Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

virtounde [RESOLVED]


  • This topic is locked This topic is locked

#1
shimmering_rain1970

shimmering_rain1970

    New Member

  • Member
  • Pip
  • 8 posts
Hi, I tried to remove this myself, not sure if it is still here. Something is still going on with my computer. Here is my hijack this log.


Logfile of HijackThis v1.99.1
Scan saved at 10:20:33 AM, on 2/23/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\WINDOWS\RtHDVCpl.exe
C:\WINDOWS\System32\jureg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\hp\kbd\kbd.exe
C:\Windows\explorer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Users\mom\Desktop\icons\hijackthis_sfx.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} (HPDDClientExec Class) - http://h20264.www2.h...osticsVista.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.co...nstallAsst2.cab
O16 - DPF: {A364AF35-0CDF-41E8-8F3B-E0E55E15EBA1} (Zenturi Active Programs Control) - http://www.programch...m/dll/nixon.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.co.../MathPlayer.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\Windows\system32\spool\DRIVERS\W32X86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\Windows\system32\spool\DRIVERS\W32X86\3\HPBOID.EXE
O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

:) shimmering_rain
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there - I can see nothing readilly apparent. What problems are you having ?

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
shimmering_rain1970

shimmering_rain1970

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
When it first happened yesterday, my desktop and taskbar were removed, I ran adware and found virtomunde, unfortunately after fixing and rerunning adware I lost that log file, free version is set up to keep 1 log, as far as I can see. I came here yesterday and followed some suggestions in other posts for the same thing, all seemed to be fine until I rebooted my computer then I had three little error messages each stating file not found, these were the files, c:\users\mom\appdata\local\temp\awtrs.dll, dwnnkeq.dll, ddcca.dll. That lead me to believe there was still a problem. I ran cleanUp to delete temp files. During my trouble shooting I ran VirtumundoBeGone v1.5 , I also ran combofix again today, here are the two log files from those. I will download and run deckerd also.

[02/22/2008, 17:53:44] - VirtumundoBeGone v1.5 ( "C:\Users\mom\Desktop\VirtumundoBeGone.exe" )
[02/22/2008, 17:53:54] - Detected System Information:
[02/22/2008, 17:53:54] - Windows Version: 6.0.6000,
[02/22/2008, 17:53:54] - Current Username: mom (Admin)
[02/22/2008, 17:53:54] - Windows is in NORMAL mode.
[02/22/2008, 17:53:54] - Searching for Browser Helper Objects:
[02/22/2008, 17:53:54] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} (&Yahoo! Toolbar Helper)
[02/22/2008, 17:53:54] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[02/22/2008, 17:53:54] - BHO 3: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (Yahoo! IE Services Button)
[02/22/2008, 17:53:54] - BHO 4: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} ()
[02/22/2008, 17:53:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/22/2008, 17:53:54] - Checking for HKLM\...\Winlogon\Notify\coIEPlg
[02/22/2008, 17:53:54] - Key not found: HKLM\...\Winlogon\Notify\coIEPlg, continuing.
[02/22/2008, 17:53:54] - BHO 5: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} (Symantec Intrusion Prevention)
[02/22/2008, 17:53:54] - BHO 6: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
[02/22/2008, 17:53:54] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[02/22/2008, 17:53:54] - Finished Searching Browser Helper Objects
[02/22/2008, 17:53:54] - Finishing up...
[02/22/2008, 17:53:54] - Nothing found! Exiting...

[02/22/2008, 18:51:39] - VirtumundoBeGone v1.5 ( "C:\Users\mom\Desktop\VirtumundoBeGone.exe" )
[02/22/2008, 18:51:45] - Detected System Information:
[02/22/2008, 18:51:45] - Windows Version: 6.0.6000,
[02/22/2008, 18:51:45] - Current Username: mom (Admin)
[02/22/2008, 18:51:45] - Windows is in SAFE mode with Networking.
[02/22/2008, 18:51:45] - Searching for Browser Helper Objects:
[02/22/2008, 18:51:45] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} (&Yahoo! Toolbar Helper)
[02/22/2008, 18:51:45] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[02/22/2008, 18:51:45] - BHO 3: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (Yahoo! IE Services Button)
[02/22/2008, 18:51:45] - BHO 4: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} ()
[02/22/2008, 18:51:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/22/2008, 18:51:45] - Checking for HKLM\...\Winlogon\Notify\coIEPlg
[02/22/2008, 18:51:45] - Key not found: HKLM\...\Winlogon\Notify\coIEPlg, continuing.
[02/22/2008, 18:51:45] - BHO 5: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} (Symantec Intrusion Prevention)
[02/22/2008, 18:51:45] - BHO 6: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
[02/22/2008, 18:51:45] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[02/22/2008, 18:51:45] - Finished Searching Browser Helper Objects
[02/22/2008, 18:51:45] - Finishing up...
[02/22/2008, 18:51:45] - Nothing found! Exiting...

[02/22/2008, 19:13:41] - VirtumundoBeGone v1.5 ( "C:\Users\mom\Desktop\VirtumundoBeGone.exe" )
[02/22/2008, 19:13:44] - Detected System Information:
[02/22/2008, 19:13:44] - Windows Version: 6.0.6000,
[02/22/2008, 19:13:44] - Current Username: mom (Admin)
[02/22/2008, 19:13:44] - Windows is in SAFE mode with Networking.
[02/22/2008, 19:13:44] - Searching for Browser Helper Objects:
[02/22/2008, 19:13:44] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} (&Yahoo! Toolbar Helper)
[02/22/2008, 19:13:44] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[02/22/2008, 19:13:44] - BHO 3: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (Yahoo! IE Services Button)
[02/22/2008, 19:13:44] - BHO 4: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} ()
[02/22/2008, 19:13:44] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/22/2008, 19:13:44] - Checking for HKLM\...\Winlogon\Notify\coIEPlg
[02/22/2008, 19:13:44] - Key not found: HKLM\...\Winlogon\Notify\coIEPlg, continuing.
[02/22/2008, 19:13:44] - BHO 5: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} (Symantec Intrusion Prevention)
[02/22/2008, 19:13:44] - BHO 6: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
[02/22/2008, 19:13:44] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[02/22/2008, 19:13:44] - Finished Searching Browser Helper Objects
[02/22/2008, 19:13:44] - Finishing up...
[02/22/2008, 19:13:44] - Nothing found! Exiting...


ComboFix 08-02-22.3 - mom 2008-02-23 14:03:20.6 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2159 [GMT -5:00]
Running from: C:\Users\mom\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-01-23 to 2008-02-23 )))))))))))))))))))))))))))))))
.

2008-02-23 10:17 . 2008-02-23 10:18 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-02-23 01:53 . 2008-02-23 02:19 <DIR> d-------- C:\Program Files\WinStars2
2008-02-23 00:25 . 2008-02-23 00:25 <DIR> d-------- C:\Users\mom\AppData\Roaming\SUPERAntiSpyware.com
2008-02-23 00:25 . 2008-02-23 00:25 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-02-23 00:25 . 2008-02-23 00:25 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-02-23 00:25 . 2008-02-23 13:51 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-22 21:18 . 2008-02-22 21:18 <DIR> d-------- C:\Users\All Users\LightScribe
2008-02-22 21:18 . 2008-02-22 21:18 <DIR> d-------- C:\ProgramData\LightScribe
2008-02-22 19:37 . 2008-02-22 19:37 0 --ah----- C:\ntuser.dat.LOG2
2008-02-22 19:37 . 2008-02-22 19:37 0 --ah----- C:\ntuser.dat.LOG1
2008-02-22 19:37 . 2008-02-22 19:37 0 --a------ C:\ntuser.dat
2008-02-22 19:14 . 2008-02-22 19:14 41,046 --a------ C:\Ad-Aware 20080222 19-14-40.log.xml
2008-02-22 17:22 . 2008-02-22 17:22 <DIR> d-------- C:\WINDOWS\System32\Kaspersky Lab
2008-02-22 17:02 . 2008-02-22 17:02 <DIR> d-------- C:\VundoFix Backups
2008-02-22 07:24 . 2008-02-22 07:24 <DIR> d-------- C:\Users\mom\AppData\Roaming\Nero
2008-02-22 04:44 . 2008-02-22 04:44 <DIR> d-------- C:\Users\All Users\Nero
2008-02-22 04:44 . 2008-02-22 04:44 <DIR> d-------- C:\ProgramData\Nero
2008-02-22 04:44 . 2008-02-22 04:44 <DIR> d-------- C:\Program Files\Nero
2008-02-22 04:44 . 2008-02-22 04:46 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-02-20 22:10 . 2008-02-20 22:10 <DIR> d-------- C:\Users\All Users\Office Genuine Advantage
2008-02-20 22:10 . 2008-02-20 22:10 <DIR> d-------- C:\ProgramData\Office Genuine Advantage
2008-02-20 16:51 . 2008-02-20 21:20 <DIR> d-------- C:\XMENSE_DISC1
2008-02-20 15:57 . 2008-02-20 16:49 <DIR> d-------- C:\SHOOTER_AC_169
2008-02-20 15:31 . 2008-02-20 15:57 <DIR> d-------- C:\DAVID_BLAINE_FEARLESS
2008-02-20 00:23 . 2008-02-20 02:11 <DIR> d-------- C:\Users\mom\AppData\Roaming\uTorrent
2008-02-20 00:23 . 2008-02-20 00:23 <DIR> d-------- C:\Program Files\uTorrent
2008-02-19 00:54 . 2008-02-19 00:54 <DIR> d-------- C:\mom
2008-02-17 20:54 . 2008-02-17 20:54 <DIR> d-------- C:\Users\mom\AppData\Roaming\Template
2008-02-17 20:53 . 2008-02-17 20:53 0 --a------ C:\Users\mom\AppData\Roaming\wklnhst.dat
2008-02-17 03:08 . 2008-02-17 03:08 <DIR> d-------- C:\Users\mom\AppData\Roaming\WildTangent
2008-02-15 21:53 . 2008-01-10 00:50 1,244,672 --a------ C:\WINDOWS\System32\mcmde.dll
2008-02-15 11:36 . 2008-02-16 03:00 <DIR> d-------- C:\PASSION_OF_THE_CHRIST
2008-02-15 01:34 . 2008-02-15 11:28 <DIR> d-------- C:\MERCENARY_FOR_JUSTICE
2008-02-15 00:53 . 2008-02-15 01:18 <DIR> d-------- C:\THE_GUARDIAN
2008-02-15 00:13 . 2008-02-15 00:48 <DIR> d-------- C:\SIMPSONS_WS
2008-02-14 23:29 . 2008-02-14 23:57 <DIR> d-------- C:\MR_BROOKS_US
2008-02-14 20:51 . 2008-02-14 21:06 <DIR> d-------- C:\SHREK_THE_THIRD
2008-02-14 15:13 . 2008-02-14 15:13 <DIR> d-------- C:\Users\mom\AppData\Roaming\AdobeUM
2008-02-14 15:05 . 2008-02-14 15:05 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-02-14 12:54 . 2008-02-14 20:49 <DIR> d-------- C:\I_NOW_PRONOUNCE_CHUCK_LARRY
2008-02-14 12:47 . 2008-02-20 21:21 <DIR> d-------- C:\Users\All Users\DVD Shrink
2008-02-14 12:47 . 2008-02-20 21:21 <DIR> d-------- C:\ProgramData\DVD Shrink
2008-02-14 12:47 . 2008-02-14 12:47 <DIR> d-------- C:\Program Files\DVD Shrink
2008-02-14 12:46 . 2008-02-14 12:46 118,784 --a------ C:\Program Files\FixVTS.exe
2008-02-14 12:45 . 2008-02-20 21:20 <DIR> d-------- C:\Users\mom\AppData\Roaming\RipIt4Me
2008-02-14 12:45 . 2008-02-14 12:45 <DIR> d-------- C:\Program Files\DVD Decrypter
2008-02-13 13:38 . 2008-02-13 13:38 194,560 --a------ C:\WINDOWS\System32\WebClnt.dll
2008-02-13 13:38 . 2008-02-13 13:38 110,080 --a------ C:\WINDOWS\System32\drivers\mrxdav.sys
2008-02-13 03:13 . 2008-02-13 03:13 3,505,720 --a------ C:\WINDOWS\System32\ntkrnlpa.exe
2008-02-13 03:13 . 2008-02-13 03:13 3,471,928 --a------ C:\WINDOWS\System32\ntoskrnl.exe
2008-02-13 03:13 . 2008-02-13 03:13 154,624 --a------ C:\WINDOWS\System32\drivers\nwifi.sys
2008-02-13 03:10 . 2008-02-13 03:10 4,247,552 --a------ C:\WINDOWS\System32\GameUXLegacyGDFs.dll
2008-02-13 03:10 . 2008-02-13 03:10 1,686,528 --a------ C:\WINDOWS\System32\gameux.dll
2008-02-13 03:10 . 2008-02-13 03:10 803,328 --a------ C:\WINDOWS\System32\drivers\tcpip.sys
2008-02-13 03:10 . 2008-02-13 03:10 216,632 --a------ C:\WINDOWS\System32\drivers\netio.sys
2008-02-13 03:10 . 2008-02-13 03:10 167,424 --a------ C:\WINDOWS\System32\tcpipcfg.dll
2008-02-13 03:10 . 2008-02-13 03:10 24,064 --a------ C:\WINDOWS\System32\netcfg.exe
2008-02-13 03:10 . 2008-02-13 03:10 22,016 --a------ C:\WINDOWS\System32\netiougc.exe
2008-02-13 03:04 . 2008-02-13 03:04 1,831,424 --a------ C:\WINDOWS\System32\inetcpl.cpl
2008-02-13 03:04 . 2008-02-13 03:04 56,320 --a------ C:\WINDOWS\System32\iesetup.dll
2008-02-13 03:04 . 2008-02-13 03:04 26,624 --a------ C:\WINDOWS\System32\ieUnatt.exe
2008-02-13 00:43 . 2008-02-13 00:44 <DIR> d-------- C:\Users\All Users\WinZip
2008-02-13 00:43 . 2008-02-13 00:44 <DIR> d-------- C:\ProgramData\WinZip
2008-02-12 22:34 . 2008-02-19 22:56 2,592,187 --a------ C:\Users\mom\exp_word_vol1_sdf.zip
2008-02-10 11:39 . 2008-02-10 11:39 39 --a------ C:\WINDOWS\vbaddin.ini
2008-02-10 11:38 . 2008-02-10 11:38 162 --a------ C:\WINDOWS\ODBC.INI
2008-02-10 09:28 . 2008-02-10 09:29 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-02-10 09:28 . 2008-02-10 09:29 <DIR> d-------- C:\ProgramData\Lavasoft
2008-02-10 09:28 . 2008-02-10 09:28 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-09 21:34 . 2008-02-09 21:34 <DIR> d-------- C:\Users\mom\AppData\Roaming\Printer Info Cache
2008-02-09 21:34 . 2008-02-21 14:33 <DIR> d-------- C:\Users\mom\AppData\Roaming\Image Zone Express
2008-02-08 22:52 . 2008-02-08 22:52 <DIR> d-------- C:\Users\All Users\Zenturi
2008-02-08 22:52 . 2008-02-08 22:52 <DIR> d-------- C:\ProgramData\Zenturi
2008-02-08 22:52 . 2008-02-08 22:52 26,000 --a------ C:\WINDOWS\System32\E3TL.DLL
2008-02-08 22:18 . 2008-02-23 00:24 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-08 19:54 . 2008-02-08 19:54 <DIR> d-------- C:\Program Files\CleanUp!
2008-02-08 11:16 . 2008-02-08 11:16 <DIR> d-------- C:\Users\All Users\HD_DVD
2008-02-08 11:16 . 2008-02-08 11:16 <DIR> d-------- C:\ProgramData\HD_DVD
2008-02-07 23:23 . 2008-02-07 23:23 <DIR> d-------- C:\Users\All Users\Logitech
2008-02-07 23:23 . 2008-02-07 23:26 <DIR> d-------- C:\Users\All Users\Logishrd
2008-02-07 23:23 . 2008-02-07 23:23 <DIR> d-------- C:\ProgramData\Logitech
2008-02-07 23:23 . 2008-02-07 23:26 <DIR> d-------- C:\ProgramData\Logishrd
2008-02-07 23:23 . 2008-02-07 23:23 <DIR> d-------- C:\Program Files\Logitech
2008-02-07 23:21 . 2008-02-07 23:23 <DIR> d-------- C:\Program Files\Common Files\logishrd
2008-02-07 19:47 . 2008-02-07 19:47 <DIR> d-------- C:\Users\All Users\WEBREG
2008-02-07 19:47 . 2008-02-07 19:47 <DIR> d-------- C:\ProgramData\WEBREG
2008-02-07 19:45 . 2008-02-07 19:48 <DIR> d-------- C:\Users\mom\AppData\Roaming\HP
2008-02-07 19:42 . 2008-02-07 19:42 <DIR> d-------- C:\Users\All Users\HPSSUPPLY
2008-02-07 19:42 . 2008-02-07 19:42 <DIR> d-------- C:\ProgramData\HPSSUPPLY
2008-02-07 19:41 . 2008-02-07 19:41 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-02-07 19:10 . 2007-02-01 03:24 258,048 --a------ C:\WINDOWS\System32\hpzids01.dll
2008-02-07 19:10 . 2007-02-28 19:07 6,600 --a------ C:\WINDOWS\hpomdl18.dat
2008-02-07 19:02 . 2008-02-07 17:14 130,660 --------- C:\WINDOWS\hpoins18.dat.temp
2008-02-07 19:02 . 2007-02-28 19:07 6,600 --------- C:\WINDOWS\hpomdl18.dat.temp
2008-02-07 17:14 . 2006-12-16 01:19 897,024 --a------ C:\WINDOWS\System32\hpotiop1.dll
2008-02-07 17:14 . 2006-12-16 01:19 675,840 --a------ C:\WINDOWS\System32\hpowiav1.dll
2008-02-07 17:14 . 2006-12-16 01:19 303,104 --a------ C:\WINDOWS\System32\hpovst01.dll
2008-02-07 17:14 . 2007-02-01 03:24 258,048 --a------ C:\hpzids01.dll
2008-02-07 17:14 . 2008-02-07 19:47 130,806 --a------ C:\WINDOWS\hpoins18.dat
2008-02-07 16:07 . 2006-04-10 14:03 38,400 --a------ C:\WINDOWS\System32\hpz3l054.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-23 18:08 --------- d-----w C:\ProgramData\Symantec
2008-02-23 04:58 --------- d-----w C:\Program Files\Norton Internet Security
2008-02-23 04:58 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-23 02:20 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-02-23 02:20 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-02-23 02:20 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-02-23 02:20 --------- d-----w C:\Program Files\Symantec
2008-02-17 08:10 --------- d-----w C:\ProgramData\WildTangent
2008-02-13 08:10 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-13 08:10 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 08:10 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-13 08:10 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-13 08:05 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-13 08:05 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-08 00:45 --------- d-----w C:\ProgramData\HP
2008-02-08 00:42 --------- d-----w C:\Program Files\HP
2008-02-08 00:42 --------- d-----w C:\Program Files\Common Files\HP
2008-02-07 22:18 --------- d-----w C:\ProgramData\Hewlett-Packard
2008-02-07 03:38 --------- d-----w C:\ProgramData\CyberLink
2008-02-05 17:59 --------- d-----w C:\Program Files\Yahoo!
2008-02-03 15:29 --------- d-----w C:\Program Files\Java
2008-02-03 06:57 --------- d-----w C:\Program Files\Windows Sidebar
2008-02-03 06:57 --------- d-----w C:\Program Files\Windows Mail
2008-02-03 06:30 --------- d-----w C:\Program Files\MSBuild
2008-02-03 06:13 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-02-03 06:13 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-02-03 06:13 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-02-03 06:13 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-02-03 06:13 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-02-03 06:13 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-02-03 06:13 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-02-03 06:13 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-02-03 06:13 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-02-03 06:13 2,923,520 ----a-w C:\Windows\explorer.exe
2008-02-03 06:13 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-03 02:30 1,852 --sha-r C:\Windows\system32\drivers\103C_HP_CPC_KC880AA-ABA m9150f_YC_0Pavi_QCNX748_E81NAv3PrA1_49_IBenicia_SASUSTeK Computer INC._V1.01_B5.04_T071102_WUH0_L409_M3071_J360_7Intel_8Core2 Quad Q6600_92.4_#080125_N10EC8168_Z14F12F20_G10DE0421.MRK
2008-02-03 02:26 --------- d-sh--w C:\ProgramData\Templates
2008-02-03 02:26 --------- d-sh--w C:\ProgramData\Start Menu
2008-02-03 02:26 --------- d-sh--w C:\ProgramData\Favorites
2008-02-03 02:26 --------- d-sh--w C:\ProgramData\Documents
2008-02-03 02:26 --------- d-sh--w C:\ProgramData\Desktop
2008-02-03 02:26 --------- d-sh--w C:\ProgramData\Application Data
2008-01-15 14:54 10,537 ----a-w C:\Windows\system32\drivers\coh_mon.cat
2008-01-15 10:28 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
2008-01-12 23:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
2007-12-14 16:32 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2007-12-14 00:09 972,072 ----a-w C:\Windows\UNNeroMediaHome.exe
2007-12-04 14:59 972,072 ----a-w C:\Windows\UNRecode.exe
2007-12-03 23:04 95,600 ----a-w C:\Windows\System32\NeroCo.dll
2007-11-13 03:45 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-24 08:51 316784 --a------ c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-02-22 21:20 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-02-03 01:10 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 07:34 2159104 C:\WINDOWS\System32\oobefldr.dll]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-03 21:02 1783136]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 07:35 125440]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-11-12 22:26 1006264]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 10:01 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 11:16 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 06:59 118784]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 19:36 178712]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-19 09:50 4702208 C:\WINDOWS\RtHDVCpl.exe]
"HP Health Check Scheduler"="[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [ ]
"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-09-25 01:11 54672]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-24 10:07 51048]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520]
Snapfish Media Detector.lnk - C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe [2007-05-07 13:35:56 1273856]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080221.002\IDSvix86.sys [2008-02-13 11:18]
R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};C:\Program Files\HP\DVDPlay\000.fcl [2007-10-09 14:07]
R2 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [2007-05-29 10:19]
R2 HPSLPSVC;HP Network Devices Support;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
R2 LiveUpdate Notice;LiveUpdate Notice;"c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2007-08-24 10:07]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-28 11:44]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\system32\drivers\HCW85BDA.sys [2007-10-01 04:21]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;C:\Windows\system32\DRIVERS\netr73.sys [2007-09-24 06:09]
R3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-08-03 05:44]
R3 SymIMMP;SymIMMP;C:\Windows\system32\DRIVERS\SymIM.sys [2007-08-09 05:27]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-08-13 01:50]
S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-01-12 18:32]
S3 GameConsoleService;GameConsoleService;"C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe" [2007-07-23 18:33]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\Windows\system32\DRIVERS\SymIM.sys [2007-08-09 05:27]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-02-23 04:58:32 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - mom.job"
- c:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-23 14:03:48
Windows 6.0.6000 NTFS

scanning hidden processes ...

LVPrcSrv.exe [81204]
? [1704]
? [4720]
? [5976]
? [12940]
? [564]
? [15496]

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-23 14:04:14
ComboFix-quarantined-files.txt 2008-02-23 19:04:12
ComboFix2.txt 2008-02-23 19:02:41
ComboFix3.txt 2008-02-23 18:56:43
ComboFix4.txt 2008-02-23 05:17:36
.
2008-02-22 14:43:16 --- E O F ---
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there I see what the problem is so hold off on the DSS scan and run this one instead

Download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind35u folder and double-click on WinPFind35u.exe to start the program.
  • Check the box that says Scan All User Accounts
  • Check the Radio buttons for Files/Folders Created Within 90 Days and Files/Folders Modified Within 90 Days
  • Under Additional Scans check the following:
    • Reg - BotCheck
    • Reg - Desktop Components
    • Reg - Disabled MS Config Items
    • File - Additional Folder Scans
    • File - Purity Scan
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#5
shimmering_rain1970

shimmering_rain1970

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thanks for the quick response, here is the log you asked for, I had to copy and paste again, it was too big for the 500k limit:
[code=auto:0]
WinPFind35 logfile created on: 2/23/2008 2:54:19 PM
WinPFind35U Version 1.0.0.1 Folder = C:\Users\mom\Desktop\WinPFind35u
Windows Vista (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16609)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 325.54 Gb Total Space | 181.60 Gb Free Space | 55.78% Space Free | Partition Type: NTFS
Drive D: | 9.81 Gb Total Space | 1.33 Gb Free Space | 13.61% Space Free | Partition Type: NTFS
Drive E: | 335.35 Gb Total Space | 143.40 Gb Free Space | 42.76% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 7.48 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MOM-PC
Current User Name: mom
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users

[Processes - Non-Microsoft Only]
lvprcsrv.exe -> %CommonProgramFiles%\logishrd\LVMVFM\LVPrcSrv.exe -> Logitech Inc. [Ver = 11.5.0.1158 | Size = 141848 bytes | Modified Date = 10/19/2007 1:19:22 PM | Attr = ]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr = ]
ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.0.102 | Size = 149864 bytes | Modified Date = 8/24/2007 10:07:00 AM | Attr = ]
hpbtnsrv.exe -> %SystemDrive%\hp\HPEZBTN\HPBtnSrv.exe -> [Ver = | Size = 198240 bytes | Modified Date = 5/29/2007 10:19:08 AM | Attr = ]
iaantmon.exe -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> Intel Corporation [Ver = 7.6.0.1011 | Size = 354840 bytes | Modified Date = 7/12/2007 7:36:12 PM | Attr = ]
lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.10.16.1 | Size = 79136 bytes | Modified Date = 9/25/2007 7:16:08 PM | Attr = ]
lvcomser.exe -> %CommonProgramFiles%\logishrd\LVCOMSER\LVComSer.exe -> Logitech Inc. [Ver = 1.0.5.1158 | Size = 186904 bytes | Modified Date = 10/19/2007 1:17:28 PM | Attr = ]
nbservice.exe -> %ProgramFiles%\Nero\Nero8\Nero BackItUp\NBService.exe -> Nero AG [Ver = 3, 2, 3, 0 | Size = 869672 bytes | Modified Date = 12/3/2007 2:21:24 PM | Attr = ]
lvcomser.exe -> %CommonProgramFiles%\logishrd\LVCOMSER\LVComSer.exe -> Logitech Inc. [Ver = 1.0.5.1158 | Size = 186904 bytes | Modified Date = 10/19/2007 1:17:28 PM | Attr = ]
xaudio.exe -> %SystemRoot%\System32\drivers\XAudio.exe -> Conexant Systems, Inc. [Ver = 1.02 | Size = 386560 bytes | Modified Date = 11/28/2006 11:44:58 AM | Attr = ]
hpsysdrv.exe -> %SystemDrive%\hp\support\hpsysdrv.exe -> Hewlett-Packard Company [Ver = 2.00.00 | Size = 65536 bytes | Modified Date = 4/18/2007 10:01:34 AM | Attr = ]
osd.exe -> %ProgramFiles%\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe -> OsdMaestro [Ver = 1, 0, 0, 5 | Size = 118784 bytes | Modified Date = 2/15/2007 6:59:00 AM | Attr = ]
iaanotif.exe -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> Intel Corporation [Ver = 7.6.0.1011 | Size = 178712 bytes | Modified Date = 7/12/2007 7:36:10 PM | Attr = ]
rthdvcpl.exe -> %SystemRoot%\RtHDVCpl.exe -> Realtek Semiconductor [Ver = 1, 0, 0, 92 | Size = 4702208 bytes | Modified Date = 9/19/2007 9:50:44 AM | Attr = ]
jureg.exe -> %SystemRoot%\System32\jureg.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 54672 bytes | Modified Date = 9/25/2007 1:11:36 AM | Attr = ]
hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe -> Hewlett-Packard Co. [Ver = 82.0.173.000 | Size = 49152 bytes | Modified Date = 12/10/2006 9:52:38 PM | Attr = ]
communications_helper.exe -> %CommonProgramFiles%\logishrd\LComMgr\Communications_Helper.exe -> [Ver = | Size = 563984 bytes | Modified Date = 10/25/2007 4:33:22 PM | Attr = ]
quickcam.exe -> %ProgramFiles%\Logitech\QuickCam\Quickcam.exe -> [Ver = | Size = 2178832 bytes | Modified Date = 10/25/2007 4:37:32 PM | Attr = ]
hpadvisor.exe -> %ProgramFiles%\Hewlett-Packard\HP Advisor\HPAdvisor.exe -> Hewlett-Packard [Ver = 1.4.20.2435 | Size = 1783136 bytes | Modified Date = 10/3/2007 9:02:02 PM | Attr = ]
nmindexstoresvr.exe -> %CommonProgramFiles%\Nero\Lib\NMIndexStoreSvr.exe -> Nero AG [Ver = 3.2.5.0 | Size = 1688872 bytes | Modified Date = 12/13/2007 7:10:56 PM | Attr = ]
superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 6/21/2007 2:06:28 PM | Attr = ]
hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 82.0.188.000 | Size = 210520 bytes | Modified Date = 1/2/2007 9:40:10 PM | Attr = ]
snapfishmediadetector.exe -> %ProgramFiles%\Snapfish Picture Mover\SnapfishMediaDetector.exe -> [Ver = 1, 7, 0, 7 | Size = 1273856 bytes | Modified Date = 5/7/2007 1:35:56 PM | Attr = ]
ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.0.102 | Size = 149864 bytes | Modified Date = 8/24/2007 10:07:00 AM | Attr = ]
hpqste08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqste08.exe -> Hewlett-Packard Co. [Ver = 82.0.173.000 | Size = 271960 bytes | Modified Date = 12/10/2006 9:51:08 PM | Attr = ]
nmindexingservice.exe -> %CommonProgramFiles%\Nero\Lib\NMIndexingService.exe -> Nero AG [Ver = 3.2.5.0 | Size = 447784 bytes | Modified Date = 12/13/2007 7:10:56 PM | Attr = ]
cocimanager.exe -> %CommonProgramFiles%\logishrd\LQCVFX\COCIManager.exe -> Logitech Inc. [Ver = 11.5.0.1169 | Size = 407824 bytes | Modified Date = 10/25/2007 4:32:58 PM | Attr = ]
ymsgr_tray.exe -> %ProgramFiles%\Yahoo!\Messenger\Ymsgr_tray.exe -> Yahoo! Inc. [Ver = 8,1,0,0 | Size = 103664 bytes | Modified Date = 8/30/2007 5:43:18 PM | Attr = ]
aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.4.0.164 | Size = 243064 bytes | Modified Date = 8/31/2007 11:49:50 AM | Attr = ]
hphc_service.exe -> %ProgramFiles%\Hewlett-Packard\HP Health Check\HPHC_Service.exe -> Hewlett-Packard [Ver = 2.3.0.2 | Size = 65536 bytes | Modified Date = 9/19/2007 8:30:52 PM | Attr = ]
kbd.exe -> %SystemDrive%\hp\KBD\kbd.exe -> Hewlett-Packard Company [Ver = 1.0.2.2.20205 | Size = 67128 bytes | Modified Date = 5/16/2007 11:56:44 AM | Attr = ]
symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1251720 bytes | Modified Date = 2/22/2008 9:20:09 PM | Attr = ]
winpfind35u.exe -> %UserProfile%\Desktop\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 309760 bytes | Modified Date = 2/21/2008 7:41:02 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr = ]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.4.0.164 | Size = 243064 bytes | Modified Date = 8/31/2007 11:49:50 AM | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.0.102 | Size = 149864 bytes | Modified Date = 8/24/2007 10:07:00 AM | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.0.102 | Size = 149864 bytes | Modified Date = 8/24/2007 10:07:00 AM | Attr = ]
(CertPropSvc) Certificate Propagation [Win32_Shared | Unknown | Stopped] -> -> File not found
(CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.0.102 | Size = 149864 bytes | Modified Date = 8/24/2007 10:07:00 AM | Attr = ]
(comHost) COM Host [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\VAScanner\comHost.exe -> Symantec Corporation [Ver = 3.0.0.71 | Size = 55640 bytes | Modified Date = 8/21/2007 12:21:00 PM | Attr = ]
(DcomLaunch) DCOM Server Process Launcher [Win32_Shared | Unknown | Running] -> -> File not found
(DPS) Diagnostic Policy Service [Win32_Shared | Unknown | Running] -> -> File not found
(GameConsoleService) GameConsoleService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\HP Games\My HP Game Console\GameConsoleService.exe -> WildTangent, Inc. [Ver = 1.0.0.1 | Size = 181800 bytes | Modified Date = 7/23/2007 6:33:06 PM | Attr = ]
(gpsvc) Group Policy Client [Win32_Shared | Unknown | Running] -> -> File not found
(HP Health Check Service) HP Health Check Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Hewlett-Packard\HP Health Check\HPHC_Service.exe -> Hewlett-Packard [Ver = 2.3.0.2 | Size = 65536 bytes | Modified Date = 9/19/2007 8:30:52 PM | Attr = ]
(HP Port Resolver) HP Port Resolver [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\System32\spool\drivers\w32x86\3\HPBPRO.EXE -> Hewlett-Packard Company [Ver = 1, 0, 50, 0 | Size = 81920 bytes | Modified Date = 5/20/2005 10:37:12 AM | Attr = ]
(HP Status Server) HP Status Server [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\System32\spool\drivers\w32x86\3\HPBOID.EXE -> Hewlett-Packard Company [Ver = 1, 0, 46, 0 | Size = 73728 bytes | Modified Date = 10/16/2004 5:31:06 AM | Attr = ]
(HPBtnSrv) HP Chasis Button Service [Win32_Own | Auto | Running] -> %SystemDrive%\hp\HPEZBTN\HPBtnSrv.exe -> [Ver = | Size = 198240 bytes | Modified Date = 5/29/2007 10:19:08 AM | Attr = ]
(IAANTMON) Intel® Matrix Storage Event Monitor [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> Intel Corporation [Ver = 7.6.0.1011 | Size = 354840 bytes | Modified Date = 7/12/2007 7:36:12 PM | Attr = ]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.10.16.1 | Size = 79136 bytes | Modified Date = 9/25/2007 7:16:08 PM | Attr = ]
(LiveUpdate) LiveUpdate [Win32_Shared | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_4.EXE -> Symantec Corporation [Ver = 3.4.0.162 | Size = 3192184 bytes | Modified Date = 8/23/2007 1:35:00 AM | Attr = ]
(LiveUpdate Notice) LiveUpdate Notice [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.0.102 | Size = 149864 bytes | Modified Date = 8/24/2007 10:07:00 AM | Attr = ]
(LVCOMSer) LVCOMSer [Win32_Own | Auto | Running] -> %CommonProgramFiles%\logishrd\LVCOMSER\LVComSer.exe -> Logitech Inc. [Ver = 1.0.5.1158 | Size = 186904 bytes | Modified Date = 10/19/2007 1:17:28 PM | Attr = ]
(LVPrcSrv) Process Monitor [Win32_Own | Auto | Running] -> %CommonProgramFiles%\logishrd\LVMVFM\LVPrcSrv.exe -> Logitech Inc. [Ver = 11.5.0.1158 | Size = 141848 bytes | Modified Date = 10/19/2007 1:19:22 PM | Attr = ]
(LVSrvLauncher) LVSrvLauncher [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\logishrd\SrvLnch\SrvLnch.exe -> Logitech Inc. [Ver = 11.5.0.1158 | Size = 141848 bytes | Modified Date = 10/19/2007 1:21:16 PM | Attr = ]
(MSDTC) Distributed Transaction Coordinator [Win32_Own | Unknown | Stopped] -> -> File not found
(Nero BackItUp Scheduler 3) Nero BackItUp Scheduler 3 [Win32_Own | Auto | Running] -> %ProgramFiles%\Nero\Nero8\Nero BackItUp\NBService.exe -> Nero AG [Ver = 3, 2, 3, 0 | Size = 869672 bytes | Modified Date = 12/3/2007 2:21:24 PM | Attr = ]
(NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Nero\Lib\NMIndexingService.exe -> Nero AG [Ver = 3.2.5.0 | Size = 447784 bytes | Modified Date = 12/13/2007 7:10:56 PM | Attr = ]
(RpcSs) Remote Procedure Call (RPC) [Win32_Shared | Unknown | Running] -> -> File not found
(SCardSvr) Smart Card [Win32_Shared | Unknown | Stopped] -> -> File not found
(Schedule) Task Scheduler [Win32_Shared | Unknown | Running] -> -> File not found
(SCPolicySvc) Smart Card Removal Policy [Win32_Shared | Unknown | Stopped] -> -> File not found
(Symantec Core LC) Symantec Core LC [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1251720 bytes | Modified Date = 2/22/2008 9:20:09 PM | Attr = ]
(TrustedInstaller) Windows Modules Installer [Win32_Own | Unknown | Stopped] -> -> File not found
(WdiServiceHost) Diagnostic Service Host [Win32_Shared | Unknown | Stopped] -> -> File not found
(WdiSystemHost) Diagnostic System Host [Win32_Shared | Unknown | Running] -> -> File not found
(XAudioService) XAudioService [Win32_Own | Auto | Running] -> %SystemRoot%\System32\drivers\XAudio.exe -> Conexant Systems, Inc. [Ver = 1.02 | Size = 386560 bytes | Modified Date = 11/28/2006 11:44:58 AM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 107.0.0.102 | Size = 51048 bytes | Modified Date = 8/24/2007 10:07:00 AM | Attr = ]
HP Health Check Scheduler -> [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe -> File not found
HP Software Update -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe -> Hewlett-Packard Co. [Ver = 82.0.173.000 | Size = 49152 bytes | Modified Date = 12/10/2006 9:52:38 PM | Attr = ]
hpsysdrv -> %SystemDrive%\hp\support\hpsysdrv.exe -> Hewlett-Packard Company [Ver = 2.00.00 | Size = 65536 bytes | Modified Date = 4/18/2007 10:01:34 AM | Attr = ]
IAAnotif -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> Intel Corporation [Ver = 7.6.0.1011 | Size = 178712 bytes | Modified Date = 7/12/2007 7:36:10 PM | Attr = ]
KBD -> %SystemDrive%\hp\KBD\KbdStub.exe -> [Ver = | Size = 65536 bytes | Modified Date = 12/8/2006 11:16:56 AM | Attr = ]
LogitechCommunicationsManager -> %CommonProgramFiles%\logishrd\LComMgr\Communications_Helper.exe -> [Ver = | Size = 563984 bytes | Modified Date = 10/25/2007 4:33:22 PM | Attr = ]
LogitechQuickCamRibbon -> %ProgramFiles%\Logitech\QuickCam\Quickcam.exe -> [Ver = | Size = 2178832 bytes | Modified Date = 10/25/2007 4:37:32 PM | Attr = ]
OsdMaestro -> %ProgramFiles%\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe -> OsdMaestro [Ver = 1, 0, 0, 5 | Size = 118784 bytes | Modified Date = 2/15/2007 6:59:00 AM | Attr = ]
RtHDVCpl -> %SystemRoot%\RtHDVCpl.exe -> Realtek Semiconductor [Ver = 1, 0, 0, 92 | Size = 4702208 bytes | Modified Date = 9/19/2007 9:50:44 AM | Attr = ]
SunJavaUpdateReg -> %SystemRoot%\System32\jureg.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 54672 bytes | Modified Date = 9/25/2007 1:11:36 AM | Attr = ]
Windows Defender -> MSASCui.exe -> File not found
< RunOnce [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
Launcher -> %SystemRoot%\SMINST\Launcher.exe -> soft thinks [Ver = 1, 0, 0, 10 | Size = 44168 bytes | Modified Date = 10/9/2007 1:02:34 PM | Attr = ]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
HPAdvisor -> %ProgramFiles%\Hewlett-Packard\HP Advisor\HPAdvisor.exe -> Hewlett-Packard [Ver = 1.4.20.2435 | Size = 1783136 bytes | Modified Date = 10/3/2007 9:02:02 PM | Attr = ]
IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} -> %CommonProgramFiles%\Nero\Lib\NMIndexStoreSvr.exe -> Nero AG [Ver = 3.2.5.0 | Size = 1688872 bytes | Modified Date = 12/13/2007 7:10:56 PM | Attr = ]
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 6/21/2007 2:06:28 PM | Attr = ]
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 8/30/2007 5:43:18 PM | Attr = ]
< Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Sidebar -> Sidebar.exe -> File not found
< Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Sidebar -> Sidebar.exe -> File not found
< Run [HKEY_USERS\S-1-5-21-3874062997-2573351064-2779016052-1000\] > -> HKEY_USERS\S-1-5-21-3874062997-2573351064-2779016052-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
HPAdvisor -> %ProgramFiles%\Hewlett-Packard\HP Advisor\HPAdvisor.exe -> Hewlett-Packard [Ver = 1.4.20.2435 | Size = 1783136 bytes | Modified Date = 10/3/2007 9:02:02 PM | Attr = ]
IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} -> %CommonProgramFiles%\Nero\Lib\NMIndexStoreSvr.exe -> Nero AG [Ver = 3.2.5.0 | Size = 1688872 bytes | Modified Date = 12/13/2007 7:10:56 PM | Attr = ]
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 6/21/2007 2:06:28 PM | Attr = ]
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 8/30/2007 5:43:18 PM | Attr = ]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 1:55:48 PM | Attr = ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-21-3874062997-2573351064-2779016052-1000] > -> HKEY_USERS\S-1-5-21-3874062997-2573351064-2779016052-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi again shimmering_rain1970 you did not post the whole log - could you please attach it in two pieces if necessary

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#7
shimmering_rain1970

shimmering_rain1970

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Attached File  WinPFind35.Txt   436.11KB   40 downloads
  • 0

#8
shimmering_rain1970

shimmering_rain1970

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Attached File  WinPFind35_part2.txt   320.21KB   44 downloads

:) Sorry about that!
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No problem it is a big log :)

I could find no startup reference to the files that you stated in any of the start up entries are you still getting them ?

Start WinPFind35. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Unregister Dlls]
[Files/Folders - Created Within 30 days]
YY -> E3TL.DLL -> %SystemRoot%\System32\E3TL.DLL
[Files/Folders - Modified Within 90 days]
YY -> qmgr0.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
YY -> qmgr1.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
[Empty Temp Folders]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new Hijackthis log.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
  • 0

#10
shimmering_rain1970

shimmering_rain1970

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I believe it is fixed. When I was trying earlier to resolve this before you posted, I ran combofix, and went through and shut down my anti spy/malware to find it. When I went into my Norton controls my real time protection wasn't on to begin with, so after I ran the combofix and restated my protection, I check on real time with Norton and it found Trojan Vundo, was asking for me to reboot the computer. I didn't notice this until just now, maybe it was quart. while we did the scan? Time Norton found it was 20 minutes ago and I wasn't here. Should I still do the tasks you asked in your last post to be sure?
Sorry to be such a pain.
I really do appreciate your help!
  • 0

#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes please and if you can run one further scan on completion to be sure

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Logs required : Winpfind fix, Malwarebytes and a new Hijackthis log
  • 0

#12
shimmering_rain1970

shimmering_rain1970

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Attached File  mbam_log_2_24_2008__12_21_07_.txt   808bytes   39 downloadsAttached File  hijack_error.txt   527bytes   42 downloads[at
tachment=18761:WinPFind35.zip]


And here is the hijack this log....
Logfile of HijackThis v1.99.1
Scan saved at 2:47:29 PM, on 2/23/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\WINDOWS\RtHDVCpl.exe
C:\WINDOWS\System32\jureg.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\hp\kbd\kbd.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\mom\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\mom.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} (HPDDClientExec Class) - http://h20264.www2.h...osticsVista.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.co...nstallAsst2.cab
O16 - DPF: {A364AF35-0CDF-41E8-8F3B-E0E55E15EBA1} (Zenturi Active Programs Control) - http://www.programch...m/dll/nixon.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.co.../MathPlayer.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\Windows\system32\spool\DRIVERS\W32X86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\Windows\system32\spool\DRIVERS\W32X86\3\HPBOID.EXE
O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe



I zipped the WinPFind35 log so it would fit into this post.
Thanks again!!!

Attached Files


  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Now the best part of the day ----- Your log now appears clean :)

Double click Winpfind35 once again and you should see a CleanUp! button, press that button, you may get prompted by your firewall that Winpfind35 wants to contact the internet, allow this, a cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will delete all the tools you have downloaded plus itself



Now to get you off to a good start we will re-set your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your your restore point but this is my method:

1. Select Start > All Programs > Accessories > System tools > System Restore.
2. On the dialogue box that appears select Create a Restore Point
3. Click NEXT
4. Enter a name e.g. Clean
5. Click CREATE

You now have a clean restore point, to get rid of the bad ones:

1. Select Start > All Programs > Accessories > System tools > Disk Cleanup.
2. In the Drop down box that appears select your main drive e.g. C
3. Click OK
4. The System will do some calculation and the display a dialogue box with TABS
5. Select the More Options Tab.
6. At the bottom will be a system restore box with a CLEANUP button click this
7. Accept the Warning and select OK again, the program will close and you are done



Now that you are clean, to help protect your computer in the future I recommend that you get the following free program:
  • SpywareBlaster to help prevent spyware from installing in the first place.
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?


Keep safe :)
  • 0

#14
shimmering_rain1970

shimmering_rain1970

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thank You so much for all your help!! I really do appreciate it! :)
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP