Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

rootkit and possible viruses [RESOLVED]


  • This topic is locked This topic is locked

#1
Koso

Koso

    Member

  • Member
  • PipPip
  • 19 posts
I seem to have a rootkit that avg rootkit scanner found. It tries to delete it, however when it says its deleted...I do another scan and its still there. No other program is finding this as well. I dont know what to do. Here is the hijackthis log code. Though it still cant scan hosts section and the rootkit is believed to be in my drivers.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:32:06 PM, on 2/4/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVComS.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Xfire\Xfire.exe
C:\Users\Owner\Documents\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] "c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LVCOMS] "C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE"
O4 - HKLM\..\Run: [QCDriverInstaller] "C:\PROGRA~1\COMMON~1\Logitech\QCDRIV~2\Lqdsw.exe" /addrun /l 1033 /LaunchAtStart
O4 - HKLM\..\Run: [LogitechGalleryRepair] "C:\Program Files\Logitech\ImageStudio\ISStart.exe"
O4 - HKLM\..\Run: [LogitechImageStudioTray] "C:\Program Files\Logitech\ImageStudio\LogiTray.exe"
O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [HPAdvisor] "C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Aim6] ?
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [RunSpySweeperScheduleAtStartup] "C:\program files\hewlett-packard\sdp\ceement\HPCEE.exe" /ScheduleSweep=HPCeeScheduleForOwner
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSServer] "rundll32.exe" C:\Users\Owner\AppData\Local\Temp\ljjhhhi.dll,#1
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13760 bytes
  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.



Please download and unzip Icesword to its own folder on your desktop


If you get a lot of "red entries" in an IceSword log, don't panic.

Step 1 : Close all windows and run IceSword. Click the Processes tab and watch for processes displayed in red color. A red colored process in this list indicates that it's hidden. Write down the PathName of any processes in red color. Then click on LOG at the top left. It will prompt you to save the log, call this Processes and save it to your desktop.


Step 2 : Click the Win32 Services tab and look out for red colored entries in the services list. Write down the Module name of any services in red color, you will need to expand out the Module tab to see the full name. Then click on LOG. It will prompt you to save the log, call this Services and save it to your desktop.


Step 3 : Click the Startup tab and look out for red colored entries in the startup list. Write down the Path of any startup entries in red color. Then click on LOG. It will prompt you to save the log, call this Startup and save it to your desktop.


Step 4 : Click the SSDT tab and check for red colored entries. If there are any, write down the KModule name.


Step 5 : Click the Message Hooks tab and check for any entries that are underneath Type and labelled WH_KEYBOARD. Write down the Process Path of these entries if present.



Now post all of the data collected under the headings for :

Processes
Win32 Services
Startup
SSDT
Message Hooks

  • 0

#3
Koso

Koso

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Deckard's System Scanner v20071014.68
Run by Owner on 2008-02-04 19:21:57
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:22:14 PM, on 2/4/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Winamp\winampa.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVComS.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Windows\System32\mobsync.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Xfire\Xfire.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Owner\Desktop\dss.exe
C:\Users\Owner\DOCUME~1\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] "c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LVCOMS] "C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE"
O4 - HKLM\..\Run: [QCDriverInstaller] "C:\PROGRA~1\COMMON~1\Logitech\QCDRIV~2\Lqdsw.exe" /addrun /l 1033 /LaunchAtStart
O4 - HKLM\..\Run: [LogitechGalleryRepair] "C:\Program Files\Logitech\ImageStudio\ISStart.exe"
O4 - HKLM\..\Run: [LogitechImageStudioTray] "C:\Program Files\Logitech\ImageStudio\LogiTray.exe"
O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [HPAdvisor] "C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Aim6] ?
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [RunSpySweeperScheduleAtStartup] "C:\program files\hewlett-packard\sdp\ceement\HPCEE.exe" /ScheduleSweep=HPCeeScheduleForOwner
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSServer] "rundll32.exe" C:\Users\Owner\AppData\Local\Temp\ljjhhhi.dll,#1
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 15251 bytes

-- Files created between 2008-01-04 and 2008-02-04 -----------------------------

2008-02-04 18:01:13 195072 --a------ C:\Windows\Zerg Saver.scr
2008-02-04 17:59:39 342528 --a------ C:\Windows\PROTOSS.SCR
2008-02-04 17:06:23 0 d-------- C:\Program Files\Alwil Software
2008-02-04 16:59:17 0 d-------- C:\Users\All Users\InstallShield
2008-02-04 16:58:42 0 d-------- C:\Games
2008-02-04 16:35:51 0 d-------- C:\Users\All Users\Lavasoft
2008-02-04 16:35:20 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-03 19:41:23 0 d-------- C:\VundoFix Backups
2008-02-03 19:40:59 0 d-------- C:\Program Files\ZyX
2008-02-03 17:24:53 0 d-a------ C:\Users\All Users\TEMP
2008-02-03 17:24:39 0 d-------- C:\Program Files\Spyware Doctor
2008-02-02 10:01:07 0 d-------- C:\NVIDIA
2008-02-01 12:32:19 21396 --a------ C:\Users\Owner\Desktop(2)
2008-01-30 23:03:33 1732 --a------ C:\Windows\system32\drivers\nvphy.bin
2008-01-30 20:13:39 0 d-------- C:\Users\All Users\NCH Swift Sound
2008-01-30 20:13:26 0 d-------- C:\Program Files\NCH Swift Sound
2008-01-26 10:19:27 0 d-------- C:\Users\Owner\Kitty Sutra
2008-01-25 20:20:24 0 d-------- C:\Program Files\IMVU
2008-01-25 20:19:38 0 d-------- C:\Program Files\Skype
2008-01-25 20:19:38 0 d-------- C:\Program Files\Common Files\Skype
2008-01-25 20:19:29 0 d-------- C:\Users\All Users\Skype
2008-01-19 11:08:33 0 d-------- C:\Program Files\Common Files\Logitech
2008-01-19 11:08:03 0 d-------- C:\Program Files\Windows Media Components
2008-01-19 11:05:38 0 d-------- C:\Program Files\Logitech
2008-01-19 00:20:42 0 d-------- C:\Users\All Users\Webroot
2008-01-19 00:20:42 0 d-------- C:\Program Files\Webroot
2008-01-19 00:20:13 164 --a------ C:\install.dat
2008-01-17 16:40:40 0 d-------- C:\Users\All Users\Adobe Systems
2008-01-17 16:37:00 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-01-17 16:24:00 92544 --a------ C:\Windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
2008-01-17 16:23:59 0 d-------- C:\Program Files\MagicDisc
2008-01-17 16:20:11 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-01-17 06:57:23 715248 --a------ C:\Windows\system32\drivers\sptd.sys
2008-01-13 12:05:16 0 d-------- C:\Program Files\SpywareBlaster
2008-01-12 23:19:41 0 d-------- C:\Program Files\DivX
2008-01-12 23:17:38 0 d-------- C:\Program Files\Webteh
2008-01-12 15:40:22 43520 --a------ C:\Windows\system32\CmdLineExt03.dll
2008-01-12 09:00:55 0 d-------- C:\Program Files\GlobFX Technologies
2008-01-11 16:15:08 0 d-------- C:\Program Files\Norton Internet Security
2008-01-11 16:14:34 0 d-------- C:\Windows\system32\Kaspersky Lab
2008-01-11 16:12:42 0 d-------- C:\Program Files\Symantec
2008-01-11 15:30:45 0 d-------- C:\Users\All Users\Xfire
2008-01-09 06:29:24 528 -ra------ C:\MediaID.bin
2008-01-08 17:45:10 0 d-------- C:\Users\All Users\Google
2008-01-08 17:43:55 0 d-------- C:\Users\All Users\{B3C2C1CD-6B77-4A96-B670-F734AC2A1CBC}
2008-01-08 17:43:28 0 d-------- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
2008-01-08 17:40:21 0 d-------- C:\Program Files\Microsoft.NET
2008-01-08 17:38:27 0 d-------- C:\Users\All Users\Microsoft Help
2008-01-08 17:38:04 0 dr-h----- C:\MSOCache
2008-01-08 16:26:29 0 d-------- C:\Program Files\LimeWire
2008-01-08 15:30:00 0 d-------- C:\Program Files\Abexo
2008-01-08 14:55:51 0 d-------- C:\Program Files\iPod
2008-01-08 14:55:48 0 d-------- C:\Program Files\iTunes
2008-01-08 14:55:09 0 d-------- C:\Program Files\Common Files\Apple
2008-01-04 23:19:39 2829 --a------ C:\Windows\War3Unin.pif
2008-01-04 23:19:39 139264 --a------ C:\Windows\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2008-01-04 23:19:39 55697 --a------ C:\Windows\War3Unin.dat
2008-01-04 23:16:48 0 d-------- C:\Program Files\Warcraft III
2008-01-04 15:58:50 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2008-01-04 15:57:22 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-01-04 15:57:22 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-01-04 15:57:12 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 15:57:10 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-01-04 15:57:10 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 15:57:10 682496 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 15:56:24 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll
2008-01-04 00:45:37 0 d-------- C:\Program Files\Common Files\Steam
2008-01-04 00:45:36 0 d-------- C:\Program Files\Steam


-- Find3M Report ---------------------------------------------------------------

2008-02-04 18:03:41 0 d-------- C:\Users\Owner\AppData\Roaming\Xfire
2008-02-04 17:04:10 0 d---s---- C:\Program Files\Xfire
2008-02-04 16:59:10 0 d-------- C:\Program Files\Common Files\InstallShield
2008-02-04 16:36:27 0 d-------- C:\Program Files\Lavasoft
2008-02-04 16:36:26 0 d-------- C:\Users\Owner\AppData\Roaming\Lavasoft
2008-02-04 16:35:20 0 d-------- C:\Program Files\Common Files
2008-02-04 08:00:02 0 d-------- C:\Users\Owner\AppData\Roaming\AVG7
2008-02-04 06:47:22 0 d-------- C:\Users\Owner\AppData\Roaming\Adobe
2008-02-03 22:19:56 0 d-------- C:\Program Files\Starcraft
2008-02-02 23:33:50 0 d-------- C:\Users\Owner\AppData\Roaming\IMVU
2008-02-01 20:03:45 0 d-------- C:\Users\Owner\AppData\Roaming\LimeWire
2008-02-01 17:53:43 1024 --a------ C:\Users\Owner\AppData\Roaming\WavCodec.wff
2008-01-30 20:13:39 0 d-------- C:\Users\Owner\AppData\Roaming\NCH Swift Sound
2008-01-27 09:40:10 0 d-------- C:\Program Files\Winamp
2008-01-26 14:07:50 0 d-------- C:\Users\Owner\AppData\Roaming\Yahoo!
2008-01-26 09:04:33 0 d-------- C:\Users\Owner\AppData\Roaming\Skype
2008-01-25 22:28:09 0 d-------- C:\Program Files\World of Warcraft
2008-01-21 17:23:18 0 d-------- C:\Users\Owner\AppData\Roaming\Google
2008-01-19 00:20:42 0 d-------- C:\Users\Owner\AppData\Roaming\Webroot
2008-01-18 20:36:15 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-18 20:28:42 0 d-------- C:\Program Files\Common Files\Adobe
2008-01-17 16:39:38 0 d-------- C:\Users\Owner\AppData\Roaming\DAEMON Tools
2008-01-12 23:19:58 0 d-------- C:\Users\Owner\AppData\Roaming\DivX
2008-01-12 23:19:48 0 d-------- C:\Program Files\Common Files\PX Storage Engine
2008-01-11 16:22:46 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-09 06:16:47 0 d-------- C:\Program Files\Windows Mail
2008-01-09 06:16:46 0 d-------- C:\Program Files\Windows Sidebar
2008-01-09 06:04:44 0 d-------- C:\Program Files\Google
2008-01-08 17:41:22 0 d-------- C:\Program Files\Microsoft Works
2008-01-08 14:56:22 0 d-------- C:\Users\Owner\AppData\Roaming\Apple Computer
2008-01-06 19:03:14 0 d-------- C:\Users\Owner\AppData\Roaming\Hewlett-Packard
2008-01-05 16:53:28 35281 --a------ C:\Windows\scunin.dat
2008-01-05 16:53:27 967 --a------ C:\Windows\ScUnin.pif
2008-01-05 16:53:27 94208 --a------ C:\Windows\ScUnin.exe <Not Verified; Blizzard Entertainment; Starcraft Uninstaller>
2008-01-03 21:58:04 0 d-------- C:\Users\Owner\AppData\Roaming\Roxio
2008-01-03 15:30:23 0 d-------- C:\Program Files\CCleaner
2008-01-03 14:43:38 0 d-------- C:\Program Files\The Cleaner Free
2008-01-02 19:13:25 0 d-------- C:\Program Files\Sierra Entertainment
2008-01-02 12:34:40 0 d-------- C:\Program Files\Enigma Software Group
2008-01-02 01:26:32 0 d-------- C:\Program Files\Common Files\SureThing Shared
2007-12-31 19:32:03 0 d-------- C:\Program Files\GameSpy Arcade
2007-12-31 15:21:02 0 d-------- C:\Program Files\Canon
2007-12-31 00:38:40 0 d-------- C:\Users\Owner\AppData\Roaming\Winamp
2007-12-30 18:32:08 0 d-------- C:\Users\Owner\AppData\Roaming\acccore
2007-12-30 18:31:32 0 d-------- C:\Program Files\AIM6
2007-12-30 18:31:24 0 d-------- C:\Program Files\Viewpoint
2007-12-30 18:30:41 0 d-------- C:\Program Files\Common Files\AOL
2007-12-30 10:28:19 0 d-------- C:\Users\Owner\AppData\Roaming\WinRAR
2007-12-30 09:08:46 0 d-------- C:\Users\Owner\AppData\Roaming\WinBatch
2007-12-29 23:14:50 0 d-------- C:\Program Files\BitLord
2007-12-29 22:41:30 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2007-12-29 22:31:00 0 d-------- C:\Program Files\QuickTime
2007-12-29 22:30:17 0 d-------- C:\Program Files\Apple Software Update
2007-12-29 22:25:11 0 d-------- C:\Program Files\THQ
2007-12-29 13:39:40 0 d-------- C:\Program Files\Windows Live Toolbar
2007-12-29 13:39:20 0 d-------- C:\Program Files\Windows Live Favorites
2007-12-29 13:38:21 0 dr-h----- C:\Users\Owner\AppData\Roaming\SecuROM
2007-12-29 13:38:16 0 d-------- C:\Program Files\Windows Live
2007-12-29 13:38:03 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-29 13:33:26 0 d-------- C:\Users\Owner\AppData\Roaming\InstallShield
2007-12-29 13:25:31 0 d-------- C:\Program Files\Yahoo!
2007-12-29 13:20:17 0 d-------- C:\Program Files\Sierra
2007-12-29 12:51:11 0 --a------ C:\Windows\nsreg.dat
2007-12-29 12:51:09 0 d-------- C:\Users\Owner\AppData\Roaming\Mozilla
2007-12-29 08:59:07 0 d-------- C:\Users\Owner\AppData\Roaming\Macromedia
2007-12-29 08:46:39 0 d-------- C:\Users\Owner\AppData\Roaming\Snapfish
2007-12-29 08:40:24 174 --ahs---- C:\Program Files\desktop.ini
2007-12-29 08:38:39 0 d-------- C:\Program Files\Windows Calendar
2007-12-29 07:55:39 0 d-------- C:\Program Files\MSXML 4.0
2007-12-29 07:54:40 0 d-------- C:\Users\Owner\AppData\Roaming\Identities


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [08/28/2007 10:56 PM]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [02/15/2007 05:59 AM]
"RtHDVCpl"="RtHDVCpl.exe" [07/06/2007 05:06 AM C:\Windows\RtHDVCpl.exe]
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [05/24/2007 02:13 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]
"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [04/07/2007 03:56 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [12/11/2007 10:56 AM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [01/15/2008 04:54 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [01/03/2008 12:40 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [12/11/2007 12:10 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/09/2007 03:59 PM]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [12/10/2002 05:54 PM]
"QCDriverInstaller"="C:\PROGRA~1\COMMON~1\Logitech\QCDRIV~2\Lqdsw.exe" [12/10/2002 06:34 PM]
"LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [12/10/2002 06:32 PM]
"LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [12/10/2002 06:31 PM]
"NvSvc"="RUNDLL32.exe" [11/02/2006 03:45 AM C:\Windows\System32\rundll32.exe]
"NvCplDaemon"="RUNDLL32.exe" [11/02/2006 03:45 AM C:\Windows\System32\rundll32.exe]
"NvMediaCenter"="RUNDLL32.exe" [11/02/2006 03:45 AM C:\Windows\System32\rundll32.exe]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [06/16/2004 06:03 AM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [12/04/2007 07:00 AM]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [01/04/2008 08:56 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [01/09/2008 06:11 AM]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [06/01/2007 02:40 PM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 06:35 AM]
"Aim6"="?" []
"Steam"="C:\Program Files\Steam\Steam.exe" [01/04/2008 12:46 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08/31/2007 04:46 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [01/08/2008 05:45 PM]
"RunSpySweeperScheduleAtStartup"="C:\program files\hewlett-packard\sdp\ceement\HPCEE.exe" [05/17/2007 05:55 PM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 05:43 PM]
"MSServer"="rundll32.exe" [11/02/2006 03:45 AM C:\Windows\System32\rundll32.exe]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [06/16/2004 06:03 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Launcher"=%WINDIR%\SMINST\launcher.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 7:16:50 PM]
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [1/17/2008 4:23:59 PM]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [10/26/2006 8:24:54 PM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish Media Detector.lnk - C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe [5/7/2007 11:35:56 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 01/03/2008 12:35 PM 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4594f23e-6697-11dc-96aa-806e6f6e6963}]
AutoRun\command- E:\autoplay.exe

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-02-04 19:23:12 ------------






Processes: 1 Red Unknown ??? I just rechecked the section and the red went missing.

Process:

System Idle Process
System
???
C:\Windows\System32\smss.exe
C:\Windows\System32\csrss.exe
C:\Windows\System32\wininit.exe
C:\Windows\System32\csrss.exe
C:\Windows\System32\services.exe
C:\Windows\System32\lsass.exe
C:\Windows\System32\lsm.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\winlogon.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\SearchFilterHost.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\SLsvc.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\taskeng.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\System32\dwm.exe
C:\Windows\explorer.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\SearchIndexer.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\SearchProtocolHost.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Winamp\winampa.exe
C:\Windows\System32\schtasks.exe
C:\Windows\System32\taskeng.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVComS.exe
C:\Windows\System32\rundll32.exe
C:\Users\Owner\Desktop\IceSword122en\IceSword122en\IceSword.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\taskeng.exe
C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Webroot\Spy Sweeper\ssu.exe

Win32 Services:

Started Service:

Service Name:aawservice Display Name:Ad-Aware 2007 Service
Service Name:AeLookupSvc Display Name:Application Experience
Service Name:Appinfo Display Name:Application Information
Service Name:Apple Mobile Device Display Name:Apple Mobile Device
Service Name:aswUpdSv Display Name:avast! iAVS4 Control Service
Service Name:AudioEndpointBuilder Display Name:Windows Audio Endpoint Builder
Service Name:Audiosrv Display Name:Windows Audio
Service Name:Automatic LiveUpdate Scheduler Display Name:Automatic LiveUpdate Scheduler
Service Name:avast! Antivirus Display Name:avast! Antivirus
Service Name:avast! Mail Scanner Display Name:avast! Mail Scanner
Service Name:avast! Web Scanner Display Name:avast! Web Scanner
Service Name:Avg7Alrt Display Name:AVG7 Alert Manager Server
Service Name:Avg7UpdSvc Display Name:AVG7 Update Service
Service Name:AvgCoreSvc Display Name:AVG7 Resident Shield Service
Service Name:AVGEMS Display Name:AVG E-mail Scanner
Service Name:BFE Display Name:Base Filtering Engine
Service Name:BITS Display Name:Background Intelligent Transfer Service
Service Name:Browser Display Name:Computer Browser
Service Name:ccEvtMgr Display Name:Symantec Event Manager
Service Name:ccSetMgr Display Name:Symantec Settings Manager
Service Name:CLTNetCnService Display Name:Symantec Lic NetConnect service
Service Name:CryptSvc Display Name:Cryptographic Services
Service Name:DcomLaunch Display Name:DCOM Server Process Launcher
Service Name:Dhcp Display Name:DHCP Client
Service Name:Dnscache Display Name:DNS Client
Service Name:DPS Display Name:Diagnostic Policy Service
Service Name:EapHost Display Name:Extensible Authentication Protocol
Service Name:EMDMgmt Display Name:ReadyBoost
Service Name:Eventlog Display Name:Windows Event Log
Service Name:EventSystem Display Name:COM+ Event System
Service Name:fdPHost Display Name:Function Discovery Provider Host
Service Name:FDResPub Display Name:Function Discovery Resource Publication
Service Name:FontCache3.0.0.0 Display Name:Windows Presentation Foundation Font Cache 3.0.0.0
Service Name:gpsvc Display Name:Group Policy Client
Service Name:hidserv Display Name:Human Interface Device Access
Service Name:HP Health Check Service Display Name:HP Health Check Service
Service Name:IKEEXT Display Name:IKE and AuthIP IPsec Keying Modules
Service Name:iphlpsvc Display Name:IP Helper
Service Name:iPod Service Display Name:iPod Service
Service Name:KeyIso Display Name:CNG Key Isolation
Service Name:KtmRm Display Name:KtmRm for Distributed Transaction Coordinator
Service Name:LanmanServer Display Name:Server
Service Name:LanmanWorkstation Display Name:Workstation
Service Name:LightScribeService Display Name:LightScribeService Direct Disc Labeling Service
Service Name:lmhosts Display Name:TCP/IP NetBIOS Helper
Service Name:MMCSS Display Name:Multimedia Class Scheduler
Service Name:MpsSvc Display Name:Windows Firewall
Service Name:Netman Display Name:Network Connections
Service Name:netprofm Display Name:Network List Service
Service Name:NlaSvc Display Name:Network Location Awareness
Service Name:nsi Display Name:Network Store Interface Service
Service Name:PcaSvc Display Name:Program Compatibility Assistant Service
Service Name:PlugPlay Display Name:Plug and Play
Service Name:PolicyAgent Display Name:IPsec Policy Agent
Service Name:ProfSvc Display Name:User Profile Service
Service Name:RasMan Display Name:Remote Access Connection Manager
Service Name:RpcSs Display Name:Remote Procedure Call (RPC)
Service Name:SamSs Display Name:Security Accounts Manager
Service Name:SBSDWSCService Display Name:SBSD Security Center Service
Service Name:Schedule Display Name:Task Scheduler
Service Name:seclogon Display Name:Secondary Logon
Service Name:SENS Display Name:System Event Notification Service
Service Name:ShellHWDetection Display Name:Shell Hardware Detection
Service Name:slsvc Display Name:Software Licensing
Service Name:Spooler Display Name:Print Spooler
Service Name:SSDPSRV Display Name:SSDP Discovery
Service Name:stisvc Display Name:Windows Image Acquisition (WIA)
Service Name:Symantec Core LC Display Name:Symantec Core LC
Service Name:SymAppCore Display Name:Symantec AppCore Service
Service Name:SysMain Display Name:Superfetch
Service Name:TabletInputService Display Name:Tablet PC Input Service
Service Name:TapiSrv Display Name:Telephony
Service Name:TermService Display Name:Terminal Services
Service Name:Themes Display Name:Themes
Service Name:TrkWks Display Name:Distributed Link Tracking Client
Service Name:upnphost Display Name:UPnP Device Host
Service Name:usnjsvc Display Name:Messenger Sharing Folders USN Journal Reader service
Service Name:UxSms Display Name:Desktop Window Manager Session Manager
Service Name:Viewpoint Manager Service Display Name:Viewpoint Manager Service
Service Name:W32Time Display Name:Windows Time
Service Name:WdiSystemHost Display Name:Diagnostic System Host
Service Name:WebClient Display Name:WebClient
Service Name:WebrootSpySweeperService Display Name:Webroot Spy Sweeper Engine
Service Name:WerSvc Display Name:Windows Error Reporting Service
Service Name:Winmgmt Display Name:Windows Management Instrumentation
Service Name:Wlansvc Display Name:WLAN AutoConfig
Service Name:WPDBusEnum Display Name:Portable Device Enumerator Service
Service Name:wscsvc Display Name:Security Center
Service Name:WSearch Display Name:Windows Search
Service Name:wuauserv Display Name:Windows Update
Service Name:wudfsvc Display Name:Windows Driver Foundation - User-mode Driver Framework
Service Name:XAudioService Display Name:XAudioService

Startup:

Startup:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Windows Defender
"C:\Program Files\Windows Defender\MSASCui.exe" -hide

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
OsdMaestro
"C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
RtHDVCpl
RtHDVCpl.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HP Health Check Scheduler
"c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Adobe Reader Speed Launcher
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SunJavaUpdateReg
"C:\Windows\system32\jureg.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
QuickTime Task
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
WinampAgent
"C:\Program Files\Winamp\winampa.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AVG7_CC
"C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
iTunesHelper
"C:\Program Files\iTunes\iTunesHelper.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ccApp
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
LVCOMS
"C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
QCDriverInstaller
"C:\PROGRA~1\COMMON~1\Logitech\QCDRIV~2\Lqdsw.exe" /addrun /l 1033 /LaunchAtStart

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
LogitechGalleryRepair
"C:\Program Files\Logitech\ImageStudio\ISStart.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
LogitechImageStudioTray
"C:\Program Files\Logitech\ImageStudio\LogiTray.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NvSvc
"RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NvCplDaemon
"RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NvMediaCenter
"RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ISUSScheduler
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
avast!
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SpySweeper
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Sidebar
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HPAdvisor
"C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" autoRun

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
ehTray.exe
C:\Windows\ehome\ehTray.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Aim6
?

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Steam
"C:\Program Files\Steam\Steam.exe" -silent

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
SpybotSD TeaTimer
"C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
swg
"C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
RunSpySweeperScheduleAtStartup
"C:\program files\hewlett-packard\sdp\ceement\HPCEE.exe" /ScheduleSweep=HPCeeScheduleForOwner

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Yahoo! Pager
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
MSServer
"rundll32.exe" C:\Users\Owner\AppData\Local\Temp\ljjhhhi.dll,#1

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion

Edited by Koso, 04 February 2008 - 07:38 PM.

  • 0

#4
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Can you post all the IceSword logs there, some are missing

Also do this

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKCU\..\Run: [MSServer] "rundll32.exe" C:\Users\Owner\AppData\Local\Temp\ljjhhhi.dll,#1


2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.



Backup Your Registry with ERUNT
  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe



Now we need to fix your problems by making a .reg file. Copy the code below into a Notepad file. Name the file as fix.reg, change the "Save as Type" to "All files" and save it on the desktop.

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4594f23e-6697-11dc-96aa-806e6f6e6963}]


Then double click on the fix.reg file, when it prompts to merge click "Yes".
  • 0

#5
Koso

Koso

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
It would not let me make a log of anything else...also the ERUNT was denied access. I used the atf cleaner and I am not sure but I think it messed up the layout of my firefox browser. There is no background.\

Edit: Fixed it by reinstalling it.

Edited by Koso, 05 February 2008 - 08:22 PM.

  • 0

#6
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Do this step in IceSword.exe

Step 4 : Click the SSDT tab and check for red colored entries. If there are any, write down the KModule name.


Step 5 : Click the Message Hooks tab and check for any entries that are underneath Type and labelled WH_KEYBOARD. Write down the Process Path of these entries if present.


Also post a new DSS log
  • 0

#7
Koso

Koso

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
SSDT: 22 unknown red files

message hooks: 0x00010129 wh_keyboard_ll 0x004013e0 c:\program files\hewlett-packard\on-screen osd\indicator\
0xc32b01e1 wh_keyboard 0x00001031 c:\program files\yahoo!\messenger\yahoomessenger.exe
0x000604b1 wh_keyboard 0x6ed91602 c:\program files\windows live\messenger\msnmsgr.exe
0x001d0505 wh_keyboard 0x0003f385 c:\program files\xfire\xfire.exe


DSS Log:

Deckard's System Scanner v20071014.68
Run by Owner on 2008-02-06 21:39:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:40:05 PM, on 2/6/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\jureg.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVComS.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
C:\Windows\System32\mobsync.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Xfire\Xfire.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Owner\Desktop\dss.exe
C:\Users\Owner\DOCUME~1\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] "c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LVCOMS] "C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE"
O4 - HKLM\..\Run: [QCDriverInstaller] "C:\PROGRA~1\COMMON~1\Logitech\QCDRIV~2\Lqdsw.exe" /addrun /l 1033 /LaunchAtStart
O4 - HKLM\..\Run: [LogitechGalleryRepair] "C:\Program Files\Logitech\ImageStudio\ISStart.exe"
O4 - HKLM\..\Run: [LogitechImageStudioTray] "C:\Program Files\Logitech\ImageStudio\LogiTray.exe"
O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [HPAdvisor] "C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Aim6] ?
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [RunSpySweeperScheduleAtStartup] "C:\program files\hewlett-packard\sdp\ceement\HPCEE.exe" /ScheduleSweep=HPCeeScheduleForOwner
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 15175 bytes

-- Files created between 2008-01-06 and 2008-02-06 -----------------------------

2008-02-04 18:01:13 195072 --a------ C:\Windows\Zerg Saver.scr
2008-02-04 17:59:39 342528 --a------ C:\Windows\PROTOSS.SCR
2008-02-04 17:06:23 0 d-------- C:\Program Files\Alwil Software
2008-02-04 16:59:17 0 d-------- C:\Users\All Users\InstallShield
2008-02-04 16:58:42 0 d-------- C:\Games
2008-02-04 16:35:51 0 d-------- C:\Users\All Users\Lavasoft
2008-02-04 16:35:20 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-03 19:41:23 0 d-------- C:\VundoFix Backups
2008-02-03 19:40:59 0 d-------- C:\Program Files\ZyX
2008-02-03 17:24:53 0 d-a------ C:\Users\All Users\TEMP
2008-02-03 17:24:39 0 d-------- C:\Program Files\Spyware Doctor
2008-02-02 10:01:07 0 d-------- C:\NVIDIA
2008-02-01 12:32:19 21396 --a------ C:\Users\Owner\Desktop(2)
2008-01-30 23:03:33 1732 --a------ C:\Windows\system32\drivers\nvphy.bin
2008-01-30 20:13:39 0 d-------- C:\Users\All Users\NCH Swift Sound
2008-01-30 20:13:26 0 d-------- C:\Program Files\NCH Swift Sound
2008-01-26 10:19:27 0 d-------- C:\Users\Owner\Kitty Sutra
2008-01-25 20:20:24 0 d-------- C:\Program Files\IMVU
2008-01-25 20:19:38 0 d-------- C:\Program Files\Skype
2008-01-25 20:19:38 0 d-------- C:\Program Files\Common Files\Skype
2008-01-25 20:19:29 0 d-------- C:\Users\All Users\Skype
2008-01-19 11:08:33 0 d-------- C:\Program Files\Common Files\Logitech
2008-01-19 11:08:03 0 d-------- C:\Program Files\Windows Media Components
2008-01-19 11:05:38 0 d-------- C:\Program Files\Logitech
2008-01-19 00:20:42 0 d-------- C:\Users\All Users\Webroot
2008-01-19 00:20:42 0 d-------- C:\Program Files\Webroot
2008-01-19 00:20:13 164 --a------ C:\install.dat
2008-01-17 16:40:40 0 d-------- C:\Users\All Users\Adobe Systems
2008-01-17 16:37:00 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-01-17 16:24:00 92544 --a------ C:\Windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
2008-01-17 16:23:59 0 d-------- C:\Program Files\MagicDisc
2008-01-17 16:20:11 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-01-17 06:57:23 715248 --a------ C:\Windows\system32\drivers\sptd.sys
2008-01-13 12:05:16 0 d-------- C:\Program Files\SpywareBlaster
2008-01-12 23:19:41 0 d-------- C:\Program Files\DivX
2008-01-12 23:17:38 0 d-------- C:\Program Files\Webteh
2008-01-12 15:40:22 43520 --a------ C:\Windows\system32\CmdLineExt03.dll
2008-01-12 09:00:55 0 d-------- C:\Program Files\GlobFX Technologies
2008-01-11 16:15:08 0 d-------- C:\Program Files\Norton Internet Security
2008-01-11 16:14:34 0 d-------- C:\Windows\system32\Kaspersky Lab
2008-01-11 16:12:42 0 d-------- C:\Program Files\Symantec
2008-01-11 15:30:45 0 d-------- C:\Users\All Users\Xfire
2008-01-09 06:29:24 528 -ra------ C:\MediaID.bin
2008-01-08 17:45:10 0 d-------- C:\Users\All Users\Google
2008-01-08 17:43:55 0 d-------- C:\Users\All Users\{B3C2C1CD-6B77-4A96-B670-F734AC2A1CBC}
2008-01-08 17:43:28 0 d-------- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
2008-01-08 17:40:21 0 d-------- C:\Program Files\Microsoft.NET
2008-01-08 17:38:27 0 d-------- C:\Users\All Users\Microsoft Help
2008-01-08 17:38:04 0 dr-h----- C:\MSOCache
2008-01-08 16:26:29 0 d-------- C:\Program Files\LimeWire
2008-01-08 15:30:00 0 d-------- C:\Program Files\Abexo
2008-01-08 14:55:51 0 d-------- C:\Program Files\iPod
2008-01-08 14:55:48 0 d-------- C:\Program Files\iTunes
2008-01-08 14:55:09 0 d-------- C:\Program Files\Common Files\Apple


-- Find3M Report ---------------------------------------------------------------

2008-02-06 08:00:04 0 d-------- C:\Users\Owner\AppData\Roaming\AVG7
2008-02-06 07:00:46 0 d-------- C:\Users\Owner\AppData\Roaming\Xfire
2008-02-05 22:16:07 0 d-------- C:\Program Files\Steam
2008-02-05 20:30:57 0 d-------- C:\Program Files\Starcraft
2008-02-05 20:09:08 0 d-------- C:\Program Files\Java
2008-02-04 17:04:10 0 d---s---- C:\Program Files\Xfire
2008-02-04 16:59:10 0 d-------- C:\Program Files\Common Files\InstallShield
2008-02-04 16:36:27 0 d-------- C:\Program Files\Lavasoft
2008-02-04 16:36:26 0 d-------- C:\Users\Owner\AppData\Roaming\Lavasoft
2008-02-04 16:35:20 0 d-------- C:\Program Files\Common Files
2008-02-04 06:47:22 0 d-------- C:\Users\Owner\AppData\Roaming\Adobe
2008-02-02 23:33:50 0 d-------- C:\Users\Owner\AppData\Roaming\IMVU
2008-02-01 20:03:45 0 d-------- C:\Users\Owner\AppData\Roaming\LimeWire
2008-02-01 17:53:43 1024 --a------ C:\Users\Owner\AppData\Roaming\WavCodec.wff
2008-01-30 20:13:39 0 d-------- C:\Users\Owner\AppData\Roaming\NCH Swift Sound
2008-01-27 17:36:26 0 d-------- C:\Program Files\Warcraft III
2008-01-27 09:40:10 0 d-------- C:\Program Files\Winamp
2008-01-26 14:07:50 0 d-------- C:\Users\Owner\AppData\Roaming\Yahoo!
2008-01-26 09:04:33 0 d-------- C:\Users\Owner\AppData\Roaming\Skype
2008-01-25 22:28:09 0 d-------- C:\Program Files\World of Warcraft
2008-01-21 17:23:18 0 d-------- C:\Users\Owner\AppData\Roaming\Google
2008-01-20 09:23:22 0 d-------- C:\Program Files\Common Files\Steam
2008-01-19 00:20:42 0 d-------- C:\Users\Owner\AppData\Roaming\Webroot
2008-01-18 20:36:15 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-18 20:28:42 0 d-------- C:\Program Files\Common Files\Adobe
2008-01-17 16:39:38 0 d-------- C:\Users\Owner\AppData\Roaming\DAEMON Tools
2008-01-12 23:19:58 0 d-------- C:\Users\Owner\AppData\Roaming\DivX
2008-01-12 23:19:48 0 d-------- C:\Program Files\Common Files\PX Storage Engine
2008-01-11 16:22:46 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-09 06:16:47 0 d-------- C:\Program Files\Windows Mail
2008-01-09 06:16:46 0 d-------- C:\Program Files\Windows Sidebar
2008-01-09 06:04:44 0 d-------- C:\Program Files\Google
2008-01-08 17:41:22 0 d-------- C:\Program Files\Microsoft Works
2008-01-08 14:56:22 0 d-------- C:\Users\Owner\AppData\Roaming\Apple Computer
2008-01-06 19:03:14 0 d-------- C:\Users\Owner\AppData\Roaming\Hewlett-Packard
2008-01-05 16:53:28 35281 --a------ C:\Windows\scunin.dat
2008-01-05 16:53:27 967 --a------ C:\Windows\ScUnin.pif
2008-01-05 16:53:27 94208 --a------ C:\Windows\ScUnin.exe <Not Verified; Blizzard Entertainment; Starcraft Uninstaller>
2008-01-04 23:43:11 55697 --a------ C:\Windows\War3Unin.dat
2008-01-04 23:43:08 2829 --a------ C:\Windows\War3Unin.pif
2008-01-04 23:43:08 139264 --a------ C:\Windows\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2008-01-04 15:58:50 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2008-01-04 15:57:22 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-01-04 15:57:22 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-01-04 15:57:12 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 15:57:10 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-01-04 15:57:10 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 15:57:10 682496 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 15:56:24 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll
2008-01-03 21:58:04 0 d-------- C:\Users\Owner\AppData\Roaming\Roxio
2008-01-03 15:30:23 0 d-------- C:\Program Files\CCleaner
2008-01-03 14:43:38 0 d-------- C:\Program Files\The Cleaner Free
2008-01-02 19:13:25 0 d-------- C:\Program Files\Sierra Entertainment
2008-01-02 12:34:40 0 d-------- C:\Program Files\Enigma Software Group
2008-01-02 01:26:32 0 d-------- C:\Program Files\Common Files\SureThing Shared
2007-12-31 19:32:03 0 d-------- C:\Program Files\GameSpy Arcade
2007-12-31 15:21:02 0 d-------- C:\Program Files\Canon
2007-12-31 00:38:40 0 d-------- C:\Users\Owner\AppData\Roaming\Winamp
2007-12-30 18:32:08 0 d-------- C:\Users\Owner\AppData\Roaming\acccore
2007-12-30 18:31:32 0 d-------- C:\Program Files\AIM6
2007-12-30 18:31:24 0 d-------- C:\Program Files\Viewpoint
2007-12-30 18:30:41 0 d-------- C:\Program Files\Common Files\AOL
2007-12-30 10:28:19 0 d-------- C:\Users\Owner\AppData\Roaming\WinRAR
2007-12-30 09:08:46 0 d-------- C:\Users\Owner\AppData\Roaming\WinBatch
2007-12-29 23:14:50 0 d-------- C:\Program Files\BitLord
2007-12-29 22:41:30 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2007-12-29 22:31:00 0 d-------- C:\Program Files\QuickTime
2007-12-29 22:30:17 0 d-------- C:\Program Files\Apple Software Update
2007-12-29 22:25:11 0 d-------- C:\Program Files\THQ
2007-12-29 13:39:40 0 d-------- C:\Program Files\Windows Live Toolbar
2007-12-29 13:39:20 0 d-------- C:\Program Files\Windows Live Favorites
2007-12-29 13:38:21 0 dr-h----- C:\Users\Owner\AppData\Roaming\SecuROM
2007-12-29 13:38:16 0 d-------- C:\Program Files\Windows Live
2007-12-29 13:38:03 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-29 13:33:26 0 d-------- C:\Users\Owner\AppData\Roaming\InstallShield
2007-12-29 13:25:31 0 d-------- C:\Program Files\Yahoo!
2007-12-29 13:20:17 0 d-------- C:\Program Files\Sierra
2007-12-29 12:51:11 0 --a------ C:\Windows\nsreg.dat
2007-12-29 12:51:09 0 d-------- C:\Users\Owner\AppData\Roaming\Mozilla
2007-12-29 08:59:07 0 d-------- C:\Users\Owner\AppData\Roaming\Macromedia
2007-12-29 08:46:39 0 d-------- C:\Users\Owner\AppData\Roaming\Snapfish
2007-12-29 08:40:24 174 --ahs---- C:\Program Files\desktop.ini
2007-12-29 08:38:39 0 d-------- C:\Program Files\Windows Calendar
2007-12-29 07:55:39 0 d-------- C:\Program Files\MSXML 4.0
2007-12-29 07:54:40 0 d-------- C:\Users\Owner\AppData\Roaming\Identities


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [08/28/2007 10:56 PM]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [02/15/2007 05:59 AM]
"RtHDVCpl"="RtHDVCpl.exe" [07/06/2007 05:06 AM C:\Windows\RtHDVCpl.exe]
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [05/24/2007 02:13 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]
"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [09/25/2007 01:11 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [12/11/2007 10:56 AM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [01/15/2008 04:54 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [01/03/2008 12:40 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [12/11/2007 12:10 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/09/2007 03:59 PM]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [12/10/2002 05:54 PM]
"QCDriverInstaller"="C:\PROGRA~1\COMMON~1\Logitech\QCDRIV~2\Lqdsw.exe" [12/10/2002 06:34 PM]
"LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [12/10/2002 06:32 PM]
"LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [12/10/2002 06:31 PM]
"NvSvc"="RUNDLL32.exe" [11/02/2006 03:45 AM C:\Windows\System32\rundll32.exe]
"NvCplDaemon"="RUNDLL32.exe" [11/02/2006 03:45 AM C:\Windows\System32\rundll32.exe]
"NvMediaCenter"="RUNDLL32.exe" [11/02/2006 03:45 AM C:\Windows\System32\rundll32.exe]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [06/16/2004 06:03 AM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [12/04/2007 07:00 AM]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [01/04/2008 08:56 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [01/09/2008 06:11 AM]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [06/01/2007 02:40 PM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 06:35 AM]
"Aim6"="?" []
"Steam"="C:\Program Files\Steam\Steam.exe" [01/04/2008 12:46 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08/31/2007 04:46 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [01/08/2008 05:45 PM]
"RunSpySweeperScheduleAtStartup"="C:\program files\hewlett-packard\sdp\ceement\HPCEE.exe" [05/17/2007 05:55 PM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 05:43 PM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [06/16/2004 06:03 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Launcher"=%WINDIR%\SMINST\launcher.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 7:16:50 PM]
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [1/17/2008 4:23:59 PM]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [10/26/2006 8:24:54 PM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish Media Detector.lnk - C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe [5/7/2007 11:35:56 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 01/03/2008 12:35 PM 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-02-06 21:40:57 ------------
  • 0

#8
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.


Also tell me how your PC is running
  • 0

#9
Koso

Koso

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Here is the log.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/08/2008 at 05:34 PM

Application Version : 3.9.1008

Core Rules Database Version : 3397
Trace Rules Database Version: 1389

Scan type : Complete Scan
Total Scan Time : 00:53:26

Memory items scanned : 917
Memory threats detected : 0
Registry items scanned : 8164
Registry threats detected : 0
File items scanned : 1892536
File threats detected : 1

Adware.Tracking Cookie
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt


It only found one thing. That adware cookie. As for how my computer is running. So far quite fine. Though a few days ago it norton blocked a downloader for trojin, but couldnt find anything during a scan. And neither can any of my other scanning programs find anything. The avg rootkit scanner keeps saying there is a rootkit in my drivers thats a hidden drives file.
  • 0

#10
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Lets do a rootkit scan to be sure you are clean

Please download and unzip Icesword to its own folder on your desktop


If you get a lot of "red entries" in an IceSword log, don't panic.

Step 1 : Close all windows and run IceSword. Click the Processes tab and watch for processes displayed in red color. A red colored process in this list indicates that it's hidden. Write down the PathName of any processes in red color. Then click on LOG at the top left. It will prompt you to save the log, call this Processes and save it to your desktop.


Step 2 : Click the Win32 Services tab and look out for red colored entries in the services list. Write down the Module name of any services in red color, you will need to expand out the Module tab to see the full name. Then click on LOG. It will prompt you to save the log, call this Services and save it to your desktop.


Step 3 : Click the Startup tab and look out for red colored entries in the startup list. Write down the Path of any startup entries in red color. Then click on LOG. It will prompt you to save the log, call this Startup and save it to your desktop.


Step 4 : Click the SSDT tab and check for red colored entries. If there are any, write down the KModule name.


Step 5 : Click the Message Hooks tab and check for any entries that are underneath Type and labelled WH_KEYBOARD. Write down the Process Path of these entries if present.



Now post all of the data collected under the headings for :

Processes
Win32 Services
Startup
SSDT
Message Hooks

  • 0

Advertisements


#11
Koso

Koso

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Process:

System Idle Process
System
C:\Program Files\Webroot\Spy Sweeper\ssu.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVComS.exe
C:\Windows\System32\smss.exe
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\System32\csrss.exe
C:\Windows\System32\wininit.exe
C:\Windows\System32\csrss.exe
C:\Windows\System32\services.exe
C:\Windows\System32\lsass.exe
C:\Windows\System32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\schtasks.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\winlogon.exe
C:\Windows\System32\svchost.exe
C:\Program Files\AIM6\aim6.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\SLsvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\System32\dwm.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\explorer.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\jureg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\taskeng.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\SearchIndexer.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Users\Owner\Desktop\IceSword122en\IceSword.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\World of Warcraft\Wow.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe





Started Service:

Service Name:aawservice Display Name:Ad-Aware 2007 Service
Service Name:AeLookupSvc Display Name:Application Experience
Service Name:Appinfo Display Name:Application Information
Service Name:Apple Mobile Device Display Name:Apple Mobile Device
Service Name:aswUpdSv Display Name:avast! iAVS4 Control Service
Service Name:AudioEndpointBuilder Display Name:Windows Audio Endpoint Builder
Service Name:Audiosrv Display Name:Windows Audio
Service Name:Automatic LiveUpdate Scheduler Display Name:Automatic LiveUpdate Scheduler
Service Name:avast! Antivirus Display Name:avast! Antivirus
Service Name:avast! Mail Scanner Display Name:avast! Mail Scanner
Service Name:avast! Web Scanner Display Name:avast! Web Scanner
Service Name:Avg7Alrt Display Name:AVG7 Alert Manager Server
Service Name:Avg7UpdSvc Display Name:AVG7 Update Service
Service Name:AvgCoreSvc Display Name:AVG7 Resident Shield Service
Service Name:AVGEMS Display Name:AVG E-mail Scanner
Service Name:BFE Display Name:Base Filtering Engine
Service Name:BITS Display Name:Background Intelligent Transfer Service
Service Name:Browser Display Name:Computer Browser
Service Name:ccEvtMgr Display Name:Symantec Event Manager
Service Name:ccSetMgr Display Name:Symantec Settings Manager
Service Name:CLTNetCnService Display Name:Symantec Lic NetConnect service
Service Name:CryptSvc Display Name:Cryptographic Services
Service Name:DcomLaunch Display Name:DCOM Server Process Launcher
Service Name:Dhcp Display Name:DHCP Client
Service Name:Dnscache Display Name:DNS Client
Service Name:DPS Display Name:Diagnostic Policy Service
Service Name:EapHost Display Name:Extensible Authentication Protocol
Service Name:EMDMgmt Display Name:ReadyBoost
Service Name:Eventlog Display Name:Windows Event Log
Service Name:EventSystem Display Name:COM+ Event System
Service Name:fdPHost Display Name:Function Discovery Provider Host
Service Name:FDResPub Display Name:Function Discovery Resource Publication
Service Name:FontCache3.0.0.0 Display Name:Windows Presentation Foundation Font Cache 3.0.0.0
Service Name:gpsvc Display Name:Group Policy Client
Service Name:hidserv Display Name:Human Interface Device Access
Service Name:HP Health Check Service Display Name:HP Health Check Service
Service Name:IKEEXT Display Name:IKE and AuthIP IPsec Keying Modules
Service Name:iphlpsvc Display Name:IP Helper
Service Name:iPod Service Display Name:iPod Service
Service Name:KeyIso Display Name:CNG Key Isolation
Service Name:KtmRm Display Name:KtmRm for Distributed Transaction Coordinator
Service Name:LanmanServer Display Name:Server
Service Name:LanmanWorkstation Display Name:Workstation
Service Name:LightScribeService Display Name:LightScribeService Direct Disc Labeling Service
Service Name:lmhosts Display Name:TCP/IP NetBIOS Helper
Service Name:MMCSS Display Name:Multimedia Class Scheduler
Service Name:MpsSvc Display Name:Windows Firewall
Service Name:Netman Display Name:Network Connections
Service Name:netprofm Display Name:Network List Service
Service Name:NlaSvc Display Name:Network Location Awareness
Service Name:nsi Display Name:Network Store Interface Service
Service Name:PcaSvc Display Name:Program Compatibility Assistant Service
Service Name:PlugPlay Display Name:Plug and Play
Service Name:PolicyAgent Display Name:IPsec Policy Agent
Service Name:ProfSvc Display Name:User Profile Service
Service Name:RasMan Display Name:Remote Access Connection Manager
Service Name:RpcSs Display Name:Remote Procedure Call (RPC)
Service Name:SamSs Display Name:Security Accounts Manager
Service Name:SBSDWSCService Display Name:SBSD Security Center Service
Service Name:Schedule Display Name:Task Scheduler
Service Name:seclogon Display Name:Secondary Logon
Service Name:SENS Display Name:System Event Notification Service
Service Name:ShellHWDetection Display Name:Shell Hardware Detection
Service Name:slsvc Display Name:Software Licensing
Service Name:Spooler Display Name:Print Spooler
Service Name:SSDPSRV Display Name:SSDP Discovery
Service Name:stisvc Display Name:Windows Image Acquisition (WIA)
Service Name:Symantec Core LC Display Name:Symantec Core LC
Service Name:SymAppCore Display Name:Symantec AppCore Service
Service Name:SysMain Display Name:Superfetch
Service Name:TabletInputService Display Name:Tablet PC Input Service
Service Name:TapiSrv Display Name:Telephony
Service Name:TermService Display Name:Terminal Services
Service Name:Themes Display Name:Themes
Service Name:TrkWks Display Name:Distributed Link Tracking Client
Service Name:upnphost Display Name:UPnP Device Host
Service Name:usnjsvc Display Name:Messenger Sharing Folders USN Journal Reader service
Service Name:UxSms Display Name:Desktop Window Manager Session Manager
Service Name:Viewpoint Manager Service Display Name:Viewpoint Manager Service
Service Name:W32Time Display Name:Windows Time
Service Name:WdiSystemHost Display Name:Diagnostic System Host
Service Name:WebClient Display Name:WebClient
Service Name:WebrootSpySweeperService Display Name:Webroot Spy Sweeper Engine
Service Name:WerSvc Display Name:Windows Error Reporting Service
Service Name:Winmgmt Display Name:Windows Management Instrumentation
Service Name:Wlansvc Display Name:WLAN AutoConfig
Service Name:WPDBusEnum Display Name:Portable Device Enumerator Service
Service Name:wscsvc Display Name:Security Center
Service Name:WSearch Display Name:Windows Search
Service Name:wuauserv Display Name:Windows Update
Service Name:wudfsvc Display Name:Windows Driver Foundation - User-mode Driver Framework
Service Name:XAudioService Display Name:XAudioService




Startup:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Windows Defender
"C:\Program Files\Windows Defender\MSASCui.exe" -hide

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
OsdMaestro
"C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
RtHDVCpl
RtHDVCpl.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HP Health Check Scheduler
"c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SunJavaUpdateReg
"C:\Windows\system32\jureg.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
QuickTime Task
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
WinampAgent
"C:\Program Files\Winamp\winampa.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AVG7_CC
"C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
iTunesHelper
"C:\Program Files\iTunes\iTunesHelper.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ccApp
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
LVCOMS
"C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
QCDriverInstaller
"C:\PROGRA~1\COMMON~1\Logitech\QCDRIV~2\Lqdsw.exe" /addrun /l 1033 /LaunchAtStart

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
LogitechGalleryRepair
"C:\Program Files\Logitech\ImageStudio\ISStart.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
LogitechImageStudioTray
"C:\Program Files\Logitech\ImageStudio\LogiTray.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NvSvc
"RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NvCplDaemon
"RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NvMediaCenter
"RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ISUSScheduler
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
avast!
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SpySweeper
"C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Sidebar
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HPAdvisor
"C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" autoRun

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
ehTray.exe
C:\Windows\ehome\ehTray.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Aim6
?

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Steam
"C:\Program Files\Steam\Steam.exe" -silent

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
SpybotSD TeaTimer
"C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
swg
"C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
RunSpySweeperScheduleAtStartup
"C:\program files\hewlett-packard\sdp\ceement\HPCEE.exe" /ScheduleSweep=HPCeeScheduleForOwner

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Yahoo! Pager
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
ISUSPM Startup
"C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
SUPERAntiSpyware
"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
AdobeUpdater
"C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
desktop.ini


C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Snapfish Media Detector.lnk
C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe (Remark£ºSnapfish Picture Mover - Move Photos in a Snap!)

C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma.lnk
C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Remark£º)

C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
desktop.ini


C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
MagicDisc.lnk
C:\Program Files\MagicDisc\MagicDisc.exe (Remark£º)

C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Remark£ºScreen Clipper (Windows+S) and Launcher (Windows+N) for Microsoft Office OneNote.)

SSDT: 22 unknown red files

Message hooks:
0x00010129 wh_keyboard_ll 0x004013e0 c:\program files\hewlett-packard\on-screen osd\indicator\
0xc32b01e1 wh_keyboard 0x00001031 c:\program files\yahoo!\messenger\yahoomessenger.exe
0x000604b1 wh_keyboard 0x6ed91602 c:\program files\windows live\messenger\msnmsgr.exe
0x001d0505 wh_keyboard 0x0003f385 c:\program files\xfire\xfire.exe
  • 0

#12
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean ! We need to do a few things

You have two anti-viruses, AVG and Avast, so you need to remove one of these


You can delete the tools that we used



Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.



You now need to update your Java and remove your older versions.

Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here



Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts.

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.
  • 0

#13
Koso

Koso

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Its not letting me create a system restore point, and as well its not letting me create a shortcut in the send to folder for the host files.
  • 0

#14
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
I forgot you were on Vista

Don't worry about that, go on with the next of the steps and let me know how they go
  • 0

#15
Koso

Koso

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Then I am basicly done. I've been using firefox to begin with and I have all the other stuff already done.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP