Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

RootKit.TnCore/Trace [RESOLVED]

Started by SilverTRMN8R , Feb 09 2008 10:09 PM

  • This topic is locked This topic is locked

#1
SilverTRMN8R
Posted 09 February 2008 - 10:09 PM

SilverTRMN8R

    Member

  • Member
  • PipPip
  • 13 posts
As the title says, I'm having a fun time trying to rid my laptop of this crap. I saw some other threads about this malware, but noticed some steps were specific to that machine.

SAS was the only program to detect it.

Here is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:07:27 PM, on 2/9/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\FDF\FAST2.EXE
C:\Windows\ehome\ehtray.exe
C:\Users\Nick\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\program files\internet explorer\ieuser.exe
C:\program files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...n&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WAWifiMessage] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe"
O4 - HKLM\..\Run: [SynTPStart] "C:\Program Files\Synaptics\SynTP\SynTPStart.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SMSERIAL] "C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] "C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [SecurDisc] "C:\Program Files\Nero\Nero8\InCD\NBHGui.exe"
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Nero\Nero8\InCD\InCD.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [HPAdvisor] "C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" autoRun
O4 - HKCU\..\Run: [FAST Defrag] "C:\PROGRA~1\FDF\FAST2.EXE" -tray
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Nick\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {389956FE-3A45-469C-B944-70308E06BAAC} (CVServerObject Object) - http://argushighland...rg/videocom.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\PROGRA~1\Stardock\OBJECT~2\DESKSC~1\deskscapes.dll
O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\PROGRA~1\Stardock\OBJECT~2\DESKSC~1\DesktopControlPanel.dll
O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\PROGRA~1\Stardock\OBJECT~2\DESKSC~1\DreamControl.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 14473 bytes

Not sure if this is tied in with this problem, but I also get this error message when attempting to open Internet Explorer from the Start menu:

Posted Image

Internet Explorer will open after clicking ok, but it pops up one windows, then another, then the first one closes. This process happens in about 1 second.

Your help is greatly appreciated!

Edited by SilverTRMN8R, 10 February 2008 - 03:41 PM.

  • 0

Advertisements

#2
Rorschach112
Posted 13 February 2008 - 10:06 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
SilverTRMN8R
Posted 13 February 2008 - 07:33 PM

SilverTRMN8R

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
As requested, copy of main.txt

Deckard's System Scanner v20071014.68
Run by Nick on 2008-02-13 19:23:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
18: 2008-02-10 01:09:29 UTC - RP90 - Installed SUPERAntiSpyware Free Edition
17: 2008-02-09 22:18:15 UTC - RP89 - ComboFix created restore point
16: 2008-02-09 09:36:40 UTC - RP88 - Scheduled Checkpoint
15: 2008-02-07 21:48:04 UTC - RP87 - Windows Update
14: 2008-02-07 20:35:43 UTC - RP86 - Installed Ad-Aware 2007


-- First Restore Point --
1: 2008-02-04 23:47:44 UTC - RP72 - Windows Update


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Nick.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:27:24 PM, on 2/13/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\FDF\FAST2.EXE
C:\Windows\ehome\ehtray.exe
C:\Users\Nick\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\SyncServer.exe
C:\program files\internet explorer\ieuser.exe
C:\Users\Nick\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Nick.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...n&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WAWifiMessage] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe"
O4 - HKLM\..\Run: [SynTPStart] "C:\Program Files\Synaptics\SynTP\SynTPStart.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SMSERIAL] "C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] "C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [SecurDisc] "C:\Program Files\Nero\Nero8\InCD\NBHGui.exe"
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Nero\Nero8\InCD\InCD.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [HPAdvisor] "C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" autoRun
O4 - HKCU\..\Run: [FAST Defrag] "C:\PROGRA~1\FDF\FAST2.EXE" -tray
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Nick\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {389956FE-3A45-469C-B944-70308E06BAAC} (CVServerObject Object) - http://argushighland...rg/videocom.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\PROGRA~1\Stardock\OBJECT~2\DESKSC~1\deskscapes.dll
O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\PROGRA~1\Stardock\OBJECT~2\DESKSC~1\DesktopControlPanel.dll
O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\PROGRA~1\Stardock\OBJECT~2\DESKSC~1\DreamControl.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 14387 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.js - jsfile - DefaultIcon - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe",7
.js - jsfile - shell\open\command - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SASDIFSV - \??\c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - \??\c:\program files\superantispyware\saskutil.sys
R3 SASENUM - \??\c:\program files\superantispyware\sasenum.sys

S0 OemBiosDevice (Royalty OEM BIOS Extension) - c:\windows\system32\drivers\royal.sys <Not Verified; PARADOX; SLP Kernel-Mode Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 CLCapSvc (CyberLink Background Capture Service (CBCS)) - "c:\program files\hp\quickplay\kernel\tv\clcapsvc.exe" <Not Verified; ; CLCapSvc Module>
R2 HP Health Check Service - "c:\program files\hewlett-packard\hp health check\hphc_service.exe" <Not Verified; Hewlett-Packard; HP Health Check Service>
R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
R3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>

S2 CLSched (CyberLink Task Scheduler (CTS)) - "c:\program files\hp\quickplay\kernel\tv\clsched.exe" <Not Verified; ; CLSched Module>
S2 RoxLiveShare9 (LiveShare P2P Server 9) - "c:\program files\common files\roxio shared\9.0\sharedcom\roxliveshare9.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: Plug and Play Software Device Enumerator
Device ID: ROOT\SYSTEM\0000
Manufacturer: (Standard system devices)
Name: Plug and Play Software Device Enumerator
PNP Device ID: ROOT\SYSTEM\0000
Service: swenum


-- Files created between 2008-01-13 and 2008-02-13 -----------------------------

2008-02-12 15:50:23 0 d-------- C:\Program Files\iPhoneRingToneMaker
2008-02-12 11:30:14 0 d-------- C:\Program Files\ZiPhoneGUI
2008-02-11 17:02:39 56016 --a------ C:\ziphone
2008-02-11 17:02:39 276480 --a------ C:\ziphone.exe <Not Verified; Zibri; ZiPhone>
2008-02-11 17:02:35 33550336 --a------ C:\zibri.dat
2008-02-11 17:02:35 0 d-------- C:\V_ZiPhone
2008-02-11 17:02:35 311296 --a------ C:\QTMLClient.dll <Not Verified; Apple Inc.; QuickTime>
2008-02-11 17:02:35 1085440 --a------ C:\iTunesMobileDevice.dll <Not Verified; Apple Inc.; iTunesMobileDevice>
2008-02-11 12:21:15 0 d-------- C:\Program Files\ElcomSoft
2008-02-10 14:55:41 0 d-------- C:\Program Files\Sophos
2008-02-09 21:45:56 0 d-------- C:\Program Files\Trend Micro
2008-02-09 20:21:09 53248 --a------ C:\Windows\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-02-09 19:11:11 0 d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-02-09 19:10:37 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-02-09 16:17:47 68096 --a------ C:\Windows\system32\zip.exe
2008-02-09 16:17:47 98816 --a------ C:\Windows\system32\sed.exe
2008-02-09 16:17:47 80412 --a------ C:\Windows\system32\grep.exe
2008-02-09 16:17:47 73728 --a------ C:\Windows\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-02-09 14:02:39 0 d-------- C:\bintheredunthat
2008-02-09 13:53:46 0 d-------- C:\BFU
2008-02-09 11:12:42 0 d-------- C:\VundoFix Backups
2008-02-07 14:36:36 0 d-------- C:\Program Files\Lavasoft
2008-02-07 14:36:34 0 d-------- C:\Users\All Users\Lavasoft
2008-02-07 13:57:37 0 d-------- C:\Users\All Users\ESET
2008-02-07 11:44:42 0 d-------- C:\Users\All Users\Avg7
2008-02-07 00:19:37 86144 --a------ C:\Windows\system32\drivers\cdr4xxpp.sys
2008-02-07 00:17:37 25600 -r-hs---- C:\Windows\winini.exe
2008-02-07 00:00:35 0 d-------- C:\Program Files\Nero
2008-02-07 00:00:34 0 d-------- C:\Users\All Users\Nero
2008-02-07 00:00:34 0 d-------- C:\Program Files\Common Files\Nero
2008-02-05 19:32:20 249856 --a------ C:\Windows\system32\pdfmona.dll <Not Verified; TODO: <Company name>; TODO: <Product name>>
2008-02-05 19:32:20 51716 --a------ C:\Windows\system32\pdf995mon.dll
2008-02-05 19:32:20 0 d-------- C:\Users\All Users\pdf995
2008-02-05 19:30:36 0 d-------- C:\Program Files\TaxCut07
2008-02-05 19:30:36 0 d-------- C:\Program Files\PDF995
2008-02-05 19:29:29 0 d-------- C:\Users\All Users\TaxCut
2008-02-05 14:56:36 0 d-------- C:\Users\All Users\FLEXnet
2008-02-05 14:43:31 0 d-------- C:\Program Files\Common Files\Control Panels
2008-02-05 14:39:44 0 d-------- C:\Users\All Users\ALM
2008-02-05 13:18:18 0 d-------- C:\Program Files\Bonjour
2008-02-05 13:09:44 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-01-31 22:44:42 256 --a------ C:\Windows\system32\pool.bin
2008-01-31 21:45:09 0 d-------- C:\Program Files\Common Files\Research In Motion
2008-01-31 12:32:15 0 d-------- C:\Windows\pss
2008-01-31 10:06:48 0 d-------- C:\Users\All Users\Stardock
2008-01-30 21:53:49 0 d-------- C:\Users\All Users\Webroot
2008-01-30 21:53:49 0 d-------- C:\Program Files\Webroot
2008-01-30 21:49:24 164 --a------ C:\install.dat
2008-01-30 21:08:27 0 dr------- C:\Users\Administrator\Searches
2008-01-30 21:08:16 0 dr------- C:\Users\Administrator\Contacts
2008-01-30 21:08:07 0 d--hs---- C:\Users\Administrator\Templates
2008-01-30 21:08:07 0 d--hs---- C:\Users\Administrator\Start Menu
2008-01-30 21:08:07 0 d--hs---- C:\Users\Administrator\SendTo
2008-01-30 21:08:07 0 d--hs---- C:\Users\Administrator\Recent
2008-01-30 21:08:07 0 d--hs---- C:\Users\Administrator\PrintHood
2008-01-30 21:08:07 0 d--hs---- C:\Users\Administrator\NetHood
2008-01-30 21:08:07 0 d--hs---- C:\Users\Administrator\My Documents
2008-01-30 21:08:07 0 d--hs---- C:\Users\Administrator\Local Settings
2008-01-30 21:08:07 0 d--hs---- C:\Users\Administrator\Cookies
2008-01-30 21:08:07 0 d--hs---- C:\Users\Administrator\Application Data
2008-01-30 21:08:06 0 dr------- C:\Users\Administrator\Videos
2008-01-30 21:08:06 0 d-------- C:\Users\Administrator\video
2008-01-30 21:08:06 0 dr------- C:\Users\Administrator\Saved Games
2008-01-30 21:08:06 0 d-------- C:\Users\Administrator\Roaming
2008-01-30 21:08:06 0 dr------- C:\Users\Administrator\Pictures
2008-01-30 21:08:06 1048576 --a------ C:\Users\Administrator\NTUSER.DAT
2008-01-30 21:08:06 0 dr------- C:\Users\Administrator\Music
2008-01-30 21:08:06 0 dr------- C:\Users\Administrator\Links
2008-01-30 21:08:06 0 dr------- C:\Users\Administrator\Favorites
2008-01-30 21:08:06 0 dr------- C:\Users\Administrator\Downloads
2008-01-30 21:08:06 0 dr------- C:\Users\Administrator\Documents
2008-01-30 21:08:06 0 dr------- C:\Users\Administrator\Desktop
2008-01-30 21:08:06 0 d--h----- C:\Users\Administrator\AppData
2008-01-30 18:02:48 0 d-------- C:\Users\All Users\Office Genuine Advantage
2008-01-29 19:53:40 0 d-------- C:\Users\All Users\InstallShield
2008-01-29 19:32:24 0 d-------- C:\Program Files\Research In Motion
2008-01-25 14:46:23 32 --a------ C:\Windows\go
2008-01-25 14:46:07 0 d-------- C:\Windows\vf_hip
2008-01-25 14:46:06 0 d-------- C:\Program Files\Hide IP Platinum
2008-01-25 14:32:20 0 d-------- C:\Program Files\ProxyShell
2008-01-20 16:32:58 0 d-------- C:\Program Files\FDF
2008-01-20 16:22:48 0 d-------- C:\Program Files\CCleaner
2008-01-16 22:29:47 0 d-------- C:\Program Files\iPod
2008-01-16 22:29:34 0 d-------- C:\Program Files\iTunes
2008-01-16 22:26:19 0 d-------- C:\Program Files\QuickTime
2008-01-16 15:56:48 0 d-------- C:\Program Files\LimeWire
2008-01-16 00:04:04 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared


-- Find3M Report ---------------------------------------------------------------

2008-02-13 19:27:02 0 d-------- C:\Users\Nick\AppData\Roaming\DNA
2008-02-12 15:51:09 0 d-------- C:\Users\Nick\AppData\Roaming\iPhoneRingToneMaker
2008-02-11 12:46:05 0 d-------- C:\Users\Nick\AppData\Roaming\BitTorrent
2008-02-10 15:28:52 0 d-------- C:\Program Files\MySpace
2008-02-09 19:10:37 0 d-------- C:\Users\Nick\AppData\Roaming\SUPERAntiSpyware.com
2008-02-09 19:09:15 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-07 13:03:56 0 d-------- C:\Users\Nick\AppData\Roaming\Research In Motion
2008-02-07 00:09:14 0 d-------- C:\Users\Nick\AppData\Roaming\Nero
2008-02-07 00:00:34 0 d-------- C:\Program Files\Common Files
2008-02-06 12:55:27 0 d-------- C:\Users\Nick\AppData\Roaming\LimeWire
2008-02-06 10:46:48 0 d-------- C:\Program Files\UseNeXT
2008-02-06 10:45:06 0 d-------- C:\Users\Nick\AppData\Roaming\UseNeXT
2008-02-06 00:28:31 0 d-------- C:\Users\Nick\AppData\Roaming\Adobe
2008-02-05 19:31:58 0 d-------- C:\Users\Nick\AppData\Roaming\TaxCut
2008-02-05 14:47:10 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-04 20:43:12 0 d-------- C:\Users\Nick\AppData\Roaming\Move Networks
2008-01-31 22:26:54 0 d-------- C:\Program Files\Roxio
2008-01-31 22:26:44 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-01-31 22:26:40 0 d-------- C:\Program Files\Common Files\PX Storage Engine
2008-01-31 17:53:22 0 d-------- C:\Users\Nick\AppData\Roaming\dvdcss
2008-01-31 17:00:17 0 d-------- C:\Users\Nick\AppData\Roaming\Roxio
2008-01-31 10:06:37 0 d-------- C:\Program Files\Stardock
2008-01-30 21:53:49 0 d-------- C:\Users\Nick\AppData\Roaming\Webroot
2008-01-30 20:50:44 0 d-------- C:\Program Files\Microsoft Games
2008-01-29 20:10:19 0 d-------- C:\Users\Nick\AppData\Roaming\InstallShield
2008-01-29 19:50:05 0 d-------- C:\Program Files\Common Files\InstallShield
2008-01-27 12:57:59 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-27 12:57:19 0 d-------- C:\Program Files\Hewlett-Packard
2008-01-16 15:11:48 0 d-------- C:\Users\Nick\AppData\Roaming\iMP3Tunes
2008-01-11 01:01:26 0 d-------- C:\Program Files\Windows Mail
2008-01-11 01:01:23 0 d-------- C:\Program Files\Windows Sidebar
2008-01-03 23:18:41 0 d-------- C:\Program Files\RocketDock
2008-01-03 22:36:54 0 d-------- C:\Program Files\Common Files\Stardock
2008-01-02 11:31:06 0 d-------- C:\Program Files\BitLocker
2008-01-01 16:38:48 0 d-------- C:\Program Files\No1 DVD Ripper
2008-01-01 15:30:51 0 d-------- C:\Program Files\Xilisoft
2008-01-01 14:35:41 0 d-------- C:\Program Files\Cucusoft
2007-12-30 22:29:23 0 d-------- C:\Users\Nick\AppData\Roaming\DivX
2007-12-30 18:46:23 0 d-------- C:\Users\Nick\AppData\Roaming\Apple Computer
2007-12-30 18:18:38 0 d-------- C:\Users\Nick\AppData\Roaming\MySpace
2007-12-29 15:06:32 0 d-------- C:\Program Files\DivX
2007-12-29 14:01:14 0 d-------- C:\Users\Nick\AppData\Roaming\Hewlett-Packard
2007-12-29 12:14:21 0 d-------- C:\Users\Nick\AppData\Roaming\Identities
2007-12-29 00:48:23 174 --ahs---- C:\Program Files\desktop.ini
2007-12-29 00:43:25 0 d-------- C:\Program Files\Windows Calendar
2007-12-29 00:43:13 0 d-------- C:\Program Files\Windows Defender
2007-12-28 22:47:07 0 d-------- C:\Program Files\MSBuild
2007-12-28 22:41:57 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2007-12-28 22:20:27 0 d-------- C:\Program Files\HandyOEM
2007-12-28 22:09:05 162 --a------ C:\Windows\system32\LOG
2007-12-28 22:01:51 21316 --a------ C:\Windows\system32\emptyregdb.dat
2007-12-28 21:54:23 0 d-------- C:\Users\Nick\AppData\Roaming\WildTangent
2007-12-28 21:54:21 0 d-------- C:\Users\Nick\AppData\Roaming\Macromedia
2007-12-28 21:54:21 0 d-------- C:\Users\Nick\AppData\Roaming\HP
2007-12-28 21:54:20 0 d-------- C:\Users\Nick\AppData\Roaming\GTek
2007-12-28 21:54:20 0 d-------- C:\Users\Nick\AppData\Roaming\CyberLink
2007-12-28 21:43:06 0 d-------- C:\Program Files\Yahoo!
2007-12-28 21:43:05 0 d-------- C:\Program Files\Vongo
2007-12-28 21:43:05 0 d-------- C:\Program Files\SP38015
2007-12-28 21:42:49 0 d-------- C:\Program Files\Realtek
2007-12-28 21:42:49 0 d-------- C:\Program Files\Real
2007-12-28 21:42:42 0 d-------- C:\Program Files\Online Services
2007-12-28 21:42:37 0 d-------- C:\Program Files\muvee Technologies
2007-12-28 21:42:36 0 d-------- C:\Program Files\Microsoft.NET
2007-12-28 21:42:36 0 d-------- C:\Program Files\Microsoft Works
2007-12-28 21:42:13 0 d-------- C:\Program Files\Java
2007-12-28 21:42:03 0 d-------- C:\Program Files\iQmetrix
2007-12-28 21:41:59 0 d-------- C:\Program Files\Intel
2007-12-28 21:41:58 0 d-------- C:\Program Files\HPQ
2007-12-28 21:41:53 0 d-------- C:\Program Files\HP Games
2007-12-28 21:37:35 0 d-------- C:\Program Files\HP
2007-12-28 21:33:46 0 d-------- C:\Program Files\earthlink totalaccess
2007-12-28 21:33:45 0 d-------- C:\Program Files\DNA
2007-12-28 21:33:45 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-12-28 21:33:45 0 d-------- C:\Program Files\Common Files\SureThing Shared
2007-12-28 21:33:30 0 d-------- C:\Program Files\Common Files\muvee Technologies
2007-12-28 21:33:22 0 d-------- C:\Program Files\Common Files\LightScribe
2007-12-28 21:33:21 0 d-------- C:\Program Files\Common Files\Java
2007-12-28 21:33:21 0 d-------- C:\Program Files\Common Files\HP
2007-12-28 21:33:10 0 d-------- C:\Program Files\Common Files\Apple
2007-12-28 21:33:07 0 d-------- C:\Program Files\BitTorrent
2007-12-28 21:33:07 0 d-------- C:\Program Files\Apple Software Update
2007-12-28 21:33:04 0 d-------- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
2007-12-28 21:29:51 0 d-------- C:\Program Files\Motorola
2007-12-28 21:29:35 0 d-------- C:\Program Files\Synaptics
2007-12-27 18:30:22 0 d-------- C:\Users\Nick\AppData\Roaming\WinRAR
2007-12-25 00:37:22 28915 --a------ C:\Users\Nick\AppData\Roaming\UserTile.png
2007-12-25 00:37:22 0 d-------- C:\Users\Nick\AppData\Roaming\PeerNetworking
2007-12-24 23:25:03 0 d-------- C:\Program Files\MSXML 4.0
2007-12-24 23:19:29 0 d-------- C:\Program Files\Common Files\SWF Studio


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile-based device management"="%windir%\WindowsMobile\wmdSync.exe" []
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [12/29/2007 12:28 AM]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [01/10/2007 05:12 PM]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [09/15/2007 02:29 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [09/15/2007 02:50 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [10/09/2006 02:43 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [01/10/2008 03:27 PM]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [04/23/2007 07:11 PM]
"Persistence"="C:\Windows\system32\igfxpers.exe" [10/18/2007 09:18 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [01/15/2008 03:22 AM]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [10/18/2007 09:19 AM]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [02/12/2007 08:37 AM]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [03/01/2007 02:18 PM]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [02/17/2005 12:11 AM]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [06/05/2007 09:12 AM]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [10/18/2007 09:18 AM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [05/10/2007 10:46 PM]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [03/20/2007 04:40 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [03/01/2007 02:57 PM]
"SecurDisc"="C:\Program Files\Nero\Nero8\InCD\NBHGui.exe" [12/13/2007 10:02 PM]
"InCD"="C:\Program Files\Nero\Nero8\InCD\InCD.exe" [12/13/2007 10:02 PM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [12/03/2007 02:21 PM]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [12/21/2007 08:21 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [01/10/2008 07:46 PM]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [09/11/2006 04:40 AM]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [03/20/2007 04:23 PM]
"FAST Defrag"="C:\PROGRA~1\FDF\FAST2.exe" [08/24/2005 12:12 PM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 06:34 AM]
"BitTorrent DNA"="C:\Users\Nick\Program Files\DNA\btdna.exe" [02/12/2008 04:03 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 06:33 AM]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [12/13/2007 07:10 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/21/2007 02:06 PM]

C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [10/26/2006 9:24:54 PM]
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [1/3/2008 10:36:54 PM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [10/23/2006 2:48:20 AM]
Desktop Manager.lnk - C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe [8/17/2007 9:14:08 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile wcescomm rapimgr
LocalServiceRestricted WcesComm RapiMgr


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-02-13 19:28:53 ------------


Copy of extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Ultimate (build 6000)
Architecture: X86; Language: English

CPU 0: Intel® Core™2 Duo CPU T5250 @ 1.50GHz
Percentage of Memory in Use: 49%
Physical Memory (total/avail): 2037.81 MiB / 1024.31 MiB
Pagefile Memory (total/avail): 4293.63 MiB / 3076.32 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1908.04 MiB

C: is Fixed (NTFS) - 224.6 GiB total, 121.49 GiB free.
D: is Fixed (NTFS) - 8.28 GiB total, 1.82 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - FUJITSU MHY2250BH - 232.88 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 224.6 GiB - C:
\PARTITION1 - Installable File System - 8.28 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: ESET NOD32 Antivirus 3.0 v3.0 (ESET, spol. s r. o.)
AS: ESET NOD32 Antivirus 3.0 v3.0 (ESET, spol. s r. o.)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
AS: Spy Sweeper v5.5.7.124 (Webroot Software Inc) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Nick\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=NICK-SI
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Nick
LOCALAPPDATA=C:\Users\Nick\AppData\Local
LOGONSERVER=\\NICK-SI
NUMBER_OF_PROCESSORS=2
OnlineServices=Online Services
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PAYMENTECH_HOME=C:\Program Files\iQmetrix\RetailiQ\Paymentech\
PAYMENTECH_LOGDIR=C:\Program Files\iQmetrix\RetailiQ\Paymentech\logs
PCBRAND=Pavilion
PLATFORM=MCD
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0d
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Nick\AppData\Local\Temp
TMP=C:\Users\Nick\AppData\Local\Temp
USERDOMAIN=NICK-SI
USERNAME=Nick
USERPART=E:
USERPROFILE=C:\Users\Nick
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Nick
Mcx1
Administrator (new local, admin, net ready)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"
--> "C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
--> "C:\Program Files\HP Games\Bookworm Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Bounce Symphony\Uninstall.exe"
--> "C:\Program Files\HP Games\Cake Mania\Uninstall.exe"
--> "C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
--> "C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
--> "C:\Program Files\HP Games\Family Feud\Uninstall.exe"
--> "C:\Program Files\HP Games\FATE\Uninstall.exe"
--> "C:\Program Files\HP Games\Final Drive Fury\Uninstall.exe"
--> "C:\Program Files\HP Games\Flip Words\Uninstall.exe"
--> "C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
--> "C:\Program Files\HP Games\Lemonade Tycoon 2\Uninstall.exe"
--> "C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
--> "C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
--> "C:\Program Files\HP Games\Otto\Uninstall.exe"
--> "C:\Program Files\HP Games\Penguins!\Uninstall.exe"
--> "C:\Program Files\HP Games\Phoenix Assault\Uninstall.exe"
--> "C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
--> "C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
--> "C:\Program Files\HP Games\Puzzle Express\Uninstall.exe"
--> "C:\Program Files\HP Games\SCRABBLE\Uninstall.exe"
--> "C:\Program Files\HP Games\Snowboard SuperJam\Uninstall.exe"
--> "C:\Program Files\HP Games\SpongeBob SquarePants Krabby Quest\Uninstall.exe"
--> "C:\Program Files\HP Games\Super Granny\Uninstall.exe"
--> "C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
--> "C:\Program Files\HP Games\Wheel of Fortune\Uninstall.exe"
--> "C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Windows\NuNInst.exe /UNINSTALL
--> C:\Windows\UNNeroBackItUp.exe /UNINSTALL
--> C:\Windows\UNNeroMediaHome.exe /UNINSTALL
--> C:\Windows\UNNeroShowTime.exe /UNINSTALL
--> C:\Windows\UNNeroVision.exe /UNINSTALL
--> C:\Windows\UNRecode.exe /UNINSTALL
#1 DVD Ripper 6.2.3 --> C:\Program Files\No1 DVD Ripper\uninst.exe
Activation Assistant for the 2007 Microsoft Office suites --> "C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Add or Remove Adobe Creative Suite 3 Master Collection --> C:\Program Files\Common Files\Adobe\Installers\915239ded2552e78978d0dbab7657a5\Setup.exe
Adobe After Effects CS3 --> MsiExec.exe /I{EB0202F7-016A-410C-ADE4-40F848CCC661}
Adobe After Effects CS3 Presets --> MsiExec.exe /I{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}
Adobe After Effects CS3 Template Projects & Footage --> MsiExec.exe /I{73E81E9B-7319-43AD-B7CC-1C61405E5089}
Adobe After Effects CS3 Third Party Content --> MsiExec.exe /I{7ECEF10B-F1C2-4FD5-861F-A3FCB4653304}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Audition 3.0 --> msiexec /I {53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3 --> MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Contribute CS3 --> MsiExec.exe /I{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}
Adobe Creative Suite 3 Master Collection --> MsiExec.exe /I{60B28ECA-78BC-4D18-AB63-4A9A93BF881D}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3 --> MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}
Adobe Encore CS3 --> MsiExec.exe /I{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}
Adobe Encore CS3 Codecs --> MsiExec.exe /I{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}
Adobe Encore CS3 Library --> MsiExec.exe /I{F1D93F5B-881F-49E3-BA56-B4B8FA991059}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Extension Manager CS3 --> MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Fireworks CS3 --> MsiExec.exe /I{7DFC1012-D346-46CE-B03E-FF79125AE029}
Adobe Flash CS3 --> MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Player 9 Plugin --> MsiExec.exe /X{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Video Encoder --> MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3}
Adobe Illustrator CS3 --> MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe InDesign CS3 --> MsiExec.exe /I{CB3F8375-B600-4B9F-83C9-238ED1E583FD}
Adobe InDesign CS3 Icon Handler --> MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files --> MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Premiere Pro CS3 --> MsiExec.exe /I{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}
Adobe Premiere Pro CS3 Functional Content --> MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}
Adobe Premiere Pro CS3 Third Party Content --> MsiExec.exe /I{485ACF57-F364-440A-8496-E1E81C8FA1AA}
Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Adobe Setup --> MsiExec.exe /I{4DC49A9A-6DD0-40D2-A851-527764DA8379}
Adobe SING CS3 --> MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Soundbooth CS3 --> MsiExec.exe /I{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}
Adobe Soundbooth CS3 Codecs --> MsiExec.exe /I{0327FA9D-975C-448C-A086-577D57BB25B8}
Adobe Soundbooth CS3 Scores --> MsiExec.exe /I{92A300C0-E97B-48CC-9702-AB1AAED167E1}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Version Cue CS3 Server --> MsiExec.exe /I{1D58229F-C505-45CA-8223-F35F3A34B963}
Adobe Video Profiles --> MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
Adobe WAS CS3 --> MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP DVA Panels CS3 --> MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3 --> MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}
Advanced Archive Password Recovery (remove only) --> C:\Program Files\ElcomSoft\ARCHPR\uninstall.exe
AHV content for Acrobat and Flash --> MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
Apple Mo
  • 0

#4
Rorschach112
Posted 13 February 2008 - 07:49 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Go to this site:
http://www.virustotal.com/
On top you'll find 'Browse'
Click the browse button and browse to the file:

C:\Windows\system32\drivers\cdr4xxpp.sys

Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Once scanned, copy and paste the results as well in your next reply.



Please download and unzip Icesword to its own folder on your desktop


If you get a lot of "red entries" in an IceSword log, don't panic.

Step 1 : Close all windows and run IceSword. Click the Processes tab and watch for processes displayed in red color. A red colored process in this list indicates that it's hidden. Write down the PathName of any processes in red color. Then click on LOG at the top left. It will prompt you to save the log, call this Processes and save it to your desktop.


Step 2 : Click the Win32 Services tab and look out for red colored entries in the services list. Write down the Module name of any services in red color, you will need to expand out the Module tab to see the full name. Then click on LOG. It will prompt you to save the log, call this Services and save it to your desktop.


Step 3 : Click the Startup tab and look out for red colored entries in the startup list. Write down the Path of any startup entries in red color. Then click on LOG. It will prompt you to save the log, call this Startup and save it to your desktop.


Step 4 : Click the SSDT tab and check for red colored entries. If there are any, write down the KModule name.


Step 5 : Click the Message Hooks tab and check for any entries that are underneath Type and labelled WH_KEYBOARD. Write down the Process Path of these entries if present.



Now post all of the data collected under the headings for :

Processes
Win32 Services
Startup
SSDT
Message Hooks




Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Edited by Rorschach112, 13 February 2008 - 07:52 PM.

  • 0

#5
SilverTRMN8R
Posted 14 February 2008 - 10:41 AM

SilverTRMN8R

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Result of Virustotal Scan
Antivirus Version Last Update Result
AhnLab-V3 2008.2.14.10 2008.02.13 -
AntiVir 7.6.0.65 2008.02.13 -
Authentium 4.93.8 2008.02.13 -
Avast 4.7.1098.0 2008.02.13 -
AVG 7.5.0.516 2008.02.13 -
BitDefender 7.2 2008.02.13 -
CAT-QuickHeal None 2008.02.13 -
ClamAV 0.92 2008.02.13 -
DrWeb 4.44.0.09170 2008.02.13 -
eSafe 7.0.15.0 2008.02.13 -
eTrust-Vet 31.3.5533 2008.02.13 -
Ewido 4.0 2008.02.13 -
FileAdvisor 1 2008.02.13 -
Fortinet 3.14.0.0 2008.02.13 W32/Agent.ZL!tr.rkit
F-Prot 4.4.2.54 2008.02.12 -
F-Secure 6.70.13260.0 2008.02.13 Rootkit.Win32.Agent.zl
Ikarus T3.1.1.20 2008.02.13 -
Kaspersky 7.0.0.125 2008.02.13 Rootkit.Win32.Agent.zl
McAfee 5228 2008.02.12 -
Microsoft 1.3204 2008.02.13 -
NOD32v2 2872 2008.02.13 -
Norman 5.80.02 2008.02.13 -
Panda 9.0.0.4 2008.02.13 -
Prevx1 V2 2008.02.13 Heuristic: Suspicious Self Modifying EXE
Rising 20.31.10.00 2008.02.13 -
Sophos 4.26.0 2008.02.13 -
Sunbelt 2.2.907.0 2008.02.13 -
Symantec 10 2008.02.13 -
TheHacker 6.2.9.218 2008.02.12 -
VBA32 3.12.6.1 2008.02.13 -
VirusBuster 4.3.26:9 2008.02.13 -
Webwasher-Gateway 6.6.2 2008.02.13 -
Additional information
File size: 86144 bytes
MD5: bcf99261ac772e6c8dba0fd3f1a01445
SHA1: 854948fb058b7873bc9a1938e2b029d0db511529
PEiD: -
Prevx info: http://info.prevx.co...C5B1D0002E3B327
  • 0

#6
Rorschach112
Posted 14 February 2008 - 11:01 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Ok continue on with the other steps
  • 0

#7
SilverTRMN8R
Posted 14 February 2008 - 11:57 AM

SilverTRMN8R

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Sorry, had to run the virustool in safemode as it said the file I was scanning was in use.

Here are my results from Icesword.

Processes

Process:

System Idle Process
System
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Windows\System32\smss.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\csrss.exe
C:\Windows\System32\csrss.exe
C:\Windows\System32\wininit.exe
C:\Windows\System32\services.exe
C:\Windows\System32\lsass.exe
C:\Windows\System32\lsm.exe
C:\Windows\System32\winlogon.exe
C:\Windows\System32\dwm.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Windows\System32\svchost.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Windows\System32\audiodg.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\System32\SLsvc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Windows\System32\taskeng.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\igfxsrvc.exe
C:\Windows\System32\SearchIndexer.exe
C:\Program Files\FDF\FAST2.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Windows\System32\SearchFilterHost.exe
C:\Users\Nick\Program Files\DNA\btdna.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Nero\Nero8\InCD\InCD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\explorer.exe
C:\Windows\System32\SearchProtocolHost.exe
C:\Windows\System32\taskeng.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Users\Nick\Desktop\IceSword122en\IceSword.exe
C:\Program Files\Internet Explorer\ieuser.exe

Win32 Services

Started Service:

Service Name:aawservice Display Name:Ad-Aware 2007 Service
Service Name:AeLookupSvc Display Name:Application Experience
Service Name:Appinfo Display Name:Application Information
Service Name:Apple Mobile Device Display Name:Apple Mobile Device
Service Name:AudioEndpointBuilder Display Name:Windows Audio Endpoint Builder
Service Name:Audiosrv Display Name:Windows Audio
Service Name:BFE Display Name:Base Filtering Engine
Service Name:BITS Display Name:Background Intelligent Transfer Service
Service Name:Bonjour Service Display Name:##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##
Service Name:Browser Display Name:Computer Browser
Service Name:CertPropSvc Display Name:Certificate Propagation
Service Name:CLCapSvc Display Name:CyberLink Background Capture Service (CBCS)
Service Name:CryptSvc Display Name:Cryptographic Services
Service Name:CscService Display Name:Offline Files
Service Name:DcomLaunch Display Name:DCOM Server Process Launcher
Service Name:Dhcp Display Name:DHCP Client
Service Name:Dnscache Display Name:DNS Client
Service Name:DPS Display Name:Diagnostic Policy Service
Service Name:EapHost Display Name:Extensible Authentication Protocol
Service Name:ekrn Display Name:Eset Service
Service Name:EMDMgmt Display Name:ReadyBoost
Service Name:Eventlog Display Name:Windows Event Log
Service Name:EventSystem Display Name:COM+ Event System
Service Name:fdPHost Display Name:Function Discovery Provider Host
Service Name:FDResPub Display Name:Function Discovery Resource Publication
Service Name:FLEXnet Licensing Service Display Name:FLEXnet Licensing Service
Service Name:gpsvc Display Name:Group Policy Client
Service Name:HP Health Check Service Display Name:HP Health Check Service
Service Name:hpqwmiex Display Name:hpqwmiex
Service Name:IAANTMON Display Name:Intel® Matrix Storage Event Monitor
Service Name:IKEEXT Display Name:IKE and AuthIP IPsec Keying Modules
Service Name:InCDsrv Display Name:InCD Helper
Service Name:IPBusEnum Display Name:PnP-X IP Bus Enumerator
Service Name:iphlpsvc Display Name:IP Helper
Service Name:iPod Service Display Name:iPod Service
Service Name:KeyIso Display Name:CNG Key Isolation
Service Name:KtmRm Display Name:KtmRm for Distributed Transaction Coordinator
Service Name:LanmanServer Display Name:Server
Service Name:LanmanWorkstation Display Name:Workstation
Service Name:LightScribeService Display Name:LightScribeService Direct Disc Labeling Service
Service Name:lmhosts Display Name:TCP/IP NetBIOS Helper
Service Name:Mcx2Svc Display Name:Windows Media Center Extender Service
Service Name:MMCSS Display Name:Multimedia Class Scheduler
Service Name:MpsSvc Display Name:Windows Firewall
Service Name:Nero BackItUp Scheduler 3 Display Name:Nero BackItUp Scheduler 3
Service Name:NeroRegInCDSrv Display Name:Nero Registry InCD Service
Service Name:Netman Display Name:Network Connections
Service Name:netprofm Display Name:Network List Service
Service Name:NlaSvc Display Name:Network Location Awareness
Service Name:NMIndexingService Display Name:NMIndexingService
Service Name:nsi Display Name:Network Store Interface Service
Service Name:PcaSvc Display Name:Program Compatibility Assistant Service
Service Name:PlugPlay Display Name:Plug and Play
Service Name:PolicyAgent Display Name:IPsec Policy Agent
Service Name:ProfSvc Display Name:User Profile Service
Service Name:RapiMgr Display Name:Windows Mobile-based device connectivity
Service Name:RasMan Display Name:Remote Access Connection Manager
Service Name:RpcSs Display Name:Remote Procedure Call (RPC)
Service Name:SamSs Display Name:Security Accounts Manager
Service Name:Schedule Display Name:Task Scheduler
Service Name:seclogon Display Name:Secondary Logon
Service Name:SENS Display Name:System Event Notification Service
Service Name:SessionEnv Display Name:Terminal Services Configuration
Service Name:ShellHWDetection Display Name:Shell Hardware Detection
Service Name:slsvc Display Name:Software Licensing
Service Name:Spooler Display Name:Print Spooler
Service Name:SSDPSRV Display Name:SSDP Discovery
Service Name:stisvc Display Name:Windows Image Acquisition (WIA)
Service Name:SysMain Display Name:Superfetch
Service Name:TabletInputService Display Name:Tablet PC Input Service
Service Name:TapiSrv Display Name:Telephony
Service Name:TermService Display Name:Terminal Services
Service Name:Themes Display Name:Themes
Service Name:TrkWks Display Name:Distributed Link Tracking Client
Service Name:TrustedInstaller Display Name:Windows Modules Installer
Service Name:UmRdpService Display Name:Terminal Services UserMode Port Redirector
Service Name:upnphost Display Name:UPnP Device Host
Service Name:UxSms Display Name:Desktop Window Manager Session Manager
Service Name:W32Time Display Name:Windows Time
Service Name:WcesComm Display Name:Windows Mobile 2003-based device connectivity
Service Name:WdiSystemHost Display Name:Diagnostic System Host
Service Name:WebClient Display Name:WebClient
Service Name:WebrootSpySweeperService Display Name:Webroot Spy Sweeper Engine
Service Name:WerSvc Display Name:Windows Error Reporting Service
Service Name:WinDefend Display Name:Windows Defender
Service Name:WinHttpAutoProxySvc Display Name:WinHTTP Web Proxy Auto-Discovery Service
Service Name:Winmgmt Display Name:Windows Management Instrumentation
Service Name:Wlansvc Display Name:WLAN AutoConfig
Service Name:WMPNetworkSvc Display Name:Windows Media Player Network Sharing Service
Service Name:WPDBusEnum Display Name:Portable Device Enumerator Service
Service Name:wscsvc Display Name:Security Center
Service Name:WSearch Display Name:Windows Search
Service Name:wuauserv Display Name:Windows Update
Service Name:wudfsvc Display Name:Windows Driver Foundation - User-mode Driver Framework


Startup
No Red Entries

SSDT
\SystemRoot\System32\Drivers\hdbca.sys (13 of these showed up)

Unkown (21 of these showed up)

Message Hooks
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe


The kaspersky scan is running right now, looks like it might be a while.
  • 0

#8
Rorschach112
Posted 14 February 2008 - 12:05 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Ok while Kaspersky is running do this

Go to this site:
http://www.virustotal.com/
On top you'll find 'Browse'
Click the browse button and browse to the file:

C:\Windows\system32\drivers\hdbca.sys

Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Once scanned, copy and paste the results as well in your next reply.



Run IceSword.exe and do the following

Step 1 : Now, we have to delete the rooted files. Click the File button. This will display a Windows Explorer type interface. Navigate to the following file(s) in bold and delete them.

C:\Windows\system32\drivers\cdr4xxpp.sys


Reboot and post a new DSS log
  • 0

#9
SilverTRMN8R
Posted 14 February 2008 - 01:11 PM

SilverTRMN8R

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Couple things. Virustotal won't let me browse to that file, but icesword still shows that it's there.
Also, i go to delete cdr4xxpp.sys and icesword refreshes and still shows the file there.

EDIT

I was able to go into safemode and delete cdr4xxpp.sys.
Also sent hdbca.sys to the virustotal.com scanner. Posted the results from that below.

Edited by SilverTRMN8R, 14 February 2008 - 06:13 PM.

  • 0

#10
SilverTRMN8R
Posted 14 February 2008 - 04:09 PM

SilverTRMN8R

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Kaspersky Online Scan Results

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, February 14, 2008 3:55:49 PM
Operating System: Microsoft Windows Vista Professional, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 14/02/2008
Kaspersky Anti-Virus database records: 566941
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 253947
Number of viruses found: 2
Number of infected objects: 6
Number of suspicious objects: 0
Duration of the scan process: 03:52:27

Infected Object Name / Virus Name / Last Action
C:\boot\bcd Object is locked skipped
C:\boot\BCD.LOG Object is locked skipped
C:\Program Files\Adobe\Adobe Device Central CS3\AMT\AUMProduct.cer Object is locked skipped
C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.ilg Object is locked skipped
C:\Program Files\Nero\Nero8\Nero BackItUp\BIU44FB.txt Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\10952[1].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\10952[2].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\10952[3].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\10952[4].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\10952[5].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\10953[1].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\10953[2].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\10953[3].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\10953[4].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\10953[5].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\10953[6].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\10953[7].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\1307[1].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\1307[2].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\1307[3].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\1307[4].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\1307[5].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\1307[6].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\1308[1].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\1308[2].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\1308[3].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\1309[1].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\1309[2].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\1310[1].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\1310[2].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\1314[1].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\1314[2].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\1319[1].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\1319[2].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\1319[3].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\1319[4].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\1321[10].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\1321[11].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\1321[12].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\1321[13].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\1321[14].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\1321[15].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\1321[16].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\1321[1].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\1321[2].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\1321[3].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\1321[4].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\1321[5].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\1321[6].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\1321[7].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\1321[8].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\1321[9].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\1914[1].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\1981[1].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\2037[1].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\2037[2].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\20[1].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\20[2].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\20[3].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\2137[1].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\2137[2].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\2389[1].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\2389[2].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\2389[3].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\2389[4].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\2389[5].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\2399[1].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\2399[2].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\243[1].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\243[2].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\243[3].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\243[4].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\243[5].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\256[1].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\256[2].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\256[3].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\256[4].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\262[1].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\262[2].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\262[3].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\262[4].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\262[5].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\262[6].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\264[1].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\264[2].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\265[1].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\266[1].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\269[1].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\295[1].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\295[2].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\295[3].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\295[4].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\402[1].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\402[2].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\402[3].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\402[4].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\402[5].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\41[1].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\41[2].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\41[3].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\41[4].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\41[5].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\479[1].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\479[2].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\479[3].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\479[4].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\652[1].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\652[2].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\652[3].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\652[4].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\652[5].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\875[1].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\875[2].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\875[3].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\875[4].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\9227[1].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\9334[1].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\938[1].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\938[2].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\938[3].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\938[4].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\938[5].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\941[1].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\941[2].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\943[1].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\946[1].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\946[2].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\946[3].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\946[4].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\946[5].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\946[6].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\946[7].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\946[8].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\951[1].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\951[2].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\951[3].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\951[4].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\951[5].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\952[1].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\952[2].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\952[3].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\952[4].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\952[5].ssq Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Quarantine\952[6].ssq Object is locked skipped
C:\ProgramData\CyberLink\TinyDB\EPGSignal Object is locked skipped
C:\ProgramData\CyberLink\TinyDB\Schedule Object is locked skipped
C:\ProgramData\ESET\ESET NOD32 Antivirus\Charon\CACHE.NDB Object is locked skipped
C:\ProgramData\ESET\ESET NOD32 Antivirus\Logs\virlog.dat Object is locked skipped
C:\ProgramData\ESET\ESET NOD32 Antivirus\Logs\warnlog.dat Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\56b147e9ad996cae9664f7850f76349b_e80f18be-9733-45ed-a030-042161eb25d8 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7f3d7c290151a78fb115a079d218e19c_e80f18be-9733-45ed-a030-042161eb25d8 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bf6ca3c371b9a01b006191baa49a94c0_e80f18be-9733-45ed-a030-042161eb25d8 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f686aace6942fb7f7ceb231212eef4a4_e80f18be-9733-45ed-a030-042161eb25d8 Object is locked skipped
C:\ProgramData\Microsoft\User Account Pictures\Admin Jr.dat Object is locked skipped
C:\ProgramData\Microsoft\User Account Pictures\Administrator.dat Object is locked skipped
C:\ProgramData\Microsoft\User Account Pictures\Mcx1.dat Object is locked skipped
C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv01.tmp Object is locked skipped
C:\ProgramData\Microsoft\Windows\DRM\drmstore.hds Object is locked skipped
C:\ProgramData\Nero\Nero8\Nero BackItUp\Cache\NeroBackItUpScheduler3.log Object is locked skipped
C:\Users\Nick\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\Nick\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\Nick\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db Object is locked skipped
C:\Users\Nick\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db Object is locked skipped
C:\Users\Nick\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\Nick\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat Object is locked skipped
C:\Users\Nick\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012008021420080215\index.dat Object is locked skipped
C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H2LDQB5I\4559[1].dat Object is locked skipped
C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H2LDQB5I\AdPlayer[1].swf Object is locked skipped
C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H2LDQB5I\Bug[1].png Object is locked skipped
C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat Object is locked skipped
C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OHOUGJBI\A6K7IB0FJ[1].flv Object is locked skipped
C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VY8FTQTO\media_83fc8c3cde52112f9_1202095233[1].dat Object is locked skipped
C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZFJ9J573\media_83fc8c3cde52112f9_1202095233[1].dat Object is locked skipped
C:\Users\Nick\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\Nick\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\Nick\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\Nick\AppData\Local\Microsoft\Windows\UsrClass.dat{63b3407c-b5bd-11dc-949d-001b24de5f23}.TM.blf Object is locked skipped
C:\Users\Nick\AppData\Local\Microsoft\Windows\UsrClass.dat{63b3407c-b5bd-11dc-949d-001b24de5f23}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Nick\AppData\Local\Microsoft\Windows\UsrClass.dat{63b3407c-b5bd-11dc-949d-001b24de5f23}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Nick\AppData\Local\Microsoft\Windows Defender\FileTracker\{20B19AC5-3B79-4DE1-8422-3F45E627B8FD} Object is locked skipped
C:\Users\Nick\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped
C:\Users\Nick\AppData\Local\Ahead\Nero Home\bl.db Object is locked skipped
C:\Users\Nick\AppData\Local\Ahead\Nero Home\is2.db Object is locked skipped
C:\Users\Nick\AppData\Local\Temp\ehmsas.txt Object is locked skipped
C:\Users\Nick\AppData\Local\Temp\FXSAPIDebugLogFile.txt Object is locked skipped
C:\Users\Nick\AppData\Local\Temp\JETDC2B.tmp Object is locked skipped
C:\Users\Nick\AppData\Local\Temp\Low\~DFFC8B.tmp Object is locked skipped
C:\Users\Nick\AppData\Local\Temp\Low\~DFFCD7.tmp Object is locked skipped
C:\Users\Nick\AppData\Local\Temp\MainFrame.Log.txt Object is locked skipped
C:\Users\Nick\AppData\Roaming\Hewlett-Packard\HPAdvisor\HPAdvisorToDo.ldb Object is locked skipped
C:\Users\Nick\AppData\Roaming\Hewlett-Packard\HPAdvisor\HPAdvisorToDo.mdb Object is locked skipped
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat Object is locked skipped
C:\Users\Nick\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped
C:\Users\Nick\Downloads\kl\setup\powered_keylogger.exe/data0001 Infected: not-a-virus:Monitor.Win32.PowerLogger.220 skipped
C:\Users\Nick\Downloads\kl\setup\powered_keylogger.exe/data0005 Infected: not-a-virus:Monitor.Win32.PowerLogger.220 skipped
C:\Users\Nick\Downloads\kl\setup\powered_keylogger.exe/data0006 Infected: not-a-virus:Monitor.Win32.PowerLogger.220 skipped
C:\Users\Nick\Downloads\kl\setup\powered_keylogger.exe Inno: infected - 3 skipped
C:\Users\Nick\Downloads\Nero 8 Ultra Edition 8.2.8.0+Keymaker\Nero-8.2.8.0_eng_trial.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\Users\Nick\Downloads\Nero 8 Ultra Edition 8.2.8.0+Keymaker\Nero-8.2.8.0_eng_trial.exe 7-Zip: infected - 1 skipped
C:\Users\Nick\NTUSER.DAT Object is locked skipped
C:\Users\Nick\ntuser.dat.LOG1 Object is locked skipped
C:\Users\Nick\ntuser.dat.LOG2 Object is locked skipped
C:\Users\Nick\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf Object is locked skipped
C:\Users\Nick\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Nick\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\sam.log Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\Installer\MSI3F7B.tmp Object is locked skipped
C:\Windows\Installer\MSI6A39.tmp Object is locked skipped
C:\Windows\Logs\CBS\CBS.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.persist.log Object is locked skipped
C:\Windows\Logs\DPX\setupact.log Object is locked skipped
C:\Windows\Logs\DPX\setuperr.log Object is locked skipped
C:\Windows\MEMORY.DMP Object is locked skipped
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped
C:\Windows\Panther\catalogs\OfflineUpgradeStore.dat Object is locked skipped
C:\Windows\Panther\catalogs\OnlineEnvStore.dat Object is locked skipped
C:\Windows\Panther\catalogs\OnlineMigStore.dat Object is locked skipped
C:\Windows\Panther\catalogs\OnlineUpgradeStore.dat Object is locked skipped
C:\Windows\Panther\UnattendGC\diagerr.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\diagwrn.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\setupact.log Object is locked skipped
C:\Windows\Panther\UnattendGC\setuperr.log Object is locked skipped
C:\Windows\security\database\secedit.sdb Object is locked skipped
C:\Windows\SoftwareDistribution\EventCache\{53084099-82E4-469B-9D16-F71B2E12F6E9}.bin Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\config\COMPONENTS Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\DEFAULT Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\SAM Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\SECURITY Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\SOFTWARE Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\SYSTEM Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms Object is locked skipped
C:\Windows\System32\drivers\core.cache.dsk Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\restore\MachineGuid.txt Object is locked skipped
C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT Object is locked skipped
C:\Windows\System32\SMI\Store\Machine\schema.dat.LOG1 Object is locked skipped
C:\Windows\System32\SMI\Store\Machine\schema.dat.LOG2 Object is locked skipped
C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT{0f694469-6a70-11db-8eb3-985e31beb686}.TM.blf Object is locked skipped
C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT{0f694469-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT{0f694469-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagerr.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagwrn.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\setupact.log Object is locked skipped
C:\Windows\System32\sysprep\Panther\setuperr.log Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\E478A5DB75C9721E744C05D78DBACFD3.mof Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-BitLocker-DrivePreparationTool%4Admin.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-BitLocker-DrivePreparationTool%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PLA%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Admin.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Setup.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\TEMP\HTT6ADE.tmp Object is locked skipped
C:\Windows\TEMP\HTT6B0D.tmp Object is locked skipped
C:\Windows\TEMP\HTTDABC.tmp Object is locked skipped
C:\Windows\TEMP\HTTDE4E.tmp Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd Object is locked skipped

Scan process completed.

Virustotal San Results

hdbca.sys

Antivirus Version Last Update Result
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - -
Fortinet - - -
F-Prot - - -
F-Secure - - -
Ikarus - - not-a-virus:Monitor.Win32.PowerLogger.220
Kaspersky - - not-a-virus:Monitor.Win32.PowerLogger.220
McAfee - - New Malware.b
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - -
Prevx1 - - Heuristic: Suspicious File With Mass Email Capabilities
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - Spyware.ElpowKeylogger
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - -
Additional information
MD5: 28161590ac1160eeb26c4dfcc5a74ef1
SHA1: cb4da1f90158fd38fcad8cb476eaa686aa2b05ab
SHA256: dedb81254646aa16fe1cb662e521a254db8ba50ea67223424bb01b9c44c0472c
SHA512: 66c775b414c4f5d2e41a1c551b167ad524075668e5138a3718cfb414193dd2c4 12e7b50b98072dbf70af937bdb5ca4f30fbaf9c57fbe55fd2547b883099980d5

Edited by SilverTRMN8R, 14 February 2008 - 04:17 PM.

  • 0

Advertisements

#11
SilverTRMN8R
Posted 14 February 2008 - 04:25 PM

SilverTRMN8R

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Reran DSS after deleting cdr4xxpp.sys. I am not having any popups as of now either.


Deckard's System Scanner v20071014.68
Run by Nick on 2008-02-14 18:21:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Nick.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:21:52 PM, on 2/14/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\FDF\FAST2.EXE
C:\Windows\ehome\ehtray.exe
C:\Users\Nick\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\program files\internet explorer\ieuser.exe
C:\Users\Nick\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Nick.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...n&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WAWifiMessage] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SMSERIAL] "C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] "C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [SecurDisc] "C:\Program Files\Nero\Nero8\InCD\NBHGui.exe"
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Nero\Nero8\InCD\InCD.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [HPAdvisor] "C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" autoRun
O4 - HKCU\..\Run: [FAST Defrag] "C:\PROGRA~1\FDF\FAST2.EXE" -tray
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Nick\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {389956FE-3A45-469C-B944-70308E06BAAC} (CVServerObject Object) - http://argushighland...rg/videocom.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\PROGRA~1\Stardock\OBJECT~2\DESKSC~1\deskscapes.dll
O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\PROGRA~1\Stardock\OBJECT~2\DESKSC~1\DesktopControlPanel.dll
O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\PROGRA~1\Stardock\OBJECT~2\DESKSC~1\DreamControl.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 14460 bytes

-- Files created between 2008-01-14 and 2008-02-14 -----------------------------

2008-02-14 10:40:02 0 d-------- C:\Users\All Users\Kaspersky Lab
2008-02-14 10:40:01 0 d-------- C:\Windows\system32\Kaspersky Lab
2008-02-13 20:27:36 0 d-------- C:\Program Files\WinSCP
2008-02-12 15:50:23 0 d-------- C:\Program Files\iPhoneRingToneMaker
2008-02-12 11:30:14 0 d-------- C:\Program Files\ZiPhoneGUI
2008-02-11 17:02:39 56016 --a------ C:\ziphone
2008-02-11 17:02:39 276480 --a------ C:\ziphone.exe <Not Verified; Zibri; ZiPhone>
2008-02-11 17:02:35 33550336 --a------ C:\zibri.dat
2008-02-11 17:02:35 0 d-------- C:\V_ZiPhone
2008-02-11 17:02:35 311296 --a------ C:\QTMLClient.dll <Not Verified; Apple Inc.; QuickTime>
2008-02-11 17:02:35 1085440 --a------ C:\iTunesMobileDevice.dll <Not Verified; Apple Inc.; iTunesMobileDevice>
2008-02-11 12:21:15 0 d-------- C:\Program Files\ElcomSoft
2008-02-10 14:55:41 0 d-------- C:\Program Files\Sophos
2008-02-09 21:45:56 0 d-------- C:\Program Files\Trend Micro
2008-02-09 20:21:09 53248 --a------ C:\Windows\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-02-09 19:11:11 0 d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-02-09 19:10:37 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-02-09 16:17:47 68096 --a------ C:\Windows\system32\zip.exe
2008-02-09 16:17:47 98816 --a------ C:\Windows\system32\sed.exe
2008-02-09 16:17:47 80412 --a------ C:\Windows\system32\grep.exe
2008-02-09 16:17:47 73728 --a------ C:\Windows\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-02-09 14:02:39 0 d-------- C:\bintheredunthat
2008-02-09 13:53:46 0 d-------- C:\BFU
2008-02-09 11:12:42 0 d-------- C:\VundoFix Backups
2008-02-07 14:36:36 0 d-------- C:\Program Files\Lavasoft
2008-02-07 14:36:34 0 d-------- C:\Users\All Users\Lavasoft
2008-02-07 13:57:37 0 d-------- C:\Users\All Users\ESET
2008-02-07 11:44:42 0 d-------- C:\Users\All Users\Avg7
2008-02-07 00:17:37 25600 -r-hs---- C:\Windows\winini.exe
2008-02-07 00:00:35 0 d-------- C:\Program Files\Nero
2008-02-07 00:00:34 0 d-------- C:\Users\All Users\Nero
2008-02-07 00:00:34 0 d-------- C:\Program Files\Common Files\Nero
2008-02-05 19:32:20 249856 --a------ C:\Windows\system32\pdfmona.dll <Not Verified; TODO: <Company name>; TODO: <Product name>>
2008-02-05 19:32:20 51716 --a------ C:\Windows\system32\pdf995mon.dll
2008-02-05 19:32:20 0 d-------- C:\Users\All Users\pdf995
2008-02-05 19:30:36 0 d-------- C:\Program Files\TaxCut07
2008-02-05 19:30:36 0 d-------- C:\Program Files\PDF995
2008-02-05 19:29:29 0 d-------- C:\Users\All Users\TaxCut
2008-02-05 14:56:36 0 d-------- C:\Users\All Users\FLEXnet
2008-02-05 14:43:31 0 d-------- C:\Program Files\Common Files\Control Panels
2008-02-05 14:39:44 0 d-------- C:\Users\All Users\ALM
2008-02-05 13:18:18 0 d-------- C:\Program Files\Bonjour
2008-02-05 13:09:44 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-01-31 22:44:42 256 --a------ C:\Windows\system32\pool.bin
2008-01-31 21:45:09 0 d-------- C:\Program Files\Common Files\Research In Motion
2008-01-31 12:32:15 0 d-------- C:\Windows\pss
2008-01-31 10:06:48 0 d-------- C:\Users\All Users\Stardock
2008-01-30 21:53:49 0 d-------- C:\Users\All Users\Webroot
2008-01-30 21:53:49 0 d-------- C:\Program Files\Webroot
2008-01-30 21:49:24 164 --a------ C:\install.dat
2008-01-30 21:08:27 0 dr------- C:\Users\Administrator\Searches
2008-01-30 21:08:16 0 dr------- C:\Users\Administrator\Contacts
2008-01-30 21:08:07 0 d--hs---- C:\Users\Administrator\Templates
2008-01-30 21:08:07 0 d--hs---- C:\Users\Administrator\Start Menu
2008-01-30 21:08:07 0 d--hs---- C:\Users\Administrator\SendTo
2008-01-30 21:08:07 0 d--hs---- C:\Users\Administrator\Recent
2008-01-30 21:08:07 0 d--hs---- C:\Users\Administrator\PrintHood
2008-01-30 21:08:07 0 d--hs---- C:\Users\Administrator\NetHood
2008-01-30 21:08:07 0 d--hs---- C:\Users\Administrator\My Documents
2008-01-30 21:08:07 0 d--hs---- C:\Users\Administrator\Local Settings
2008-01-30 21:08:07 0 d--hs---- C:\Users\Administrator\Cookies
2008-01-30 21:08:07 0 d--hs---- C:\Users\Administrator\Application Data
2008-01-30 21:08:06 0 dr------- C:\Users\Administrator\Videos
2008-01-30 21:08:06 0 d-------- C:\Users\Administrator\video
2008-01-30 21:08:06 0 dr------- C:\Users\Administrator\Saved Games
2008-01-30 21:08:06 0 d-------- C:\Users\Administrator\Roaming
2008-01-30 21:08:06 0 dr------- C:\Users\Administrator\Pictures
2008-01-30 21:08:06 1048576 --a------ C:\Users\Administrator\NTUSER.DAT
2008-01-30 21:08:06 0 dr------- C:\Users\Administrator\Music
2008-01-30 21:08:06 0 dr------- C:\Users\Administrator\Links
2008-01-30 21:08:06 0 dr------- C:\Users\Administrator\Favorites
2008-01-30 21:08:06 0 dr------- C:\Users\Administrator\Downloads
2008-01-30 21:08:06 0 dr------- C:\Users\Administrator\Documents
2008-01-30 21:08:06 0 dr------- C:\Users\Administrator\Desktop
2008-01-30 21:08:06 0 d--h----- C:\Users\Administrator\AppData
2008-01-30 18:02:48 0 d-------- C:\Users\All Users\Office Genuine Advantage
2008-01-29 19:53:40 0 d-------- C:\Users\All Users\InstallShield
2008-01-29 19:32:24 0 d-------- C:\Program Files\Research In Motion
2008-01-25 14:46:23 32 --a------ C:\Windows\go
2008-01-25 14:46:07 0 d-------- C:\Windows\vf_hip
2008-01-25 14:46:06 0 d-------- C:\Program Files\Hide IP Platinum
2008-01-25 14:32:20 0 d-------- C:\Program Files\ProxyShell
2008-01-20 16:32:58 0 d-------- C:\Program Files\FDF
2008-01-20 16:22:48 0 d-------- C:\Program Files\CCleaner
2008-01-16 22:29:47 0 d-------- C:\Program Files\iPod
2008-01-16 22:29:34 0 d-------- C:\Program Files\iTunes
2008-01-16 22:26:19 0 d-------- C:\Program Files\QuickTime
2008-01-16 15:56:48 0 d-------- C:\Program Files\LimeWire
2008-01-16 00:04:04 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared


-- Find3M Report ---------------------------------------------------------------

2008-02-14 18:13:31 0 d-------- C:\Users\Nick\AppData\Roaming\DNA
2008-02-12 15:51:09 0 d-------- C:\Users\Nick\AppData\Roaming\iPhoneRingToneMaker
2008-02-11 12:46:05 0 d-------- C:\Users\Nick\AppData\Roaming\BitTorrent
2008-02-10 15:28:52 0 d-------- C:\Program Files\MySpace
2008-02-09 19:10:37 0 d-------- C:\Users\Nick\AppData\Roaming\SUPERAntiSpyware.com
2008-02-09 19:09:15 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-07 13:03:56 0 d-------- C:\Users\Nick\AppData\Roaming\Research In Motion
2008-02-07 00:09:14 0 d-------- C:\Users\Nick\AppData\Roaming\Nero
2008-02-07 00:00:34 0 d-------- C:\Program Files\Common Files
2008-02-06 12:55:27 0 d-------- C:\Users\Nick\AppData\Roaming\LimeWire
2008-02-06 10:46:48 0 d-------- C:\Program Files\UseNeXT
2008-02-06 10:45:06 0 d-------- C:\Users\Nick\AppData\Roaming\UseNeXT
2008-02-06 00:28:31 0 d-------- C:\Users\Nick\AppData\Roaming\Adobe
2008-02-05 19:31:58 0 d-------- C:\Users\Nick\AppData\Roaming\TaxCut
2008-02-05 14:47:10 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-04 20:43:12 0 d-------- C:\Users\Nick\AppData\Roaming\Move Networks
2008-01-31 22:26:54 0 d-------- C:\Program Files\Roxio
2008-01-31 22:26:44 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-01-31 22:26:40 0 d-------- C:\Program Files\Common Files\PX Storage Engine
2008-01-31 17:53:22 0 d-------- C:\Users\Nick\AppData\Roaming\dvdcss
2008-01-31 17:00:17 0 d-------- C:\Users\Nick\AppData\Roaming\Roxio
2008-01-31 10:06:37 0 d-------- C:\Program Files\Stardock
2008-01-30 21:53:49 0 d-------- C:\Users\Nick\AppData\Roaming\Webroot
2008-01-30 20:50:44 0 d-------- C:\Program Files\Microsoft Games
2008-01-29 20:10:19 0 d-------- C:\Users\Nick\AppData\Roaming\InstallShield
2008-01-29 19:50:05 0 d-------- C:\Program Files\Common Files\InstallShield
2008-01-27 12:57:59 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-27 12:57:19 0 d-------- C:\Program Files\Hewlett-Packard
2008-01-16 15:11:48 0 d-------- C:\Users\Nick\AppData\Roaming\iMP3Tunes
2008-01-11 01:01:26 0 d-------- C:\Program Files\Windows Mail
2008-01-11 01:01:23 0 d-------- C:\Program Files\Windows Sidebar
2008-01-03 23:18:41 0 d-------- C:\Program Files\RocketDock
2008-01-03 22:36:54 0 d-------- C:\Program Files\Common Files\Stardock
2008-01-02 11:31:06 0 d-------- C:\Program Files\BitLocker
2008-01-01 16:38:48 0 d-------- C:\Program Files\No1 DVD Ripper
2008-01-01 15:30:51 0 d-------- C:\Program Files\Xilisoft
2008-01-01 14:35:41 0 d-------- C:\Program Files\Cucusoft
2007-12-30 22:29:23 0 d-------- C:\Users\Nick\AppData\Roaming\DivX
2007-12-30 18:46:23 0 d-------- C:\Users\Nick\AppData\Roaming\Apple Computer
2007-12-30 18:18:38 0 d-------- C:\Users\Nick\AppData\Roaming\MySpace
2007-12-29 15:06:32 0 d-------- C:\Program Files\DivX
2007-12-29 14:01:14 0 d-------- C:\Users\Nick\AppData\Roaming\Hewlett-Packard
2007-12-29 12:14:21 0 d-------- C:\Users\Nick\AppData\Roaming\Identities
2007-12-29 00:48:23 174 --ahs---- C:\Program Files\desktop.ini
2007-12-29 00:43:25 0 d-------- C:\Program Files\Windows Calendar
2007-12-29 00:43:13 0 d-------- C:\Program Files\Windows Defender
2007-12-28 22:47:07 0 d-------- C:\Program Files\MSBuild
2007-12-28 22:41:57 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2007-12-28 22:20:27 0 d-------- C:\Program Files\HandyOEM
2007-12-28 22:09:05 162 --a------ C:\Windows\system32\LOG
2007-12-28 22:01:51 21316 --a------ C:\Windows\system32\emptyregdb.dat
2007-12-28 21:54:23 0 d-------- C:\Users\Nick\AppData\Roaming\WildTangent
2007-12-28 21:54:21 0 d-------- C:\Users\Nick\AppData\Roaming\Macromedia
2007-12-28 21:54:21 0 d-------- C:\Users\Nick\AppData\Roaming\HP
2007-12-28 21:54:20 0 d-------- C:\Users\Nick\AppData\Roaming\GTek
2007-12-28 21:54:20 0 d-------- C:\Users\Nick\AppData\Roaming\CyberLink
2007-12-28 21:43:06 0 d-------- C:\Program Files\Yahoo!
2007-12-28 21:43:05 0 d-------- C:\Program Files\Vongo
2007-12-28 21:43:05 0 d-------- C:\Program Files\SP38015
2007-12-28 21:42:49 0 d-------- C:\Program Files\Realtek
2007-12-28 21:42:49 0 d-------- C:\Program Files\Real
2007-12-28 21:42:42 0 d-------- C:\Program Files\Online Services
2007-12-28 21:42:37 0 d-------- C:\Program Files\muvee Technologies
2007-12-28 21:42:36 0 d-------- C:\Program Files\Microsoft.NET
2007-12-28 21:42:36 0 d-------- C:\Program Files\Microsoft Works
2007-12-28 21:42:13 0 d-------- C:\Program Files\Java
2007-12-28 21:42:03 0 d-------- C:\Program Files\iQmetrix
2007-12-28 21:41:59 0 d-------- C:\Program Files\Intel
2007-12-28 21:41:58 0 d-------- C:\Program Files\HPQ
2007-12-28 21:41:53 0 d-------- C:\Program Files\HP Games
2007-12-28 21:37:35 0 d-------- C:\Program Files\HP
2007-12-28 21:33:46 0 d-------- C:\Program Files\earthlink totalaccess
2007-12-28 21:33:45 0 d-------- C:\Program Files\DNA
2007-12-28 21:33:45 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-12-28 21:33:45 0 d-------- C:\Program Files\Common Files\SureThing Shared
2007-12-28 21:33:30 0 d-------- C:\Program Files\Common Files\muvee Technologies
2007-12-28 21:33:22 0 d-------- C:\Program Files\Common Files\LightScribe
2007-12-28 21:33:21 0 d-------- C:\Program Files\Common Files\Java
2007-12-28 21:33:21 0 d-------- C:\Program Files\Common Files\HP
2007-12-28 21:33:10 0 d-------- C:\Program Files\Common Files\Apple
2007-12-28 21:33:07 0 d-------- C:\Program Files\BitTorrent
2007-12-28 21:33:07 0 d-------- C:\Program Files\Apple Software Update
2007-12-28 21:33:04 0 d-------- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
2007-12-28 21:29:51 0 d-------- C:\Program Files\Motorola
2007-12-28 21:29:35 0 d-------- C:\Program Files\Synaptics
2007-12-27 18:30:22 0 d-------- C:\Users\Nick\AppData\Roaming\WinRAR
2007-12-25 00:37:22 28915 --a------ C:\Users\Nick\AppData\Roaming\UserTile.png
2007-12-25 00:37:22 0 d-------- C:\Users\Nick\AppData\Roaming\PeerNetworking
2007-12-24 23:25:03 0 d-------- C:\Program Files\MSXML 4.0
2007-12-24 23:19:29 0 d-------- C:\Program Files\Common Files\SWF Studio


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile-based device management"="%windir%\WindowsMobile\wmdSync.exe" []
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [12/29/2007 12:28 AM]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [01/10/2007 05:12 PM]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [09/15/2007 02:29 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [09/15/2007 02:50 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [10/09/2006 02:43 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [01/10/2008 03:27 PM]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [04/23/2007 07:11 PM]
"Persistence"="C:\Windows\system32\igfxpers.exe" [10/18/2007 09:18 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [01/15/2008 03:22 AM]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [10/18/2007 09:19 AM]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [02/12/2007 08:37 AM]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [03/01/2007 02:18 PM]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [02/17/2005 12:11 AM]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [06/05/2007 09:12 AM]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [10/18/2007 09:18 AM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [05/10/2007 10:46 PM]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [03/20/2007 04:40 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [03/01/2007 02:57 PM]
"SecurDisc"="C:\Program Files\Nero\Nero8\InCD\NBHGui.exe" [12/13/2007 10:02 PM]
"InCD"="C:\Program Files\Nero\Nero8\InCD\InCD.exe" [12/13/2007 10:02 PM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [12/03/2007 02:21 PM]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [12/21/2007 08:21 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [01/10/2008 07:46 PM]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [09/11/2006 04:40 AM]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [03/20/2007 04:23 PM]
"FAST Defrag"="C:\PROGRA~1\FDF\FAST2.exe" [08/24/2005 12:12 PM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 06:34 AM]
"BitTorrent DNA"="C:\Users\Nick\Program Files\DNA\btdna.exe" [02/12/2008 04:03 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 06:33 AM]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [12/13/2007 07:10 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/21/2007 02:06 PM]

C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [10/26/2006 9:24:54 PM]
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [1/3/2008 10:36:54 PM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [10/23/2006 2:48:20 AM]
Desktop Manager.lnk - C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe [8/17/2007 9:14:08 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile wcescomm rapimgr
LocalServiceRestricted WcesComm RapiMgr


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-02-14 18:22:37 ------------

Edited by SilverTRMN8R, 14 February 2008 - 06:24 PM.

  • 0

#12
Rorschach112
Posted 15 February 2008 - 08:27 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Logs are looking good

Do you know you have this on your PC, powered_keylogger.exe ?

Delete this file in bold

C:\Users\Nick\Downloads\Nero 8 Ultra Edition 8.2.8.0+Keymaker\Nero-8.2.8.0_eng_trial.exe/Toolbar.exe



1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



Tell me how your PC is running after that
  • 0

#13
SilverTRMN8R
Posted 15 February 2008 - 03:09 PM

SilverTRMN8R

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
No more popups, running great. Thank you very much for your help. I could not find that file you listed, tried to delete through a CMD window, still couldn't do it. I am also having that same issue with opening internet explorer, but I can live with that if there's no easy fix. Thanks again for everything.
  • 0

#14
Rorschach112
Posted 17 February 2008 - 06:19 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Lets do one more scan

Delete ComboFix.exe and the folders C:\ComboFix and C:\qoobox if present


Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#15
SilverTRMN8R
Posted 18 February 2008 - 11:25 AM

SilverTRMN8R

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
ComboFix 08-02-17.2 - Nick 2008-02-18 11:13:50.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1033.18.914 [GMT -6:00]
Running from: C:\Users\Nick\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-01-18 to 2008-02-18 )))))))))))))))))))))))))))))))
.

2008-02-15 15:04 . 2008-01-09 23:50 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-02-14 10:40 . 2008-02-14 10:40 <DIR> d-------- C:\Windows\System32\Kaspersky Lab
2008-02-14 10:40 . 2008-02-14 10:40 <DIR> d-------- C:\Users\All Users\Kaspersky Lab
2008-02-14 10:24 . 2008-02-14 10:24 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-02-14 10:24 . 2008-02-14 10:24 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-02-14 10:22 . 2008-02-14 10:22 943,800 --a------ C:\Windows\System32\winload.exe
2008-02-14 10:18 . 2008-02-14 10:18 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-02-14 10:17 . 2008-02-14 10:17 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 10:17 . 2008-02-14 10:17 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-02-14 10:15 . 2008-02-14 10:15 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-02-13 20:27 . 2008-02-13 20:27 <DIR> d-------- C:\Program Files\WinSCP
2008-02-13 19:22 . 2008-02-13 19:22 <DIR> d-------- C:\Deckard
2008-02-13 17:57 . 2008-02-13 19:13 268,150,637 --a------ C:\Windows\MEMORY.DMP
2008-02-12 15:50 . 2008-02-12 15:51 <DIR> d-------- C:\Users\Nick\AppData\Roaming\iPhoneRingToneMaker
2008-02-12 15:50 . 2008-02-12 15:50 <DIR> d-------- C:\Program Files\iPhoneRingToneMaker
2008-02-12 11:30 . 2008-02-12 11:30 <DIR> d-------- C:\Program Files\ZiPhoneGUI
2008-02-11 17:02 . 2008-02-11 15:52 <DIR> d-------- C:\V_ZiPhone
2008-02-11 17:02 . 2008-02-11 10:36 33,550,336 --a------ C:\zibri.dat
2008-02-11 17:02 . 2007-09-16 01:18 1,085,440 --a------ C:\iTunesMobileDevice.dll
2008-02-11 17:02 . 2007-09-16 01:19 311,296 --a------ C:\QTMLClient.dll
2008-02-11 17:02 . 2008-02-11 11:53 276,480 --a------ C:\ziphone.exe
2008-02-11 17:02 . 2008-02-11 14:40 56,016 --a------ C:\ziphone
2008-02-11 12:22 . 2008-02-11 12:26 1,064 --a------ C:\Windows\ARCHPR.INI
2008-02-11 12:21 . 2008-02-11 12:21 <DIR> d-------- C:\Program Files\ElcomSoft
2008-02-10 14:55 . 2008-02-10 15:28 <DIR> d-------- C:\Program Files\Sophos
2008-02-09 21:45 . 2008-02-09 21:45 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-09 19:11 . 2008-02-09 19:11 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-02-09 19:10 . 2008-02-09 19:10 <DIR> d-------- C:\Users\Nick\AppData\Roaming\SUPERAntiSpyware.com
2008-02-09 19:10 . 2008-02-14 22:12 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-09 14:02 . 2008-02-09 14:02 <DIR> d-------- C:\bintheredunthat
2008-02-09 13:53 . 2008-02-09 13:55 <DIR> d-------- C:\BFU
2008-02-09 11:12 . 2008-02-09 11:12 <DIR> d-------- C:\VundoFix Backups
2008-02-07 14:36 . 2008-02-07 14:37 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-02-07 14:36 . 2008-02-07 14:36 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-07 13:57 . 2008-02-07 13:57 <DIR> d-------- C:\Users\All Users\ESET
2008-02-07 13:57 . 2008-02-07 13:57 <DIR> d-------- C:\Program Files\ESET
2008-02-07 13:03 . 2008-02-07 13:03 <DIR> d-------- C:\Users\Nick\AppData\Roaming\Research In Motion
2008-02-07 11:44 . 2008-02-07 11:44 <DIR> d-------- C:\Users\All Users\Avg7
2008-02-07 00:17 . 2008-02-07 00:17 41,168,824 --a------ C:\Windows\System32\avg75avwt_516a1225.exe
2008-02-07 00:17 . 2008-02-07 00:17 25,600 -r-hs---- C:\Windows\winini.exe
2008-02-07 00:09 . 2008-02-07 00:09 <DIR> d-------- C:\Users\Nick\AppData\Roaming\Nero
2008-02-07 00:00 . 2008-02-07 00:00 <DIR> d-------- C:\Users\All Users\Nero
2008-02-07 00:00 . 2008-02-07 00:00 <DIR> d-------- C:\Program Files\Nero
2008-02-07 00:00 . 2008-02-07 00:05 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-02-05 19:32 . 2008-02-05 19:32 <DIR> d-------- C:\Users\All Users\pdf995
2008-02-05 19:32 . 2008-02-05 19:32 249,856 --a------ C:\Windows\System32\pdfmona.dll
2008-02-05 19:32 . 2008-02-05 19:32 51,716 --a------ C:\Windows\System32\pdf995mon.dll
2008-02-05 19:32 . 2007-08-24 11:13 142 --a------ C:\Windows\wpd99.drv
2008-02-05 19:31 . 2008-02-05 19:31 <DIR> d-------- C:\Users\Nick\AppData\Roaming\TaxCut
2008-02-05 19:30 . 2008-02-05 19:31 <DIR> d-------- C:\Program Files\TaxCut07
2008-02-05 19:30 . 2008-02-05 19:32 <DIR> d-------- C:\Program Files\PDF995
2008-02-05 19:29 . 2008-02-05 19:29 <DIR> d-------- C:\Users\All Users\TaxCut
2008-02-05 14:56 . 2008-02-05 14:56 <DIR> d-------- C:\Users\All Users\FLEXnet
2008-02-05 14:43 . 2008-02-05 14:43 <DIR> d-------- C:\Program Files\Common Files\Control Panels
2008-02-05 14:39 . 2008-02-05 14:39 <DIR> d-------- C:\Users\All Users\ALM
2008-02-05 13:49 . 2007-03-23 04:05 29,272 -ra------ C:\Windows\System32\AdobePDF.dll
2008-02-05 13:29 . 2007-02-20 16:04 2,463,976 --a------ C:\Windows\System32\NPSWF32.dll
2008-02-05 13:29 . 2007-02-20 16:04 190,696 --a------ C:\Windows\System32\NPSWF32_FlashUtil.exe
2008-02-05 13:18 . 2008-02-05 13:18 <DIR> d-------- C:\Program Files\Bonjour
2008-02-05 13:09 . 2008-02-05 13:09 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-01-31 22:44 . 2008-02-07 13:57 256 --a------ C:\Windows\System32\pool.bin
2008-01-31 21:45 . 2008-02-07 13:00 <DIR> d-------- C:\Program Files\Common Files\Research In Motion
2008-01-31 17:00 . 2008-01-31 17:00 <DIR> d-------- C:\Users\Nick\AppData\Roaming\Roxio
2008-01-31 10:06 . 2008-01-31 10:06 <DIR> d-------- C:\Users\All Users\Stardock
2008-01-30 21:53 . 2008-01-30 21:53 <DIR> d-------- C:\Users\Nick\AppData\Roaming\Webroot
2008-01-30 21:53 . 2008-01-30 21:53 <DIR> d-------- C:\Users\All Users\Webroot
2008-01-30 21:53 . 2008-01-30 21:53 <DIR> d-------- C:\Program Files\Webroot
2008-01-30 21:53 . 2008-01-04 20:56 1,526,640 --a------ C:\Windows\WRSetup.dll
2008-01-30 21:53 . 2008-01-04 20:34 163,696 --a------ C:\Windows\System32\drivers\ssidrv.sys
2008-01-30 21:53 . 2008-01-04 20:34 23,920 --a------ C:\Windows\System32\drivers\sskbfd.sys
2008-01-30 21:53 . 2008-01-04 20:34 21,872 --a------ C:\Windows\System32\drivers\sshrmd.sys
2008-01-30 21:53 . 2008-01-04 20:34 20,336 --a------ C:\Windows\System32\drivers\SSFS0BB9.sys
2008-01-30 21:49 . 2008-01-30 21:49 164 --a------ C:\install.dat
2008-01-30 21:09 . 2008-01-30 21:09 <DIR> d-------- C:\Users\Administrator\AppData\Roaming\Research In Motion
2008-01-30 21:08 . 2008-01-30 21:08 <DIR> dr------- C:\Users\Administrator\Videos
2008-01-30 21:08 . 2007-12-28 21:54 <DIR> d-------- C:\Users\Administrator\video
2008-01-30 21:08 . 2008-01-30 21:08 <DIR> dr------- C:\Users\Administrator\Searches
2008-01-30 21:08 . 2008-01-30 21:08 <DIR> dr------- C:\Users\Administrator\Saved Games
2008-01-30 21:08 . 2007-12-30 18:18 <DIR> d-------- C:\Users\Administrator\Roaming
2008-01-30 21:08 . 2008-01-30 21:08 <DIR> dr------- C:\Users\Administrator\Pictures
2008-01-30 21:08 . 2008-01-30 21:08 <DIR> dr------- C:\Users\Administrator\Music
2008-01-30 21:08 . 2008-01-30 21:08 <DIR> dr------- C:\Users\Administrator\Links
2008-01-30 21:08 . 2008-01-30 21:08 <DIR> dr------- C:\Users\Administrator\Downloads
2008-01-30 21:08 . 2008-01-30 21:08 <DIR> dr------- C:\Users\Administrator\Documents
2008-01-30 21:08 . 2008-01-30 21:08 <DIR> dr------- C:\Users\Administrator\Contacts
2008-01-30 21:08 . 2006-11-02 06:35 <DIR> d-------- C:\Users\Administrator\AppData\Roaming\Media Center Programs
2008-01-30 21:08 . 2008-01-30 21:08 <DIR> d--h----- C:\Users\Administrator\AppData
2008-01-30 18:02 . 2008-01-30 18:02 <DIR> d-------- C:\Users\All Users\Office Genuine Advantage
2008-01-29 19:53 . 2008-01-29 19:53 <DIR> d-------- C:\Users\All Users\InstallShield
2008-01-29 19:34 . 2007-01-18 10:24 26,496 --a------ C:\Windows\System32\drivers\RimSerial.sys
2008-01-29 19:32 . 2008-01-29 19:32 <DIR> d-------- C:\Program Files\Research In Motion
2008-01-25 14:46 . 2008-01-25 14:48 <DIR> d-------- C:\Windows\vf_hip
2008-01-25 14:46 . 2008-01-25 14:46 <DIR> d-------- C:\Program Files\Hide IP Platinum
2008-01-25 14:46 . 2008-01-25 14:46 32 --a------ C:\Windows\go
2008-01-25 14:32 . 2008-01-25 14:45 <DIR> d-------- C:\Program Files\ProxyShell
2008-01-20 16:32 . 2008-01-20 16:32 <DIR> d-------- C:\Program Files\FDF
2008-01-20 16:22 . 2008-01-20 16:22 <DIR> d-------- C:\Program Files\CCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-18 17:17 --------- d-----w C:\Users\Nick\AppData\Roaming\DNA
2008-02-14 16:23 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-14 16:23 613,888 ----a-w C:\Windows\System32\wpd_ci.dll
2008-02-14 16:23 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-14 16:23 558,080 ----a-w C:\Windows\System32\oleaut32.dll
2008-02-14 16:23 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-02-14 16:23 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-02-14 16:23 260,096 ----a-w C:\Windows\System32\dpx.dll
2008-02-14 16:23 224,824 ----a-w C:\Windows\System32\clfs.sys
2008-02-14 16:23 221,696 ----a-w C:\Windows\System32\umpnpmgr.dll
2008-02-14 16:23 19,456 ----a-w C:\Windows\System32\cfgmgr32.dll
2008-02-14 16:23 101,888 ----a-w C:\Windows\System32\drvinst.exe
2008-02-14 16:23 1,585,664 ----a-w C:\Windows\System32\setupapi.dll
2008-02-14 16:18 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-14 16:18 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-14 16:18 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-14 16:18 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 16:18 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 16:18 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-14 16:18 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-14 16:18 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-02-14 16:18 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 16:18 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-14 16:18 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-14 16:17 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 16:17 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 16:17 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 16:17 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 16:14 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-14 16:14 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-14 16:14 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-14 16:14 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-11 18:46 --------- d-----w C:\Users\Nick\AppData\Roaming\BitTorrent
2008-02-10 21:28 --------- d-----w C:\Program Files\MySpace
2008-02-10 01:09 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-06 18:55 --------- d-----w C:\Users\Nick\AppData\Roaming\LimeWire
2008-02-06 16:46 --------- d-----w C:\Program Files\UseNeXT
2008-02-06 16:45 --------- d-----w C:\Users\Nick\AppData\Roaming\UseNeXT
2008-02-05 20:47 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-05 02:43 --------- d-----w C:\Users\Nick\AppData\Roaming\Move Networks
2008-02-01 04:26 --------- d-----w C:\Program Files\Roxio
2008-02-01 04:26 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-02-01 04:26 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-01-31 23:53 --------- d-----w C:\Users\Nick\AppData\Roaming\dvdcss
2008-01-31 16:06 --------- d-----w C:\Program Files\Stardock
2008-01-31 02:50 --------- d-----w C:\Program Files\Microsoft Games
2008-01-30 02:10 --------- d-----w C:\Users\Nick\AppData\Roaming\InstallShield
2008-01-30 01:50 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-27 18:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-27 18:57 --------- d-----w C:\Program Files\Hewlett-Packard
2008-01-17 04:29 --------- d-----w C:\Program Files\iTunes
2008-01-17 04:29 --------- d-----w C:\Program Files\iPod
2008-01-17 04:27 --------- d-----w C:\Program Files\QuickTime
2008-01-16 21:56 --------- d-----w C:\Program Files\LimeWire
2008-01-16 21:11 --------- d-----w C:\Users\Nick\AppData\Roaming\iMP3Tunes
2008-01-16 06:04 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-01-11 07:01 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-11 07:01 --------- d-----w C:\Program Files\Windows Mail
2008-01-11 02:01 233,888 ----a-w C:\Windows\System32\DreamScene.dll
2008-01-11 02:01 1,152,000 ----a-w C:\Windows\System32\themecpl.dll
2008-01-11 01:50 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-11 01:50 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-11 01:46 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-04 05:18 --------- d-----w C:\Program Files\RocketDock
2008-01-04 04:36 --------- d-----w C:\Program Files\Common Files\Stardock
2008-01-02 17:31 36,864 ----a-w C:\Windows\System32\wmdmps.dll
2008-01-02 17:31 311,296 ----a-w C:\Windows\System32\mswmdm.dll
2008-01-02 17:31 31,744 ----a-w C:\Windows\System32\wmdmlog.dll
2008-01-02 17:31 229,888 ----a-w C:\Windows\System32\msshsq.dll
2008-01-02 17:31 --------- d-----w C:\Program Files\BitLocker
2008-01-02 17:30 1,171,848 ----a-w C:\Windows\System32\SecureKeyBackupCPL.dll
2008-01-01 22:38 --------- d-----w C:\Program Files\No1 DVD Ripper
2008-01-01 21:30 --------- d-----w C:\Program Files\Xilisoft
2008-01-01 20:35 --------- d-----w C:\Program Files\Cucusoft
2007-12-31 04:29 --------- d-----w C:\Users\Nick\AppData\Roaming\DivX
2007-12-31 00:46 --------- d-----w C:\Users\Nick\AppData\Roaming\Apple Computer
2007-12-31 00:18 --------- d-----w C:\Users\Nick\AppData\Roaming\MySpace
2007-12-29 21:06 --------- d-----w C:\Program Files\DivX
2007-12-29 20:01 --------- d-----w C:\Users\Nick\AppData\Roaming\Hewlett-Packard
2007-12-29 06:48 174 --sha-w C:\Program Files\desktop.ini
2007-12-29 06:43 --------- d-----w C:\Program Files\Windows Defender
2007-12-29 06:43 --------- d-----w C:\Program Files\Windows Calendar
2007-12-29 06:31 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-12-29 06:29 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2007-12-29 06:29 376,320 ----a-w C:\Windows\System32\winsrv.dll
2007-12-29 06:27 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2007-12-29 06:26 414,208 ----a-w C:\Windows\System32\msscp.dll
2007-12-29 06:23 104,448 ----a-w C:\Windows\System32\DWWIN.EXE
2007-12-29 06:23 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2007-12-29 06:22 25,600 ----a-w C:\Windows\System32\LangCleanupSysprepAction.dll
2007-12-29 06:22 23,552 ----a-w C:\Windows\System32\lpremove.exe
2007-12-29 06:22 166,912 ----a-w C:\Windows\System32\lpksetup.exe
2007-12-29 06:22 10,240 ----a-w C:\Windows\System32\MUILanguageCleanup.dll
2007-12-29 06:21 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2007-12-29 06:21 8,704 ----a-w C:\Windows\System32\hccoin.dll
2007-12-29 06:21 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys
2007-12-29 06:21 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
2007-12-29 06:21 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
2007-12-29 06:21 23,040 ----a-w C:\Windows\system32\drivers\usbuhci.sys
2007-12-29 06:21 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@={8D2223A2-B3C6-4e32-B096-CDD11F628C60}

[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2007-12-13 22:02 96552 --a------ C:\Program Files\Nero\Nero8\InCD\NBHShx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 19:46 1232896]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 04:40 218032]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-03-20 16:23 1773568]
"FAST Defrag"="C:\PROGRA~1\FDF\FAST2.exe" [2005-08-24 12:12 97792]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 06:34 125440]
"BitTorrent DNA"="C:\Users\Nick\Program Files\DNA\btdna.exe" [2008-02-12 16:03 287040]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 06:33 201728]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile-based device management"="%windir%\WindowsMobile\wmdSync.exe" [ ]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-12-29 00:28 1006264]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 17:12 317128]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 02:29 102400]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 02:50 1021224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 14:43 729088]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-04-23 19:11 176128]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-10-18 09:18 133656]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-10-18 09:19 141848]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 08:37 174872]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 14:18 472776]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-06-05 09:12 71176]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-10-18 09:18 166424]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 16:40 1884160]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"SecurDisc"="C:\Program Files\Nero\Nero8\InCD\NBHGui.exe" [2007-12-13 22:02 2048808]
"InCD"="C:\Program Files\Nero\Nero8\InCD\InCD.exe" [2007-12-13 22:02 1082152]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 08:21 1443072]

C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 21:24:54 98632]
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-01-03 22:36:54 3450608]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R1 epfwtdir;epfwtdir;C:\Windows\system32\DRIVERS\epfwtdir.sys [2007-12-21 08:21]
R2 NeroRegInCDSrv;Nero Registry InCD Service;C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2007-12-13 22:02]
R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 03:45]
R2 WcesComm;Windows Mobile 2003-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 03:45]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-10-18 09:05]
R3 NETw4v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-10-31 18:36]
R3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-03-05 15:28]
S0 OemBiosDevice;Royalty OEM BIOS Extension;C:\Windows\system32\DRIVERS\royal.sys [2007-04-11 23:55]
S3 GameConsoleService;GameConsoleService;"C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe" [2007-12-18 12:40]
S3 UMPass;Microsoft UMPass Driver;C:\Windows\system32\DRIVERS\umpass.sys [2006-11-02 02:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-18 11:19:35
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\Windows\bhdbca 57087510 bytes
C:\Windows\clhdbca 2151858 bytes
C:\Windows\mlhdbca 0 bytes
C:\Windows\ohdbca 1504 bytes
C:\Windows\plhdbca 6425 bytes
C:\Windows\prlhdbca 2368653 bytes
C:\Windows\shdbca 0 bytes
C:\Windows\ulhdbca 0 bytes
C:\Windows\eshdbca 0 bytes
C:\Windows\hdbca
C:\Windows\ihdbca 3173544 bytes
C:\Windows\ilhdbca 0 bytes
C:\Windows\klhdbca 3122368 bytes
C:\Windows\wlhdbca 16221696 bytes
C:\Windows\system32\drivers\hdbca.sys 194336 bytes executable

scan completed successfully
hidden files: 15

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\Explorer.exe [6.00.6000.16549]
-> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
.
Completion time: 2008-02-18 11:21:30
ComboFix2.txt 2008-02-09 22:37:21
.
2008-02-16 19:35:04 --- E O F ---

and

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:24:43 AM, on 2/18/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\FDF\FAST2.EXE
C:\Windows\ehome\ehtray.exe
C:\Users\Nick\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...n&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WAWifiMessage] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SMSERIAL] "C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] "C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [SecurDisc] "C:\Program Files\Nero\Nero8\InCD\NBHGui.exe"
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Nero\Nero8\InCD\InCD.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [HPAdvisor] "C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" autoRun
O4 - HKCU\..\Run: [FAST Defrag] "C:\PROGRA~1\FDF\FAST2.EXE" -tray
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Nick\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {389956FE-3A45-469C-B944-70308E06BAAC} (CVServerObject Object) - http://argushighland...rg/videocom.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\PROGRA~1\Stardock\OBJECT~2\DESKSC~1\deskscapes.dll
O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\PROGRA~1\Stardock\OBJECT~2\DESKSC~1\DesktopControlPanel.dll
O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\PROGRA~1\Stardock\OBJECT~2\DESKSC~1\DreamControl.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 14242 bytes
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP