.exe in the Run Box.



    2. Now copy/paste the entire content of the codebox below into the Notepad window:

     

    KillAll:

     

    Registry::

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    R0 -: HKLM-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=81&bd=Presario&pf=desktop


     

    3. Save the above as CFScript.txt

     

    4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

     

     

    5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:



    • Combofix.txt



    • A new HijackThis log.



    2) Run Runscanner

     

    Please download Runscanner to your desktop and run it.


    • When the first page comes up select Beginner Mode


    • On the next page select Save a binary .Run file (Recommended) then click Start full scan at the top.


    • At this time Runscanner.exe may request access to the Internet through your firewall please allow it to do so, it will then run for two or three minutes.


    • On completion it will ask for a location to save the file and a name. It will do this for both the .run file and the log file


    • Call the .run file "Select a name" and save it to your desktop. You will see the .run file on your desktop. Upload that file here.



    3) Run F-Secure Blacklight

     

    Please download F-Secure Blacklight (fsbl.exe) and save to your C:\ drive.


    • Open a command window by going to Start > Run and typing: cmd


    • Copy/paste or type the following in the command window: C:\fsbl.exe /expert


    • Hit "Enter" to start the program and then close the cmd box.


    • Accept the user agreement and click "Next".


    • Click "Scan".


    • After the scan is complete, click "Next", then "Exit".


    • BlackLight will create a log in C:\ drive named "fsbl-xxxxxxx.log" (the xxxxxxx will be the date and time of the scan).


    • The log will have a list of all items found. Do not choose to rename any yet!
      I want to see the log first because legitimate items can also be present...like "wbemtest.exe" and "tcptest.exe.


    • Exit Blacklight and post the contents of the log in your next reply.



    Next reply (please include):

     

    Note: Please do NOT attach the logs and post ONE log in each post

     

    Fresh HijackThis log

    Combofix.txt

    Runscanner log

    F-Secure Blacklight log

    0
  • Customer

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 8:43:15 PM, on 8/11/2008

    Platform: Windows Vista SP1 (WinNT 6.00.1905)

    MSIE: Internet Explorer v7.00 (7.00.6001.18000)

    Boot mode: Normal

     

    Running processes:

    C:\Windows\system32\Dwm.exe

    C:\Windows\system32\taskeng.exe

    C:\WINDOWS\RtHDVCpl.exe

    C:\hp\support\hpsysdrv.exe

    C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

    C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe

    c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    C:\WINDOWS\System32\rundll32.exe

    C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe

    C:\Program Files\Java\jre6\bin\jusched.exe

    C:\WINDOWS\ehome\ehtray.exe

    C:\Program Files\Windows Media Player\wmpnscfg.exe

    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

    C:\Windows\ehome\ehmsas.exe

    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

    C:\hp\kbd\kbd.exe

    C:\Windows\Explorer.exe

    C:\Program Files\Internet Explorer\ieuser.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

    C:\Windows\system32\msfeedssync.exe

    C:\Users\Charlie\Desktop\HiJackThis.exe

     

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

    O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll

    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

    O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe

    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE

    O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"

    O4 - HKLM\..\Run: [sunJavaUpdateReg] "C:\Windows\system32\jureg.exe" -delete

    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"

    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

    O13 - Gopher Prefix:

    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

    O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

    O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

    O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe

    O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

     

    --

    End of file - 7533 bytes

    0
  • Customer

    ComboFix 08-11-07.01 - Charlie 2008-11-08 20:28:24.3 - NTFSx86

    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1058 [GMT 10.5:30]

    Running from: c:\users\Charlie\Desktop\ComboFix.exe

    Command switches used :: c:\users\Charlie\Desktop\CFScript.txt

    * Created a new restore point

    .

     

    ((((((((((((((((((((((((( Files Created from 2008-10-08 to 2008-11-08 )))))))))))))))))))))))))))))))

    .

     

    2008-11-07 18:56 . 2008-11-07 18:56 <DIR> d-------- c:\program files\Java

    2008-11-07 18:56 . 2008-11-07 18:56 410,976 --a------ c:\windows\System32\deploytk.dll

    2008-11-07 17:50 . 2008-11-07 17:50 <DIR> d-------- c:\users\Charlie\AppData\Roaming\Malwarebytes

    2008-11-07 17:50 . 2008-11-07 17:50 <DIR> d-------- c:\users\All Users\Malwarebytes

    2008-11-07 17:50 . 2008-11-07 17:50 <DIR> d-------- c:\programdata\Malwarebytes

    2008-11-07 17:50 . 2008-11-07 17:50 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

    2008-11-07 17:50 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys

    2008-11-07 17:50 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys

    2008-11-06 18:21 . 2008-11-06 18:21 <DIR> d-------- C:\rsit

    2008-11-05 05:24 . 2008-10-17 07:43 1,809,944 --a------ c:\windows\System32\wuaueng.dll

    2008-11-05 05:24 . 2008-10-17 07:26 1,524,736 --a------ c:\windows\System32\wucltux.dll

    2008-11-05 05:24 . 2008-10-17 07:39 51,224 --a------ c:\windows\System32\wuauclt.exe

    2008-11-05 05:24 . 2008-10-17 07:39 43,544 --a------ c:\windows\System32\wups2.dll

    2008-11-05 05:23 . 2008-10-17 07:42 561,688 --a------ c:\windows\System32\wuapi.dll

    2008-11-05 05:23 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll

    2008-11-05 05:23 . 2008-10-17 07:25 83,456 --a------ c:\windows\System32\wudriver.dll

    2008-11-05 05:23 . 2008-10-17 07:38 34,328 --a------ c:\windows\System32\wups.dll

    2008-11-05 05:23 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe

    2008-10-29 07:17 . 2008-09-18 15:26 147,456 --a------ c:\windows\System32\Faultrep.dll

    2008-10-29 07:17 . 2008-09-18 15:26 125,952 --a------ c:\windows\System32\wersvc.dll

    2008-10-29 06:06 . 2008-08-12 14:09 443,392 --a------ c:\windows\System32\win32spl.dll

    2008-10-24 08:41 . 2008-10-17 05:55 143,993 --------- c:\windows\hpoins16.dat.temp

    2008-10-24 08:41 . 2007-08-13 14:18 5,279 --------- c:\windows\hpomdl16.dat.temp

    2008-10-21 20:26 . 2008-10-21 20:53 <DIR> d-------- c:\users\Charlie\AppData\Roaming\muvee Technologies

    2008-10-21 20:26 . 2008-10-21 20:26 <DIR> d-------- c:\users\All Users\TEMP

    2008-10-21 20:26 . 2008-10-21 20:26 <DIR> d-------- c:\programdata\TEMP

    2008-10-16 10:38 . 2008-07-31 11:43 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll

    2008-10-16 10:38 . 2008-08-05 20:19 428,544 --a------ c:\windows\System32\EncDec.dll

    2008-10-16 10:38 . 2008-08-05 20:19 293,376 --a------ c:\windows\System32\psisdecd.dll

    2008-10-16 10:38 . 2008-08-05 20:18 217,088 --a------ c:\windows\System32\psisrndr.ax

    2008-10-16 10:38 . 2008-08-05 20:18 177,664 --a------ c:\windows\System32\mpg2splt.ax

    2008-10-16 10:38 . 2008-08-05 20:18 80,896 --a------ c:\windows\System32\MSNP.ax

    2008-10-16 10:38 . 2008-07-31 14:02 28,160 --a------ c:\windows\System32\Apphlpdm.dll

    2008-10-16 09:05 . 2008-09-18 15:39 3,601,464 --a------ c:\windows\System32\ntkrnlpa.exe

    2008-10-16 09:05 . 2008-09-18 15:39 3,549,240 --a------ c:\windows\System32\ntoskrnl.exe

    2008-10-16 09:05 . 2008-09-18 12:46 2,032,640 --a------ c:\windows\System32\win32k.sys

    2008-10-16 09:05 . 2008-08-27 11:36 288,768 --a------ c:\windows\System32\drivers\srv.sys

    2008-10-16 09:04 . 2008-10-02 12:02 1,383,424 --a------ c:\windows\System32\mshtml.tlb

    2008-10-16 09:04 . 2008-10-02 14:19 827,392 --a------ c:\windows\System32\wininet.dll

    2008-10-15 15:39 . 2008-10-15 15:39 <DIR> d-------- c:\program files\Maxtor

     

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2008-11-08 09:31 --------- d-----w c:\users\Charlie\AppData\Roaming\Skype

    2008-11-08 09:02 --------- d-----w c:\users\Charlie\AppData\Roaming\skypePM

    2008-11-08 07:57 --------- d-----w c:\program files\Spybot - Search & Destroy

    2008-11-08 04:43 --------- d-----w c:\programdata\Symantec

    2008-11-04 21:59 --------- d-----w c:\users\Charlie\AppData\Roaming\VSO

    2008-10-31 01:46 --------- d-----w c:\program files\McAfee

    2008-10-31 01:45 --------- d-----w c:\program files\Common Files\Symantec Shared

    2008-10-19 11:17 --------- d-----w c:\programdata\HPSSUPPLY

    2008-10-19 07:04 --------- d-----w c:\program files\Acoustica CD Label Maker

    2008-10-16 00:18 --------- d-----w c:\program files\Windows Mail

    2008-10-15 05:10 --------- d--h--w c:\program files\InstallShield Installation Information

    2008-10-04 21:36 --------- d-----w c:\programdata\SiteAdvisor

    2008-10-04 21:35 --------- d-----w c:\programdata\McAfee

    2008-10-04 21:35 --------- d-----w c:\program files\Common Files\McAfee

    2008-09-29 02:12 --------- d-----w c:\programdata\Kodak

    2008-09-14 12:43 --------- d-----w c:\program files\Common Files\Adobe AIR

    2008-09-14 12:42 --------- d-----w c:\program files\Common Files\Adobe

    2008-08-20 08:37 2,560 ----a-w c:\windows\_MSRSTRT.EXE

    2008-08-18 10:55 319,456 ----a-w c:\windows\DIFxAPI.dll

    2008-08-18 10:55 315,392 ----a-w c:\windows\HideWin.exe

    2008-08-03 10:23 262,144 ----a-w c:\programdata\ntuser.dat

    2008-06-27 04:24 56 ---ha-w c:\users\All Users\ezsidmv.dat

    2008-06-27 04:24 56 ---ha-w c:\programdata\ezsidmv.dat

    2008-06-14 07:37 174 --sha-w c:\program files\desktop.ini

    2008-06-12 09:45 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

    2008-06-12 09:45 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

    2008-06-12 09:45 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

    .

     

    ((((((((((((((((((((((((((((( snapshot_2008-11-07_19.13.24.89 )))))))))))))))))))))))))))))))))))))))))

    .

    - 2008-11-07 08:22:41 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

    + 2008-11-08 10:02:57 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

    + 2008-11-08 10:02:57 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1

    - 2008-11-07 08:22:36 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

    + 2008-11-08 10:02:57 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

    + 2008-11-08 10:02:57 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

    - 2008-11-07 08:38:25 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

    + 2008-11-08 10:00:25 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

    - 2008-11-07 08:38:25 65,536 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

    + 2008-11-08 10:00:25 65,536 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

    - 2008-11-07 08:38:25 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

    + 2008-11-08 10:00:25 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

    - 2008-11-07 07:16:05 5,910 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\34109D51568C2A00C6D0FD812651E8114B2584FA\34109D51568C2A00C6D0FD812651E8114B2584FA\Data.dat

    + 2008-11-08 08:33:23 5,910 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\34109D51568C2A00C6D0FD812651E8114B2584FA\34109D51568C2A00C6D0FD812651E8114B2584FA\Data.dat

    + 2008-11-08 09:34:19 4,862 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\54261A5E7866045FBF90D783E5D5464B18D76A76\54261A5E7866045FBF90D783E5D5464B18D76A76\Data.dat

    - 2008-11-07 08:32:49 5,790 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\6424794E152699BF6A60AE579F367DB9EFF60E99\6424794E152699BF6A60AE579F367DB9EFF60E99\Data.dat

    + 2008-11-08 09:36:32 5,794 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\6424794E152699BF6A60AE579F367DB9EFF60E99\6424794E152699BF6A60AE579F367DB9EFF60E99\Data.dat

    + 2008-11-08 09:18:25 5,084 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\6446554B6C234D6440FDD37B842B7171C0A0E935\6446554B6C234D6440FDD37B842B7171C0A0E935\Data.dat

    + 2008-11-08 09:20:35 5,202 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\85A34F0987118E0A56CFBCB125369C26C25E3A4A\85A34F0987118E0A56CFBCB125369C26C25E3A4A\Data.dat

    + 2008-11-08 08:33:29 3,384 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\C24788328F3516DD5B0BE283325CDAAAE830DA17\C24788328F3516DD5B0BE283325CDAAAE830DA17\Data.dat

    + 2008-11-08 09:19:31 5,714 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\C39CBFB939163872F6FCC779F5D069EE95E92114\C39CBFB939163872F6FCC779F5D069EE95E92114\Data.dat

    + 2008-11-08 09:21:15 5,700 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\C7AAE102DCAF37896B5ABA3F38F7326F239C60E3\C7AAE102DCAF37896B5ABA3F38F7326F239C60E3\Data.dat

    + 2008-11-08 08:34:04 4,918 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\C834E0684F12E9770E1BB4F249CFD38DC277BF8A\C834E0684F12E9770E1BB4F249CFD38DC277BF8A\Data.dat

    + 2008-11-08 09:16:09 5,686 ----a-w c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\E0FBE1A270B33EF4FBBC18F772B9C2A31DE95517\E0FBE1A270B33EF4FBBC18F772B9C2A31DE95517\Data.dat

    - 2008-11-07 00:09:15 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat

    + 2008-11-08 09:57:58 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat

    + 2008-11-08 09:57:58 262,144 ---ha-w c:\windows\System32\config\systemprofile\ntuser.dat.LOG1

    - 2008-11-07 08:25:21 105,448 ----a-w c:\windows\System32\perfc009.dat

    + 2008-11-08 09:41:25 105,448 ----a-w c:\windows\System32\perfc009.dat

    - 2008-11-07 08:25:21 599,942 ----a-w c:\windows\System32\perfh009.dat

    + 2008-11-08 09:41:25 599,942 ----a-w c:\windows\System32\perfh009.dat

    - 2008-11-07 08:23:07 8,638 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3299106393-3475166286-697493000-1000_UserData.bin

    + 2008-11-08 05:24:53 8,638 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3299106393-3475166286-697493000-1000_UserData.bin

    - 2008-11-07 08:23:07 82,106 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

    + 2008-11-08 05:24:53 82,106 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

    - 2008-11-07 08:23:05 46,642 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

    + 2008-11-08 05:24:52 46,988 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

    .

    -- Snapshot reset to current date --

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

     

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-19 65536]

    "KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-09 65536]

    "OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]

    "SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]

    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]

    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]

    "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-12-22 67752]

    "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 81920]

    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-22 13539872]

    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-22 92704]

    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

    "mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]

    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-07 136600]

    "RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 c:\windows\RtHDVCpl.exe]

     

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

     

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "EnableUIADesktopToggle"= 0 (0x0)

     

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

    "msacm.l3codecp"= l3codecp.acm

     

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]

    "UacDisableNotify"=dword:00000001

    "InternetSettingsDisableNotify"=dword:00000001

    "AutoUpdateDisableNotify"=dword:00000001

     

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

    "DisableMonitoring"=dword:00000001

     

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

    "DisableMonitoring"=dword:00000001

     

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

    "DisableMonitoring"=dword:00000001

     

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

    "AntiVirusOverride"=dword:00000001

     

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

    "EnableFirewall"= 0 (0x0)

     

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

    "{9114E626-A50A-4CAC-9720-4C9670A0090C}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector

    "{876E3634-B7A8-464C-ACEF-3785FBEF74C7}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

    "{DA4D75CD-B458-46AB-A6FF-A567A5509E81}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe

    "{6D4A789E-0E70-40C2-A4C3-A7EFE071C520}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe

    "{39FD184D-A111-419A-929C-567FEDE27029}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe

    "{054DFADA-3C1A-4DA2-BECB-012C83DE0538}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe

    "{61010454-CBBC-4326-A626-3A2917DE8000}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe

    "{05BE9E99-2F0A-4F44-9A76-35EDC29ADD65}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe

    "{7CD504E4-93AF-417D-B14F-8E15EB9011EB}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe

    "{9CF41B4A-FDE1-47DA-8DA0-547BE6C36D63}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe

    "{624C6A7C-1144-44BD-A090-D077D708C065}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe

    "{766C8848-344E-42CA-AC52-8B219EE30C7A}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe

    "{FC4FE70A-3846-4582-9BD9-EA9576DAD380}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe

    "{A4F30294-8B1C-4E6B-8D49-FF988BC04BA0}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe

    "{2EF6AD83-2743-42A4-9EF1-32235F7DC4DA}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe

    "{A4CCB681-1CF2-4286-832D-1D20DE0E8EBB}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe

    "{907198B2-B2E9-4342-8A3D-EE8110F81B85}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe

    "{4EAE6B4E-37D7-4CC5-B0ED-D9C123F4F8BE}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe

    "{7C388FBB-96B2-43F6-9DEA-BA0DB37FC0D2}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe

    "{F85CDD18-4084-4A5D-8AA0-E07472F6939C}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe

    "{9DB14414-94A5-4096-9156-579DC08AA371}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe

    "{74AD7B4A-2D51-4E14-A4F0-ABAE6718FC9D}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe

    "{88C77A7D-F76C-4DE7-AD9E-B54BFD3EEDEB}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server

    "{0BD3607E-48AD-492B-936A-92ADA12B946C}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server

    "{CA349CDA-F4B4-4C8F-B62E-E35D976363AA}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

    "{69C487EA-46B2-4EC7-90E8-93B42F2D119D}"= c:\program files\Skype\Phone\Skype.exe:Skype

     

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

    "EnableFirewall"= 0 (0x0)

     

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

    "EnableFirewall"= 0 (0x0)

     

    R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20081108.003\IDSvix86.sys [2008-09-12 270384]

    R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]

    R2 Maxtor Sync Service;Maxtor Service;c:\program files\Maxtor\Sync\SyncServices.exe [2008-07-21 193888]

    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-10-08 203280]

    R3 SYMNDISV;SYMNDISV;c:\windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 41008]

    S3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]

    S3 GameConsoleService;GameConsoleService;c:\program files\HP Games\My HP Game Console\GameConsoleService.exe [2007-07-24 181800]

    S4 nvrd32;NVIDIA nForce RAID Driver;c:\windows\system32\drivers\nvrd32.sys [2007-12-08 131616]

     

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

     

    *Newly Created Service* - COMHOST

    .

    Contents of the 'Scheduled Tasks' folder

     

    2008-11-03 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Charlie.job

    - c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-26 21:49]

     

    2008-11-08 c:\windows\Tasks\User_Feed_Synchronization-{F9317237-BD81-4915-97EC-9D09B3520DF1}.job

    - c:\windows\system32\msfeedssync.exe [2008-01-19 18:03]

    .

    - - - - ORPHANS REMOVED - - - -

     

    WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)

     

     

     

    **************************************************************************

     

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2008-11-08 20:33:03

    Windows 6.0.6001 Service Pack 1 NTFS

     

    scanning hidden processes ...

     

    scanning hidden autostart entries ...

     

    scanning hidden files ...

     

     

    c:\program files\Common Files\Symantec Shared\SPBBC\2008-11-08-74f3.kc 292404 bytes

     

    scan completed successfully

    hidden files: 1

     

    **************************************************************************

    .

    --------------------- DLLs Loaded Under Running Processes ---------------------

     

    PROCESS: c:\windows\Explorer.exe

    -> c:\program files\McAfee\SiteAdvisor\saHook.dll

    -> ?:\windows\system32\NSI.dll

    .

    ------------------------ Other Running Processes ------------------------

    .

    c:\windows\System32\nvvsvc.exe

    c:\windows\System32\audiodg.exe

    c:\windows\System32\rundll32.exe

    c:\program files\Lavasoft\Ad-Aware\aawservice.exe

    c:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

    c:\program files\Common Files\LightScribe\LSSrvc.exe

    c:\windows\System32\rundll32.exe

    c:\windows\System32\drivers\XAudio.exe

    c:\windows\System32\WUDFHost.exe

    c:\windows\System32\rundll32.exe

    c:\windows\ehome\ehmsas.exe

    c:\program files\Windows Media Player\wmpnetwk.exe

    c:\program files\HP\Digital Imaging\bin\hpqste08.exe

    c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe

    c:\hp\KBD\kbd.exe

    c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe

    c:\windows\System32\wbem\WMIADAP.exe

    c:\windows\System32\dllhost.exe

    .

    **************************************************************************

    .

    Completion time: 2008-11-08 20:37:49 - machine was rebooted

    ComboFix-quarantined-files.txt 2008-11-08 10:07:42

    ComboFix2.txt 2008-11-07 08:44:21

    ComboFix3.txt 2008-11-07 00:14:48

     

    Pre-Run: 184,478,097,408 bytes free

    Post-Run: 184,710,328,320 bytes free

     

    262 --- E O F --- 2008-11-07 19:23:52

    0
  • Customer

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 8:43:15 PM, on 8/11/2008

    Platform: Windows Vista SP1 (WinNT 6.00.1905)

    MSIE: Internet Explorer v7.00 (7.00.6001.18000)

    Boot mode: Normal

     

    Running processes:

    C:\Windows\system32\Dwm.exe

    C:\Windows\system32\taskeng.exe

    C:\WINDOWS\RtHDVCpl.exe

    C:\hp\support\hpsysdrv.exe

    C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

    C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe

    c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    C:\WINDOWS\System32\rundll32.exe

    C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe

    C:\Program Files\Java\jre6\bin\jusched.exe

    C:\WINDOWS\ehome\ehtray.exe

    C:\Program Files\Windows Media Player\wmpnscfg.exe

    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

    C:\Windows\ehome\ehmsas.exe

    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

    C:\hp\kbd\kbd.exe

    C:\Windows\Explorer.exe

    C:\Program Files\Internet Explorer\ieuser.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

    C:\Windows\system32\msfeedssync.exe

    C:\Users\Charlie\Desktop\HiJackThis.exe

     

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

    O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll

    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

    O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe

    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE

    O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"

    O4 - HKLM\..\Run: [sunJavaUpdateReg] "C:\Windows\system32\jureg.exe" -delete

    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"

    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

    O13 - Gopher Prefix:

    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

    O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

    O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

    O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe

    O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

     

    --

    End of file - 7533 bytes


     

    LtAngelic., I've done the runscanner, but I can't upload the file. I get the message upload failed .You are not allowed to upload this type of file

     

    I've renamed it Runfile.run.

     

    I can't find a way to copy and paste it. HELP

     

    Also, I can't save the blacklight (fsbl.exe) to C;

    it wants me to instal it to Charlie

    0
  • Customer

    Please attach the file on here.

    0
  • Customer

    Hey charlie,

     

    While I try to figure out how to upload the log for Runscanner, go ahead and run F-Secure Blacklight and post me the logs first. Thanks.

    0
  • Customer

    Please attach the file on here.

     

    It still won't upload.

     

     

    Upload failed. You are not permitted to upload this type of file

    0
  • Customer

    Hey charlie,

     

    I tried running Runscanner on my computer, besides the .run file, there is also an option to save a .log file. Please save the .log file and post the contents of the log file (in notepad document) on here.

    0

Please sign in to leave a comment.