Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

missing task manager [CLOSED]


  • This topic is locked This topic is locked

#1
daniel393

daniel393

    New Member

  • Member
  • Pip
  • 6 posts
When i control alt delete there is no longer a option for me to open the task manager, i've also just had to get rid of some cookingluck adware. I have followed the steps in the cleaning guide which has got rid of my cookingluck pop ups but still have the task manager problems. Any help will be greatly appreciated.

[edit] Also just noticed when i go to use the cd rom, it just spins up like crazy and wont stop even if i eject it, only way to stop it is to shut down.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:05:11 PM, on 24/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
c:\Program Files (x86)\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\ProgramData\sbmxghir\unitsfkj.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\MSN Messenger\msnmsgr.exe
C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files (x86)\Opera\Opera.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\googletoolbar2.dll
O2 - BHO: GNX Bingo - {B2DCA34E-9D1C-4EDA-A1BE-C24D1B4AAE55} - C:\Windows\kdftlboepta.dll (file missing)
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files (x86)\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles(x86)%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles(x86)%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~2\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [mixzczwe] C:\Windows\system32\ghgxkhqb.exe
O4 - HKLM\..\Policies\Explorer\Run: [gkW4mdhLRf] C:\ProgramData\sbmxghir\unitsfkj.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/b...lineScanner.cab
O20 - AppInit_DLLs: APSHook.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: BootKbd - {a66440a0-2800-4732-9e8f-0abdc1bc2d09} - C:\Windows\Installer\{a66440a0-2800-4732-9e8f-0abdc1bc2d09}\BootKbd.dll
O21 - SSODL: vbgtorfd - {716914B6-ADEC-461A-A635-B7975176212C} - C:\Windows\vbgtorfd.dll
O21 - SSODL: dwnrpofk - {290637DB-FCA1-4A1A-961C-D4BE1BEA9547} - C:\Windows\dwnrpofk.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files (x86)\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files (x86)\Norton Internet Security\isPwdSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12513 bytes

Edited by daniel393, 26 March 2008 - 02:28 AM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there and sorry for the delay but we are a bit snowed under at the moment

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
daniel393

daniel393

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi thanks for the reply.

Deckard's System Scanner v20071014.68
Run by Daniel on 2008-03-29 11:42:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
9: 2008-03-28 06:42:20 UTC - RP92 - Windows Update
8: 2008-03-27 06:56:59 UTC - RP91 - Windows Update
7: 2008-03-27 06:54:22 UTC - RP90 - Windows Update
6: 2008-03-26 06:02:09 UTC - RP89 - Scheduled Checkpoint
5: 2008-03-24 06:45:07 UTC - RP88 - Installed SUPERAntiSpyware Free Edition


-- First Restore Point --
1: 2008-03-23 03:51:09 UTC - RP82 - Scheduled Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Daniel.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:49:54 AM, on 29/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
c:\Program Files (x86)\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\ProgramData\sbmxghir\unitsfkj.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\MSN Messenger\msnmsgr.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Users\Daniel\Desktop\dss.exe
C:\PROGRA~2\TRENDM~1\HIJACK~1\Daniel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\googletoolbar2.dll
O2 - BHO: GNX Bingo - {B2DCA34E-9D1C-4EDA-A1BE-C24D1B4AAE55} - C:\Windows\kdftlboepta.dll (file missing)
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files (x86)\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles(x86)%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles(x86)%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~2\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [mixzczwe] C:\Windows\system32\ghgxkhqb.exe
O4 - HKLM\..\Policies\Explorer\Run: [gkW4mdhLRf] C:\ProgramData\sbmxghir\unitsfkj.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/b...lineScanner.cab
O20 - AppInit_DLLs: APSHook.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: BootKbd - {a66440a0-2800-4732-9e8f-0abdc1bc2d09} - C:\Windows\Installer\{a66440a0-2800-4732-9e8f-0abdc1bc2d09}\BootKbd.dll
O21 - SSODL: vbgtorfd - {716914B6-ADEC-461A-A635-B7975176212C} - C:\Windows\vbgtorfd.dll
O21 - SSODL: dwnrpofk - {290637DB-FCA1-4A1A-961C-D4BE1BEA9547} - C:\Windows\dwnrpofk.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files (x86)\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files (x86)\Norton Internet Security\isPwdSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13072 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 ACPI (Microsoft ACPI Driver) - c:\windows\system32\drivers\acpi.sys (file missing)
R0 atapi (IDE Channel) - c:\windows\system32\drivers\atapi.sys (file missing)
R0 CLFS (Common Log (CLFS)) - c:\windows\system32\clfs.sys (file missing)
R0 Compbatt (Microsoft Composite Battery Driver) - c:\windows\system32\drivers\compbatt.sys (file missing)
R0 crcdisk (Crcdisk Filter Driver) - c:\windows\system32\drivers\crcdisk.sys (file missing)
R0 disk (Disk Driver) - c:\windows\system32\drivers\disk.sys (file missing)
R0 Ecache (ReadyBoost Caching Driver) - c:\windows\system32\drivers\ecache.sys (file missing)
R0 FileInfo (File Information FS MiniFilter) - c:\windows\system32\drivers\fileinfo.sys (file missing)
R0 FltMgr - c:\windows\system32\drivers\fltmgr.sys (file missing)
R0 fvevol (BitLocker Drive Encryption Filter Driver) - c:\windows\system32\drivers\fvevol.sys (file missing)
R0 iaStor (Intel AHCI Controller) - c:\windows\system32\drivers\iastor.sys (file missing)
R0 KSecDD - c:\windows\system32\drivers\ksecdd.sys (file missing)
R0 MountMgr (Mount Point Manager) - c:\windows\system32\drivers\mountmgr.sys (file missing)
R0 msisadrv (ISA/EISA Class Driver) - c:\windows\system32\drivers\msisadrv.sys (file missing)
R0 Mup - c:\windows\system32\drivers\mup.sys (file missing)
R0 NDIS (NDIS System Driver) - c:\windows\system32\drivers\ndis.sys (file missing)
R0 partmgr (Partition Manager) - c:\windows\system32\drivers\partmgr.sys (file missing)
R0 pci (PCI Bus Driver) - c:\windows\system32\drivers\pci.sys (file missing)
R0 pciide - c:\windows\system32\drivers\pciide.sys (file missing)
R0 PxHlpa64 - c:\windows\system32\drivers\pxhlpa64.sys (file missing)
R0 spldr (Security Processor Loader Driver) - c:\windows\system32\drivers\spldr.sys (file missing)
R0 volmgr (Volume Manager Driver) - c:\windows\system32\drivers\volmgr.sys (file missing)
R0 volmgrx (Dynamic Volume Manager) - c:\windows\system32\drivers\volmgrx.sys (file missing)
R0 volsnap (Storage volumes) - c:\windows\system32\drivers\volsnap.sys (file missing)
R0 Wdf01000 (Kernel Mode Driver Frameworks service) - c:\windows\system32\drivers\wdf01000.sys (file missing)
R1 AFD (Ancilliary Function Driver for Winsock) - c:\windows\system32\drivers\afd.sys (file missing)
R1 aswRdr - c:\windows\system32\drivers\aswrdr.sys (file missing)
R1 aswTdi (avast! Network Shield Support) - c:\windows\system32\drivers\aswtdi.sys (file missing)
R1 CSC (Offline Files Driver) - c:\windows\system32\drivers\csc.sys (file missing)
R1 DfsC (Dfs Client Driver) - c:\windows\system32\drivers\dfsc.sys (file missing)
R1 eabfiltr - c:\windows\system32\drivers\eabfiltr64.sys (file missing)
R1 i8042prt (i8042 Keyboard and PS/2 Mouse Port Driver) - c:\windows\system32\drivers\i8042prt.sys (file missing)
R1 kbdclass (Keyboard Class Driver) - c:\windows\system32\drivers\kbdclass.sys (file missing)
R1 kbdhid (Keyboard HID Driver) - c:\windows\system32\drivers\kbdhid.sys (file missing)
R1 mouclass (Mouse Class Driver) - c:\windows\system32\drivers\mouclass.sys (file missing)
R1 Msfs - c:\windows\system32\drivers\msfs.sys (file missing)
R1 NetBIOS (NetBIOS Interface) - c:\windows\system32\drivers\netbios.sys (file missing)
R1 netbt - c:\windows\system32\drivers\netbt.sys (file missing)
R1 Npfs - c:\windows\system32\drivers\npfs.sys (file missing)
R1 nsiproxy (NSI proxy service) - c:\windows\system32\drivers\nsiproxy.sys (file missing)
R1 Null - c:\windows\system32\drivers\null.sys (file missing)
R1 PSched (QoS Packet Scheduler) - c:\windows\system32\drivers\pacer.sys (file missing)
R1 RasAcd (Remote Access Auto Connection Driver) - c:\windows\system32\drivers\rasacd.sys (file missing)
R1 rdbss (Redirected Buffering Sub Sysytem) - c:\windows\system32\drivers\rdbss.sys (file missing)
R1 RDPCDD - c:\windows\system32\drivers\rdpcdd.sys (file missing)
R1 RDPENCDD (RDP Encoder Mirror Driver) - c:\windows\system32\drivers\rdpencdd.sys (file missing)
R1 Smb (Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session)) - c:\windows\system32\drivers\smb.sys (file missing)
R1 SRTSPX - c:\windows\system32\drivers\srtspx64.sys (file missing)
R1 SYMTDI - c:\windows\system32\drivers\symtdi.sys (file missing)
R1 Tcpip (TCP/IP Protocol Driver) - c:\windows\system32\drivers\tcpip.sys (file missing)
R1 tdx (NetIO Legacy TDI Support Driver) - c:\windows\system32\drivers\tdx.sys (file missing)
R1 TermDD (Terminal Device Driver) - c:\windows\system32\drivers\termdd.sys (file missing)
R1 VgaSave - c:\windows\system32\drivers\vga.sys (file missing)
R1 Wanarpv6 (Remote Access IPv6 ARP Driver) - c:\windows\system32\drivers\wanarp.sys (file missing)
R2 lltdio (Link-Layer Topology Discovery Mapper I/O Driver) - c:\windows\system32\drivers\lltdio.sys (file missing)
R2 luafv (UAC File Virtualization) - c:\windows\system32\drivers\luafv.sys (file missing)
R2 PEAUTH - c:\windows\system32\drivers\peauth.sys (file missing)
R2 rimmptsk - c:\windows\system32\drivers\rimmpx64.sys (file missing)
R2 rimsptsk - c:\windows\system32\drivers\rimspx64.sys (file missing)
R2 rismxdp (Ricoh xD-Picture Card Driver) - c:\windows\system32\drivers\rixdpx64.sys (file missing)
R2 rspndr (Link-Layer Topology Discovery Responder) - c:\windows\system32\drivers\rspndr.sys (file missing)
R2 secdrv (Security Driver) - c:\windows\system32\drivers\secdrv.sys (file missing)
R2 tcpipreg (TCP/IP Registry Compatibility) - c:\windows\system32\drivers\tcpipreg.sys (file missing)
R3 ATSWPDRV (AuthenTec TruePrint USB Driver (SwipeSensor)) - c:\windows\system32\drivers\atswpdrv.sys (file missing)
R3 bowser - c:\windows\system32\drivers\bowser.sys (file missing)
R3 BthEnum (Bluetooth Request Block Driver) - c:\windows\system32\drivers\bthenum.sys (file missing)
R3 BTHMODEM (Bluetooth Modem Communications Driver) - c:\windows\system32\drivers\bthmodem.sys (file missing)
R3 BthPan (Bluetooth Device (Personal Area Network)) - c:\windows\system32\drivers\bthpan.sys (file missing)
R3 BTHUSB (Bluetooth Radio USB Driver) - c:\windows\system32\drivers\bthusb.sys (file missing)
R3 btwaudio (Bluetooth Audio Device Service) - c:\windows\system32\drivers\btwaudio.sys (file missing)
R3 btwavdt (Bluetooth AVDT Service) - c:\windows\system32\drivers\btwavdt.sys (file missing)
R3 btwrchid - c:\windows\system32\drivers\btwrchid.sys (file missing)
R3 circlass (Consumer IR Devices) - c:\windows\system32\drivers\circlass.sys (file missing)
R3 CmBatt (Microsoft ACPI Control Method Battery Driver) - c:\windows\system32\drivers\cmbatt.sys (file missing)
R3 DXGKrnl (LDDM Graphics Subsystem) - c:\windows\system32\drivers\dxgkrnl.sys (file missing)
R3 HBtnKey - c:\windows\system32\drivers\cpqbttn64.sys (file missing)
R3 HDAudBus (Microsoft UAA Bus Driver for High Definition Audio) - c:\windows\system32\drivers\hdaudbus.sys (file missing)
R3 HTTP - c:\windows\system32\drivers\http.sys (file missing)
R3 IntcAzAudAddService (Service for Realtek HD Audio (WDM)) - c:\windows\system32\drivers\rtkvhd64.sys (file missing)
R3 intelppm (Intel Processor Driver) - c:\windows\system32\drivers\intelppm.sys (file missing)
R3 iScsiPrt (iScsiPort Driver) - c:\windows\system32\drivers\msiscsi.sys (file missing)
R3 ksthunk (Kernel Streaming Thunks) - c:\windows\system32\drivers\ksthunk.sys (file missing)
R3 Modem - c:\windows\system32\drivers\modem.sys (file missing)
R3 monitor (Microsoft Monitor Class Function Driver Service) - c:\windows\system32\drivers\monitor.sys (file missing)
R3 mpsdrv (Windows Firewall Authorization Driver) - c:\windows\system32\drivers\mpsdrv.sys (file missing)
R3 MRxDAV (WebDav Client Redirector Driver) - c:\windows\system32\drivers\mrxdav.sys (file missing)
R3 mrxsmb (SMB MiniRedirector Wrapper and Engine) - c:\windows\system32\drivers\mrxsmb.sys (file missing)
R3 mrxsmb10 (SMB 1.x MiniRedirector) - c:\windows\system32\drivers\mrxsmb10.sys (file missing)
R3 mrxsmb20 (SMB 2.0 MiniRedirector) - c:\windows\system32\drivers\mrxsmb20.sys (file missing)
R3 mssmbios (Microsoft System Management BIOS Driver) - c:\windows\system32\drivers\mssmbios.sys (file missing)
R3 NativeWifiP (NativeWiFi Filter) - c:\windows\system32\drivers\nwifi.sys (file missing)
R3 NdisTapi (Remote Access NDIS TAPI Driver) - c:\windows\system32\drivers\ndistapi.sys (file missing)
R3 Ndisuio (NDIS Usermode I/O Protocol) - c:\windows\system32\drivers\ndisuio.sys (file missing)
R3 NdisWan (Remote Access NDIS WAN Driver) - c:\windows\system32\drivers\ndiswan.sys (file missing)
R3 NDProxy (NDIS Proxy) - c:\windows\system32\drivers\ndproxy.sys (file missing)
R3 NETw4v64 (Intel® Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit) - c:\windows\system32\drivers\netw4v64.sys (file missing)
R3 Ntfs - c:\windows\system32\drivers\ntfs.sys (file missing)
R3 nvlddmkm - c:\windows\system32\drivers\nvlddmkm.sys (file missing)
R3 ohci1394 (RICOH OHCI Compliant IEEE 1394 Host Controller) - c:\windows\system32\drivers\ohci1394.sys (file missing)
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys (file missing)
R3 PptpMiniport (WAN Miniport (PPTP)) - c:\windows\system32\drivers\raspptp.sys (file missing)
R3 Rasl2tp (WAN Miniport (L2TP)) - c:\windows\system32\drivers\rasl2tp.sys (file missing)
R3 RasPppoe (Remote Access PPPOE Driver) - c:\windows\system32\drivers\raspppoe.sys (file missing)
R3 rdpdr (Terminal Server Device Redirector Driver) - c:\windows\system32\drivers\rdpdr.sys (file missing)
R3 RFCOMM (Bluetooth Device (RFCOMM Protocol TDI)) - c:\windows\system32\drivers\rfcomm.sys (file missing)
R3 RTL8169 (Realtek 8169 NT Driver) - c:\windows\system32\drivers\rtlh64.sys (file missing)
R3 sdbus - c:\windows\system32\drivers\sdbus.sys (file missing)
R3 smserial - c:\windows\system32\drivers\smserial.sys (file missing)
R3 SRTSP - c:\windows\system32\drivers\srtsp64.sys (file missing)
R3 srv - c:\windows\system32\drivers\srv.sys (file missing)
R3 srv2 - c:\windows\system32\drivers\srv2.sys (file missing)
R3 srvnet - c:\windows\system32\drivers\srvnet.sys (file missing)
R3 swenum (Software Bus Driver) - c:\windows\system32\drivers\swenum.sys (file missing)
R3 SymEvent - c:\windows\system32\drivers\symevent64x86.sys (file missing)
R3 SynTP (Synaptics TouchPad Driver) - c:\windows\system32\drivers\syntp.sys (file missing)
R3 tunmp (Microsoft Tun Miniport Adapter Driver) - c:\windows\system32\drivers\tunmp.sys (file missing)
R3 tunnel (Microsoft IPv6 Tunnel Miniport Adapter Driver) - c:\windows\system32\drivers\tunnel.sys (file missing)
R3 umbus (UMBus Enumerator Driver) - c:\windows\system32\drivers\umbus.sys (file missing)
R3 usbccgp (Microsoft USB Generic Parent Driver) - c:\windows\system32\drivers\usbccgp.sys (file missing)
R3 usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - c:\windows\system32\drivers\usbehci.sys (file missing)
R3 usbhub (USB2 Enabled Hub) - c:\windows\system32\drivers\usbhub.sys (file missing)
R3 usbuhci (Microsoft USB Universal Host Controller Miniport Driver) - c:\windows\system32\drivers\usbuhci.sys (file missing)
R3 usbvideo (USB Video Device (WDM)) - c:\windows\system32\drivers\usbvideo.sys (file missing)
R3 WmiAcpi (Microsoft Windows Management Interface for ACPI) - c:\windows\system32\drivers\wmiacpi.sys (file missing)
R4 cdfs (CD/DVD File System Reader) - c:\windows\system32\drivers\cdfs.sys (file missing)

S1 cdrom (CD-ROM Driver) - c:\windows\system32\drivers\cdrom.sys (file missing)
S1 SASDIFSV - \??\c:\program files (x86)\superantispyware\sasdifsv.sys
S1 SASKUTIL - \??\c:\program files (x86)\superantispyware\saskutil.sys
S3 agp440 (Intel AGP Bus Filter) - c:\windows\system32\drivers\agp440.sys (file missing)
S3 AsyncMac (RAS Asynchronous Media Driver) - c:\windows\system32\drivers\asyncmac.sys (file missing)
S3 BCM43XV (Broadcom Extensible 802.11 Network Adapter Driver) - c:\windows\system32\drivers\bcmwl664.sys (file missing)
S3 BrFiltLo (Brother USB Mass-Storage Lower Filter Driver) - c:\windows\system32\drivers\brfiltlo.sys (file missing)
S3 BrFiltUp (Brother USB Mass-Storage Upper Filter Driver) - c:\windows\system32\drivers\brfiltup.sys (file missing)
S3 BrUsbSer (Brother MFC USB Serial WDM Driver) - c:\windows\system32\drivers\brusbser.sys (file missing)
S3 BTHPORT (Bluetooth Port Driver) - c:\windows\system32\drivers\bthport.sys (file missing)
S3 Dot4 (MS IEEE-1284.4 Driver) - c:\windows\system32\drivers\dot4.sys (file missing)
S3 Dot4Print (Print Class Driver for IEEE-1284.4) - c:\windows\system32\drivers\dot4prt.sys (file missing)
S3 dot4usb (MS Dot4USB Filter Dot4USB Filter) - c:\windows\system32\drivers\dot4usb.sys (file missing)
S3 drmkaud (Microsoft Kernel DRM Audio Descrambler) - c:\windows\system32\drivers\drmkaud.sys (file missing)
S3 E1G60 (Intel® PRO/1000 NDIS 6 Adapter Driver) - c:\windows\system32\drivers\e1g6032e.sys (file missing)
S3 fastfat (FAT12/16/32 File System Driver) - c:\windows\system32\drivers\fastfat.sys (file missing)
S3 Filetrace - c:\windows\system32\drivers\filetrace.sys (file missing)
S3 gagp30kx (Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms) - c:\windows\system32\drivers\gagp30kx.sys (file missing)
S3 HdAudAddService (Microsoft 1.1 UAA Function Driver for High Definition Audio Service) - c:\windows\system32\drivers\hdaudio.sys (file missing)
S3 HidBth (Microsoft Bluetooth HID Miniport) - c:\windows\system32\drivers\hidbth.sys (file missing)
S3 HidIr (Microsoft Infrared HID Driver) - c:\windows\system32\drivers\hidir.sys (file missing)
S3 HSF_DPV - c:\windows\system32\drivers\vstdpv6.sys (file missing)
S3 HSFHWAZL - c:\windows\system32\drivers\vstazl6.sys (file missing)
S3 IpFilterDriver (IP Traffic Filter Driver) - c:\windows\system32\drivers\ipfltdrv.sys (file missing)
S3 IPNAT (IP Network Address Translator) - c:\windows\system32\drivers\ipnat.sys (file missing)
S3 IRENUM (IR Bus Enumerator) - c:\windows\system32\drivers\irenum.sys (file missing)
S3 mod7700 (DiBcom DIB7700 based TV tuner device) - c:\windows\system32\drivers\dvb7700all.sys (file missing)
S3 mouhid (Mouse HID Driver) - c:\windows\system32\drivers\mouhid.sys (file missing)
S3 MSKSSRV (Microsoft Streaming Service Proxy) - c:\windows\system32\drivers\mskssrv.sys (file missing)
S3 MSPCLOCK (Microsoft Streaming Clock Proxy) - c:\windows\system32\drivers\mspclock.sys (file missing)
S3 MSPQM (Microsoft Streaming Quality Manager Proxy) - c:\windows\system32\drivers\mspqm.sys (file missing)
S3 MsRPC - c:\windows\system32\drivers\msrpc.sys (file missing)
S3 MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - c:\windows\system32\drivers\mstee.sys (file missing)
S3 nv_agp (NVIDIA nForce AGP Bus Filter) - c:\windows\system32\drivers\nv_agp.sys (file missing)
S3 NVENETFD (NVIDIA nForce Networking Controller Driver) - c:\windows\system32\drivers\nvm60x64.sys (file missing)
S3 Parport (Parallel port driver) - c:\windows\system32\drivers\parport.sys (file missing)
S3 QWAVEdrv (QWAVE driver) - c:\windows\system32\drivers\qwavedrv.sys (file missing)
S3 RDPWD (RDP Winstation Driver) - c:\windows\system32\drivers\rdpwd.sys (file missing)
S3 SASENUM - \??\c:\program files (x86)\superantispyware\sasenum.sys
S3 Serenum (Serenum Filter Driver) - c:\windows\system32\drivers\serenum.sys (file missing)
S3 Serial (Serial Port Driver) - c:\windows\system32\drivers\serial.sys (file missing)
S3 sffdisk (SFF Storage Class Driver) - c:\windows\system32\drivers\sffdisk.sys (file missing)
S3 sffp_mmc (SFF Storage Protocol Driver for MMC) - c:\windows\system32\drivers\sffp_mmc.sys (file missing)
S3 sffp_sd (SFF Storage Protocol Driver for SDBus) - c:\windows\system32\drivers\sffp_sd.sys (file missing)
S3 SRTSPL - c:\windows\system32\drivers\srtspl64.sys (file missing)
S3 StillCam (Still Serial Digital Camera Driver) - c:\windows\system32\drivers\serscan.sys (file missing)
S3 SYMREDRV - c:\windows\system32\drivers\symredrv.sys (file missing)
S3 Tcpip6 (Microsoft IPv6 Protocol Driver) - c:\windows\system32\drivers\tcpip.sys (file missing)
S3 TDPIPE - c:\windows\system32\drivers\tdpipe.sys (file missing)
S3 TDTCP - c:\windows\system32\drivers\tdtcp.sys (file missing)
S3 tssecsrv (Terminal Services Security Filter Driver) - c:\windows\system32\drivers\tssecsrv.sys (file missing)
S3 uagp35 (Microsoft AGPv3.5 Filter) - c:\windows\system32\drivers\uagp35.sys (file missing)
S3 uliagpkx (Uli AGP Bus Filter) - c:\windows\system32\drivers\uliagpkx.sys (file missing)
S3 usbcir (eHome Infrared Receiver (USBCIR)) - c:\windows\system32\drivers\usbcir.sys (file missing)
S3 usbprint (Microsoft USB PRINTER Class) - c:\windows\system32\drivers\usbprint.sys (file missing)
S3 usbscan (USB Scanner Driver) - c:\windows\system32\drivers\usbscan.sys (file missing)
S3 USBSTOR (USB Mass Storage Driver) - c:\windows\system32\drivers\usbstor.sys (file missing)
S3 vga - c:\windows\system32\drivers\vgapnp.sys (file missing)
S3 Wanarp (Remote Access IP ARP Driver) - c:\windows\system32\drivers\wanarp.sys (file missing)
S3 winachsf - c:\windows\system32\drivers\vstcnxt6.sys (file missing)
S3 WUDFRd - c:\windows\system32\drivers\wudfrd.sys (file missing)
S4 adp94xx - c:\windows\system32\drivers\adp94xx.sys (file missing)
S4 adpahci - c:\windows\system32\drivers\adpahci.sys (file missing)
S4 adpu160m - c:\windows\system32\drivers\adpu160m.sys (file missing)
S4 adpu320 - c:\windows\system32\drivers\adpu320.sys (file missing)
S4 aic78xx - c:\windows\system32\drivers\djsvs.sys (file missing)
S4 aliide - c:\windows\system32\drivers\aliide.sys (file missing)
S4 amdide - c:\windows\system32\drivers\amdide.sys (file missing)
S4 AmdK8 (AMD K8 Processor Driver) - c:\windows\system32\drivers\amdk8.sys (file missing)
S4 arc - c:\windows\system32\drivers\arc.sys (file missing)
S4 arcsas - c:\windows\system32\drivers\arcsas.sys (file missing)
S4 Brserid (Brother MFC Serial Port Interface Driver (WDM)) - c:\windows\system32\drivers\brserid.sys (file missing)
S4 BrSerWdm (Brother WDM Serial driver) - c:\windows\system32\drivers\brserwdm.sys (file missing)
S4 BrUsbMdm (Brother MFC USB Fax Only Modem) - c:\windows\system32\drivers\brusbmdm.sys (file missing)
S4 cmdide - c:\windows\system32\drivers\cmdide.sys (file missing)
S4 elxstor - c:\windows\system32\drivers\elxstor.sys (file missing)
S4 fdc (Floppy Disk Controller Driver) - c:\windows\system32\drivers\fdc.sys (file missing)
S4 flpydisk (Floppy Disk Driver) - c:\windows\system32\drivers\flpydisk.sys (file missing)
S4 HidUsb (Microsoft HID Class Driver) - c:\windows\system32\drivers\hidusb.sys (file missing)
S4 HpCISSs - c:\windows\system32\drivers\hpcisss.sys (file missing)
S4 i2omp - c:\windows\system32\drivers\i2omp.sys (file missing)
S4 iaStorV (Intel RAID Controller Vista) - c:\windows\system32\drivers\iastorv.sys (file missing)
S4 iirsp - c:\windows\system32\drivers\iirsp.sys (file missing)
S4 intelide - c:\windows\system32\drivers\intelide.sys (file missing)
S4 IPMIDRV - c:\windows\system32\drivers\ipmidrv.sys (file missing)
S4 isapnp (PnP ISA/EISA Bus Driver) - c:\windows\system32\drivers\isapnp.sys (file missing)
S4 iteatapi (ITEATAPI_Service_Install) - c:\windows\system32\drivers\iteatapi.sys (file missing)
S4 iteraid (ITERAID_Service_Install) - c:\windows\system32\drivers\iteraid.sys (file missing)
S4 LSI_FC - c:\windows\system32\drivers\lsi_fc.sys (file missing)
S4 LSI_SAS - c:\windows\system32\drivers\lsi_sas.sys (file missing)
S4 LSI_SCSI - c:\windows\system32\drivers\lsi_scsi.sys (file missing)
S4 megasas - c:\windows\system32\drivers\megasas.sys (file missing)
S4 mpio (Microsoft Multi-Path Bus Driver) - c:\windows\system32\drivers\mpio.sys (file missing)
S4 Mraid35x - c:\windows\system32\drivers\mraid35x.sys (file missing)
S4 msahci - c:\windows\system32\drivers\msahci.sys (file missing)
S4 msdsm (Microsoft Multi-Path Device Specific Module) - c:\windows\system32\drivers\msdsm.sys (file missing)
S4 nfrd960 - c:\windows\system32\drivers\nfrd960.sys (file missing)
S4 nvraid - c:\windows\system32\drivers\nvraid.sys (file missing)
S4 nvstor - c:\windows\system32\drivers\nvstor.sys (file missing)
S4 pcmcia - c:\windows\system32\drivers\pcmcia.sys (file missing)
S4 Processor (Processor Driver) - c:\windows\system32\drivers\processr.sys (file missing)
S4 ql2300 (QLogic Fibre Channel Miniport Driver) - c:\windows\system32\drivers\ql2300.sys (file missing)
S4 ql40xx (QLogic iSCSI Miniport Driver) - c:\windows\system32\drivers\ql40xx.sys (file missing)
S4 sbp2port (SBP-2 Transport/Protocol Bus Driver) - c:\windows\system32\drivers\sbp2port.sys (file missing)
S4 sermouse (Serial Mouse Driver) - c:\windows\system32\drivers\sermouse.sys (file missing)
S4 sfloppy (High-Capacity Floppy Disk Drive) - c:\windows\system32\drivers\sfloppy.sys (file missing)
S4 SiSRaid2 - c:\windows\system32\drivers\sisraid2.sys (file missing)
S4 SiSRaid4 - c:\windows\system32\drivers\sisraid4.sys (file missing)
S4 Sym_hi - c:\windows\system32\drivers\sym_hi.sys (file missing)
S4 Sym_u3 - c:\windows\system32\drivers\sym_u3.sys (file missing)
S4 Symc8xx - c:\windows\system32\drivers\symc8xx.sys (file missing)
S4 udfs - c:\windows\system32\drivers\udfs.sys (file missing)
S4 uliahci - c:\windows\system32\drivers\uliahci.sys (file missing)
S4 UlSata - c:\windows\system32\drivers\ulsata.sys (file missing)
S4 ulsata2 - c:\windows\system32\drivers\ulsata2.sys (file missing)
S4 usbohci (Microsoft USB Open Host Controller Miniport Driver) - c:\windows\system32\drivers\usbohci.sys (file missing)
S4 viaide - c:\windows\system32\drivers\viaide.sys (file missing)
S4 vsmraid - c:\windows\system32\drivers\vsmraid.sys (file missing)
S4 WacomPen (Wacom Serial Pen HID Driver) - c:\windows\system32\drivers\wacompen.sys (file missing)
S4 Wd (Microsoft Watchdog Timer Driver) - c:\windows\system32\drivers\wd.sys (file missing)
S4 ws2ifsl (Winsock IFS driver) - c:\windows\system32\drivers\ws2ifsl.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 aawservice (Ad-Aware 2007 Service) - "c:\program files (x86)\lavasoft\ad-aware 2007\aawservice.exe" <Not Verified; Lavasoft AB; Ad-Aware 2007 Service>
R2 Bonjour Service - "c:\program files (x86)\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 CLCapSvc (CyberLink Background Capture Service (CBCS)) - "c:\program files (x86)\hp\quickplay\kernel\tv\clcapsvc.exe" <Not Verified; ; CLCapSvc Module>
R2 CLSched (CyberLink Task Scheduler (CTS)) - "c:\program files (x86)\hp\quickplay\kernel\tv\clsched.exe" <Not Verified; ; CLSched Module>
R2 SamSs (Security Accounts Manager) - c:\windows\system32\lsass.exe (file missing)
R2 slsvc (Software Licensing) - c:\windows\system32\slsvc.exe (file missing)
R2 Spooler (Print Spooler) - c:\windows\system32\spoolsv.exe (file missing)
R3 KeyIso (CNG Key Isolation) - c:\windows\system32\lsass.exe (file missing)

S3 ALG (Application Layer Gateway Service) - c:\windows\system32\alg.exe (file missing)
S3 Com4Qlb - "c:\program files (x86)\hewlett-packard\hp quick launch buttons\com4qlb.exe" <Not Verified; Hewlett-Packard Development Company, L.P.; HP Quick Launch Buttons>
S3 MSDTC (Distributed Transaction Coordinator) - c:\windows\system32\msdtc.exe (file missing)
S3 Netlogon - c:\windows\system32\lsass.exe (file missing)
S3 ProtectedStorage (Protected Storage) - c:\windows\system32\lsass.exe (file missing)
S3 RpcLocator (Remote Procedure Call (RPC) Locator) - c:\windows\system32\locator.exe (file missing)
S3 SNMPTRAP (SNMP Trap) - c:\windows\system32\snmptrap.exe (file missing)
S3 UI0Detect (Interactive Services Detection) - c:\windows\system32\ui0detect.exe (file missing)
S3 vds (Virtual Disk) - c:\windows\system32\vds.exe (file missing)
S3 VSS (Volume Shadow Copy) - c:\windows\system32\vssvc.exe (file missing)
S3 wbengine (Block Level Backup Engine Service) - "c:\windows\system32\wbengine.exe" (file missing)
S3 WLSetupSvc (Windows Live Setup Service) - "c:\program files (x86)\windows live\installer\wlsetupsvc.exe" <Not Verified; Microsoft Corporation; Windows Live installer>
S3 wmiApSrv (WMI Performance Adapter) - c:\windows\system32\wbem\wmiapsrv.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Photosmart C4380 series
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Photosmart C4380 series
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart C4380 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C4380 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:


-- Files created between 2008-02-29 and 2008-03-29 -----------------------------

2008-03-25 17:47:13 0 d-------- C:\Windows\system32\Kaspersky Lab
2008-03-24 17:59:28 0 d-------- C:\Program Files (x86)\Trend Micro
2008-03-24 17:46:10 0 d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-03-24 17:45:23 0 d-------- C:\Program Files (x86)\SUPERAntiSpyware
2008-03-24 17:14:10 0 d-------- C:\Users\All Users\Lavasoft
2008-03-24 17:14:10 0 d-------- C:\Program Files (x86)\Lavasoft
2008-03-24 17:13:03 0 d-------- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2008-03-24 16:12:32 4096 --a------ C:\Windows\userconfig9x.dll
2008-03-24 16:12:32 4096 --a------ C:\Windows\system32winlogonpc.exe
2008-03-24 16:12:32 4096 --a------ C:\Windows\system32mwin32.exe
2008-03-24 16:12:32 4096 --a------ C:\Windows\system32hoproxy.dll
2008-03-24 16:12:32 4096 --a------ C:\Windows\FVProtect.exe
2008-03-24 16:12:32 4096 --a------ C:\Windows\a.bat
2008-03-24 16:12:31 4096 --a------ C:\Windows\winsystem.exe
2008-03-24 16:12:31 4096 --a------ C:\Windows\system32WINWGPX.EXE
2008-03-24 16:12:31 4096 --a------ C:\Windows\system32winsystem.exe
2008-03-24 16:12:31 4096 --a------ C:\Windows\system32vcatchpi.dll
2008-03-24 16:12:31 4096 --a------ C:\Windows\system32vbsys2.dll
2008-03-24 16:12:31 4096 --a------ C:\Windows\system32thun32.dll
2008-03-24 16:12:31 4096 --a------ C:\Windows\system32thun.dll
2008-03-24 16:12:31 4096 --a------ C:\Windows\system32temp#01.exe
2008-03-24 16:12:31 4096 --a------ C:\Windows\system32taack.exe
2008-03-24 16:12:31 4096 --a------ C:\Windows\system32taack.dat
2008-03-24 16:12:31 4096 --a------ C:\Windows\system32sysreq.exe
2008-03-24 16:12:31 4096 --a------ C:\Windows\system32ssvchost.exe
2008-03-24 16:12:31 4096 --a------ C:\Windows\system32ssvchost.com
2008-03-24 16:12:31 4096 --a------ C:\Windows\system32ssurf022.dll
2008-03-24 16:12:31 4096 --a------ C:\Windows\system32sncntr.exe
2008-03-24 16:12:31 0 d-------- C:\Windows\system32smp
2008-03-24 16:12:31 4096 --a------ C:\Windows\system32Rundl1.exe
2008-03-24 16:12:31 4096 --a------ C:\Windows\system32regm64.dll
2008-03-24 16:12:31 4096 --a------ C:\Windows\system32regc64.dll
2008-03-24 16:12:31 4096 --a------ C:\Windows\system32psoft1.exe
2008-03-24 16:12:31 4096 --a------ C:\Windows\system32psof1.exe
2008-03-24 16:12:31 4096 --a------ C:\Windows\system32ps1.exe
2008-03-24 16:12:31 4096 --a------ C:\Windows\system32newsd32.exe
2008-03-24 16:12:31 4096 --a------ C:\Windows\system32netode.exe
2008-03-24 16:12:31 4096 --a------ C:\Windows\system32mtr2.exe
2008-03-24 16:12:31 4096 --a------ C:\Windows\system32msvchost.exe
2008-03-24 16:12:31 4096 --a------ C:\Windows\system32mssecu.exe
2008-03-24 16:12:31 4096 --a------ C:\Windows\system32msnbho.dll
2008-03-24 16:12:31 4096 --a------ C:\Windows\system32msgp.exe
2008-03-24 16:12:31 4096 --a------ C:\Windows\system32medup020.dll
2008-03-24 16:12:31 4096 --a------ C:\Windows\system32medup012.dll
2008-03-24 16:12:31 4096 --a------ C:\Windows\system32hxiwlgpm.exe
2008-03-24 16:12:31 4096 --a------ C:\Windows\system32hxiwlgpm.dat
2008-03-24 16:12:31 4096 --a------ C:\Windows\[email protected]@@k.dll
2008-03-24 16:12:31 4096 --a------ C:\Windows\system32emesx.dll
2008-03-24 16:12:31 4096 --a------ C:\Windows\system32dpcproxy.exe
2008-03-24 16:12:31 4096 --a------ C:\Windows\system32bsva-egihsg52.exe
2008-03-24 16:12:31 4096 --a------ C:\Windows\system32bdn.com
2008-03-24 16:12:31 4096 --a------ C:\Windows\system32awtoolb.dll
2008-03-24 16:12:31 4096 --a------ C:\Windows\system32anticipator.dll
2008-03-24 16:12:31 4096 --a------ C:\Windows\system32akttzn.exe
2008-03-24 16:12:31 4096 --a------ C:\Windows\mssecu.exe
2008-03-24 16:12:31 0 d-------- C:\Windows\mslagent
2008-03-24 16:12:31 4096 --a------ C:\Windows\iTunesMusic.exe
2008-03-24 16:12:31 4096 --a------ C:\Windows\bdn.com
2008-03-24 16:12:31 0 d-------- C:\Users\Daniel\Desktopvirii
2008-03-24 16:12:31 4096 --a------ C:\Users\Daniel\DesktopFWebdEditor.exe
2008-03-24 16:12:31 4096 --a------ C:\Users\Daniel\Desktopfwebd.exe
2008-03-24 16:12:31 4096 --a------ C:\Users\Daniel\Desktopfilemanagerclient.exe
2008-03-24 16:12:31 0 d-------- C:\Program Files (x86)\Inet Delivery
2008-03-24 16:12:31 0 d-------- C:\Program Files (x86)\akl
2008-03-24 16:12:15 0 d-------- C:\Users\All Users\sbmxghir
2008-03-24 16:12:14 114688 --a------ C:\Windows\system32\ghgxkhqb.exe
2008-03-24 16:11:31 221184 --a------ C:\Windows\vbgtorfd.dll
2008-03-24 16:11:30 212992 --a------ C:\Windows\dwnrpofk.dll
2008-03-24 16:11:26 16444 -r-hs---- C:\Program Files (x86)\tmp3.exe
2008-03-24 16:11:21 16444 -r-hs---- C:\Program Files (x86)\tmp2.exe
2008-03-24 16:11:16 16444 -r-hs---- C:\Program Files (x86)\tmp1.exe
2008-03-24 16:11:12 36080 --a------ C:\Program Files (x86)\instaler.exe
2008-03-24 16:11:10 16444 -r-hs---- C:\Program Files (x86)\tmp0.exe
2008-03-24 15:46:46 45056 --a------ C:\Windows\system32\Wnaspi32.dll <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-03-24 15:46:46 16877 --a------ C:\Windows\system32\drivers\Aspi32.sys <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-03-24 15:46:46 3535 --a------ C:\Windows\system\Wowpost.exe
2008-03-24 15:46:46 4455 --a------ C:\Windows\system\Winaspi.dll
2008-03-24 15:46:43 761856 --a------ C:\Windows\system32\xvidcore.dll
2008-03-24 15:46:42 180224 --a------ C:\Windows\system32\xvidvfw.dll
2008-03-24 15:46:42 0 d-------- C:\Program Files (x86)\Xvid
2008-03-21 19:37:53 0 d-------- C:\Users\All Users\vsosdk
2008-03-21 18:53:10 0 d-------- C:\Program Files (x86)\DVDFab Platinum 4
2008-03-21 18:36:43 0 d-------- C:\Program Files (x86)\DVD Shrink
2008-03-21 18:31:59 364544 -----n--- C:\Windows\system32\TwnLib4.dll <Not Verified; Pegasus Imaging Corp.; TwnLib4>
2008-03-21 18:31:59 106496 --a------ C:\Windows\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20>
2008-03-21 18:31:53 471040 -----n--- C:\Windows\system32\ImagXRA7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-03-21 18:31:53 262144 -----n--- C:\Windows\system32\ImagXR7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-03-21 18:31:53 1568768 -----n--- C:\Windows\system32\ImagX7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-03-21 18:31:44 0 d-------- C:\Program Files (x86)\Common Files\Ahead
2008-03-21 18:31:43 0 d-------- C:\Program Files (x86)\Ahead
2008-03-21 17:18:02 0 d-------- C:\Program Files (x86)\DVD Decrypter
2008-03-21 11:14:12 487479 --a------ C:\Windows\system32\SkinMagic.dll <Not Verified; Appspeed Inc.; Appspeed SkinMagic Toolkit>
2008-03-21 11:14:12 60273 --a------ C:\Windows\system32\pthreadGC2.dll <Not Verified; Open Source Software community project; >
2008-03-21 11:14:12 719872 --a------ C:\Windows\system32\devil.dll <Not Verified; Abysmal Software; Developer's Image Library (DevIL)>
2008-03-21 11:14:12 0 d-------- C:\Windows\system32\avsplugin
2008-03-21 11:14:12 313344 --a------ C:\Windows\system32\avisynth.dll <Not Verified; The Public; Avisynth 2.5>
2008-03-21 11:14:12 7277568 --a------ C:\Windows\system32\3gpcore.dll
2008-03-21 11:14:12 0 d-------- C:\Program Files (x86)\Smallvideosoft
2008-03-20 19:00:46 0 d-------- C:\Users\All Users\DVD Shrink
2008-03-19 17:45:16 0 d-------- C:\Windows\pss
2008-03-18 18:42:11 0 d-------- C:\Program Files (x86)\iPod
2008-03-18 18:42:08 0 d-------- C:\Program Files (x86)\iTunes
2008-03-18 18:41:20 0 d-------- C:\Program Files (x86)\Bonjour
2008-03-18 18:40:53 0 d-------- C:\Program Files (x86)\QuickTime
2008-03-18 18:40:52 0 d-------- C:\Users\All Users\Apple Computer
2008-03-18 18:40:40 0 d-------- C:\Program Files (x86)\Apple Software Update
2008-03-18 18:40:39 0 d-------- C:\Users\All Users\Apple
2008-03-16 05:35:42 0 d-------- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2008-03-16 05:21:52 0 d-------- C:\Program Files (x86)\MSXML 4.0
2008-03-15 23:56:46 0 d--hs---- C:\System Volume Information
2008-03-15 19:29:59 0 d-------- C:\Program Files (x86)\Opera
2008-03-15 18:57:34 0 d-------- C:\Users\Daniel\{51332207-e90a-4a30-acad-23e57a51278c}
2008-03-15 18:54:06 0 d-------- C:\Program Files (x86)\uTorrent
2008-03-15 18:49:29 0 d-------- C:\Program Files (x86)\MSN Messenger
2008-03-15 18:22:05 0 d-------- C:\Users\All Users\WEBREG
2008-03-15 17:56:27 0 d-------- C:\Users\All Users\HPSSUPPLY
2008-03-15 17:54:24 0 d-------- C:\Users\All Users\HP Product Assistant
2008-03-15 17:54:08 0 d-------- C:\Windows\system32\spool
2008-03-15 17:53:07 0 d-------- C:\Program Files (x86)\Common Files\Hewlett-Packard
2008-03-15 17:45:06 8138 -----n--- C:\Windows\hpomdl21.dat
2008-03-15 17:45:06 148023 --a------ C:\Windows\hpoins21.dat
2008-03-15 16:49:13 0 d-a------ C:\Users\All Users\TEMP
2008-03-15 16:24:20 0 d--hs--c- C:\Program Files (x86)\Common Files\WindowsLiveInstaller
2008-03-15 16:24:00 0 d-------- C:\Program Files (x86)\Windows Live
2008-03-15 16:23:37 0 d-------- C:\Users\All Users\WLInstaller
2008-03-15 16:15:49 0 d-------- C:\Users\Daniel\Bluetooth Software
2008-03-15 16:15:12 0 dr------- C:\Users\Daniel\Searches
2008-03-15 16:15:00 0 dr------- C:\Users\Daniel\Contacts
2008-03-15 16:13:05 0 d---s---- C:\Windows\system32\Microsoft
2008-03-15 16:12:38 0 d-------- C:\Program Files (x86)\Bioscrypt
2008-03-15 16:12:06 0 d-------- C:\Program Files (x86)\Fingerprint Sensor
2008-03-15 16:10:29 44 --a------ C:\Windows\system\hpsysdrv.dat
2008-03-15 16:05:13 0 d--hs---- C:\Users\Daniel\Templates
2008-03-15 16:05:13 0 d--hs---- C:\Users\Daniel\Start Menu
2008-03-15 16:05:13 0 d--hs---- C:\Users\Daniel\SendTo
2008-03-15 16:05:13 0 d--hs---- C:\Users\Daniel\Recent
2008-03-15 16:05:13 0 d--hs---- C:\Users\Daniel\PrintHood
2008-03-15 16:05:13 0 d--hs---- C:\Users\Daniel\NetHood
2008-03-15 16:05:13 0 d--hs---- C:\Users\Daniel\Local Settings
2008-03-15 16:05:13 0 d--hs---- C:\Users\Daniel\Cookies
2008-03-15 16:05:13 0 d--hs---- C:\Users\Daniel\Application Data
2008-03-15 16:05:12 0 dr------- C:\Users\Daniel\Videos
2008-03-15 16:05:12 0 dr------- C:\Users\Daniel\Saved Games
2008-03-15 16:05:12 0 dr------- C:\Users\Daniel\Pictures
2008-03-15 16:05:12 1572864 --ahs---- C:\Users\Daniel\ntuser.dat
2008-03-15 16:05:12 0 d--hs---- C:\Users\Daniel\My Documents
2008-03-15 16:05:12 0 dr------- C:\Users\Daniel\Music
2008-03-15 16:05:12 0 dr------- C:\Users\Daniel\Links
2008-03-15 16:05:12 0 dr------- C:\Users\Daniel\Favorites
2008-03-15 16:05:12 0 dr------- C:\Users\Daniel\Downloads
2008-03-15 16:05:12 0 dr------- C:\Users\Daniel\Documents
2008-03-15 16:05:12 0 dr------- C:\Users\Daniel\Desktop
2008-03-15 16:05:12 0 d--h----- C:\Users\Daniel\AppData
2008-03-15 16:01:18 0 d--hs---- C:\Users\Default\Templates
2008-03-15 16:01:18 0 d--hs---- C:\Users\Default\Start Menu
2008-03-15 16:01:18 0 d--hs---- C:\Users\Default\SendTo
2008-03-15 16:01:18 0 d--hs---- C:\Users\Default\Recent
2008-03-15 16:01:18 0 d--hs---- C:\Users\Default\PrintHood
2008-03-15 16:01:18 0 d--hs---- C:\Users\Default\NetHood
2008-03-15 16:01:18 0 d--hs---- C:\Users\Default\Local Settings
2008-03-15 16:01:18 0 d--hs---- C:\Users\Default\Cookies
2008-03-15 16:01:18 0 d--hs---- C:\Users\All Users\Templates
2008-03-15 16:01:18 0 d--hs---- C:\Users\All Users\Start Menu
2008-03-15 16:01:18 0 d--hs---- C:\Users\All Users\Favorites
2008-03-15 16:01:18 0 d--hs---- C:\Users\All Users\Documents
2008-03-15 16:01:18 0 d--hs---- C:\Users\All Users\Desktop
2008-03-15 16:01:18 0 d--hs---- C:\Users\All Users\Application Data
2008-03-15 16:01:18 0 d--hs---- C:\Documents and Settings
2008-03-15 16:01:17 0 d--hs---- C:\Users\Default\My Documents
2008-03-15 16:01:17 0 d--hs---- C:\Users\Default\Application Data


-- Find3M Report ---------------------------------------------------------------

2008-03-29 11:10:57 68654 --a------ C:\Users\Daniel\AppData\Roaming\nvModes.001
2008-03-28 17:37:07 68654 --a------ C:\Users\Daniel\AppData\Roaming\nvModes.dat
2008-03-27 20:25:58 836 --a------ C:\Windows\bthservsdp.dat
2008-03-25 17:32:50 0 d-------- C:\Users\Daniel\AppData\Roaming\Vso
2008-03-24 19:46:38 0 d-------- C:\Users\Dani
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Now I know why I hate 64bit systems - shedloads of drivers :)

This will be a long fix so I would I would recommend you copy this post to a text file for reference


As a Vista user I will require that all the programmes I ask you to run, be run by right clicking the icon and selecting Run as Administrator. Otherwise some programmes may fail to do their job properly

This is a badly infected machine and may take a while to fix - please do not try any other scans unless I say so :)

One or more of the identified infections is a backdoor Trojan and a key logger.

If this computer is ever used for on-line banking, I suggest you do the following immediately:

1. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your on-line passwords for email, for banks, financial accounts, PayPal, eBay, on-line companies, any on-line forums or groups you belong to.

Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.


Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 5 and save it to your desktop.
  • Scroll down to where it says "JJava Runtime Environment (JRE) 6 Update 5...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Read the License Agreement and then check the box that says: "Accept License Agreement". The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u5-windows-i586-p.exe to install the newest version.

Now that is done lets start cleaning

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: GNX Bingo - {B2DCA34E-9D1C-4EDA-A1BE-C24D1B4AAE55} - C:\Windows\kdftlboepta.dll (file missing)
O4 - HKCU\..\Run: [mixzczwe] C:\Windows\system32\ghgxkhqb.exe
O4 - HKLM\..\Policies\Explorer\Run: [gkW4mdhLRf] C:\ProgramData\sbmxghir\unitsfkj.exe
O21 - SSODL: BootKbd - {a66440a0-2800-4732-9e8f-0abdc1bc2d09} - C:\Windows\Installer\{a66440a0-2800-4732-9e8f-0abdc1bc2d09}\BootKbd.dll
O21 - SSODL: vbgtorfd - {716914B6-ADEC-461A-A635-B7975176212C} - C:\Windows\vbgtorfd.dll
O21 - SSODL: dwnrpofk - {290637DB-FCA1-4A1A-961C-D4BE1BEA9547} - C:\Windows\dwnrpofk.dll

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.


NEXT

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Windows\a.bat
    C:\Windows\winsystem.exe
    C:\Windows\system32winsystem.exe
    C:\Windows\system32vcatchpi.dll
    C:\Windows\system32vbsys2.dll
    C:\Windows\system32thun32.dll
    C:\Windows\system32thun.dll
    C:\Windows\system32temp#01.exe
    C:\Windows\system32taack.exe
    C:\Windows\system32taack.dat
    C:\Windows\system32sysreq.exe
    C:\Windows\system32ssvchost.exe
    C:\Windows\system32ssvchost.com
    C:\Windows\system32ssurf022.dll
    C:\Windows\system32sncntr.exe
    C:\Windows\system32smp
    C:\Windows\system32Rundl1.exe
    C:\Windows\system32regm64.dll
    C:\Windows\system32regc64.dll
    C:\Windows\system32psoft1.exe
    C:\Windows\system32psof1.exe
    C:\Windows\system32ps1.exe
    C:\Windows\system32newsd32.exe
    C:\Windows\system32netode.exe
    C:\Windows\system32mtr2.exe
    C:\Windows\system32msvchost.exe
    C:\Windows\system32mssecu.exe
    C:\Windows\system32msnbho.dll
    C:\Windows\system32msgp.exe
    C:\Windows\system32medup020.dll
    C:\Windows\system32medup012.dll
    C:\Windows\system32hxiwlgpm.exe
    C:\Windows\system32hxiwlgpm.dat
    C:\Windows\[email protected]@@k.dll
    C:\Windows\system32emesx.dll
    C:\Windows\system32dpcproxy.exe
    C:\Windows\system32bsva-egihsg52.exe
    C:\Windows\system32bdn.com
    C:\Windows\system32awtoolb.dll
    C:\Windows\system32anticipator.dll
    C:\Windows\system32akttzn.exe
    C:\Users\Daniel\Desktopvirii
    C:\Windows\bdn.com
    C:\Users\Daniel\DesktopFWebdEditor.exe
    C:\Users\Daniel\Desktopfwebd.exe
    C:\Users\Daniel\Desktopfilemanagerclient.exe
    C:\Program Files (x86)\Inet Delivery
    C:\Program Files (x86)\akl
    C:\Users\All Users\sbmxghir
    C:\Windows\system32\ghgxkhqb.exe
    C:\Windows\vbgtorfd.dll
    C:\Windows\dwnrpofk.dll
    C:\Program Files (x86)\tmp3.exe
    C:\Program Files (x86)\tmp2.exe
    C:\Program Files (x86)\tmp1.exe
    C:\Program Files (x86)\instaler.exe
    C:\Program Files (x86)\tmp0.exe
    C:\ProgramData\sbmxghir
    C:\Windows\kdftlboepta.dll 
    C:\Windows\system32\ghgxkhqb.exe
    C:\Windows\Installer\{a66440a0-2800-4732-9e8f-0abdc1bc2d09}
    C:\Windows\vbgtorfd.dll
    C:\Windows\dwnrpofk.dll
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Purity
  • Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

FINALLY FOR NOW

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Logs required : OTMoveit and Combofix
  • 0

#5
daniel393

daniel393

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi, thanks heaps for your help, it really is appreciated.

I followed your instructions exactly although some thing didn'y appear to go quite right

when i tried to fix the files in hijack this, 3 or 4 of them had a error message pop up so i'm not sure if they deleted or not,

when i used the moveit program alot of the files had a error message pop up and i forgot to save the results, so i ran it again and all the results have cannot be found next to it (see copied results) so i assume it worked.

the combo fix didnt seam to do anyhting, after going though the prompts it said searching for infected files then just seamed to close itself, without producing a report when it shut.

Anyway here is the reults from the second time i ran move it, and a new hijack this report.

File/Folder C:\Windows\a.bat not found.
File/Folder C:\Windows\winsystem.exe not found.
File/Folder C:\Windows\system32winsystem.exe not found.
File/Folder C:\Windows\system32vcatchpi.dll not found.
File/Folder C:\Windows\system32vbsys2.dll not found.
File/Folder C:\Windows\system32thun32.dll not found.
File/Folder C:\Windows\system32thun.dll not found.
File/Folder C:\Windows\system32temp#01.exe not found.
File/Folder C:\Windows\system32taack.exe not found.
File/Folder C:\Windows\system32taack.dat not found.
File/Folder C:\Windows\system32sysreq.exe not found.
File/Folder C:\Windows\system32ssvchost.exe not found.
File/Folder C:\Windows\system32ssvchost.com not found.
File/Folder C:\Windows\system32ssurf022.dll not found.
File/Folder C:\Windows\system32sncntr.exe not found.
File/Folder C:\Windows\system32smp not found.
File/Folder C:\Windows\system32Rundl1.exe not found.
File/Folder C:\Windows\system32regm64.dll not found.
File/Folder C:\Windows\system32regc64.dll not found.
File/Folder C:\Windows\system32psoft1.exe not found.
File/Folder C:\Windows\system32psof1.exe not found.
File/Folder C:\Windows\system32ps1.exe not found.
File/Folder C:\Windows\system32newsd32.exe not found.
File/Folder C:\Windows\system32netode.exe not found.
File/Folder C:\Windows\system32mtr2.exe not found.
File/Folder C:\Windows\system32msvchost.exe not found.
File/Folder C:\Windows\system32mssecu.exe not found.
File/Folder C:\Windows\system32msnbho.dll not found.
File/Folder C:\Windows\system32msgp.exe not found.
File/Folder C:\Windows\system32medup020.dll not found.
File/Folder C:\Windows\system32medup012.dll not found.
File/Folder C:\Windows\system32hxiwlgpm.exe not found.
File/Folder C:\Windows\system32hxiwlgpm.dat not found.
File/Folder C:\Windows\[email protected]@@k.dll not found.
File/Folder C:\Windows\system32emesx.dll not found.
File/Folder C:\Windows\system32dpcproxy.exe not found.
File/Folder C:\Windows\system32bsva-egihsg52.exe not found.
File/Folder C:\Windows\system32bdn.com not found.
File/Folder C:\Windows\system32awtoolb.dll not found.
File/Folder C:\Windows\system32anticipator.dll not found.
File/Folder C:\Windows\system32akttzn.exe not found.
File/Folder C:\Users\Daniel\Desktopvirii not found.
File/Folder C:\Windows\bdn.com not found.
File/Folder C:\Users\Daniel\DesktopFWebdEditor.exe not found.
File/Folder C:\Users\Daniel\Desktopfwebd.exe not found.
File/Folder C:\Users\Daniel\Desktopfilemanagerclient.exe not found.
File/Folder C:\Program Files (x86)\Inet Delivery not found.
File/Folder C:\Program Files (x86)\akl not found.
File/Folder C:\Users\All Users\sbmxghir not found.
File/Folder C:\Windows\system32\ghgxkhqb.exe not found.
File/Folder C:\Windows\vbgtorfd.dll not found.
File/Folder C:\Windows\dwnrpofk.dll not found.
File/Folder C:\Program Files (x86)\tmp3.exe not found.
File/Folder C:\Program Files (x86)\tmp2.exe not found.
File/Folder C:\Program Files (x86)\tmp1.exe not found.
C:\Program Files (x86)\instaler.exe moved successfully.
C:\Program Files (x86)\tmp0.exe moved successfully.
File/Folder C:\ProgramData\sbmxghir not found.
File/Folder C:\Windows\kdftlboepta.dll not found.
File/Folder C:\Windows\system32\ghgxkhqb.exe not found.
C:\Windows\Installer\{a66440a0-2800-4732-9e8f-0abdc1bc2d09} moved successfully.
File/Folder C:\Windows\vbgtorfd.dll not found.
File/Folder C:\Windows\dwnrpofk.dll not found.
[Custom Input]
< Purity >

OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03302008_171520



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:49:54 AM, on 29/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
c:\Program Files (x86)\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\ProgramData\sbmxghir\unitsfkj.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\MSN Messenger\msnmsgr.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Users\Daniel\Desktop\dss.exe
C:\PROGRA~2\TRENDM~1\HIJACK~1\Daniel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\googletoolbar2.dll
O2 - BHO: GNX Bingo - {B2DCA34E-9D1C-4EDA-A1BE-C24D1B4AAE55} - C:\Windows\kdftlboepta.dll (file missing)
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files (x86)\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles(x86)%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles(x86)%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~2\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [mixzczwe] C:\Windows\system32\ghgxkhqb.exe
O4 - HKLM\..\Policies\Explorer\Run: [gkW4mdhLRf] C:\ProgramData\sbmxghir\unitsfkj.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/b...lineScanner.cab
O20 - AppInit_DLLs: APSHook.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: BootKbd - {a66440a0-2800-4732-9e8f-0abdc1bc2d09} - C:\Windows\Installer\{a66440a0-2800-4732-9e8f-0abdc1bc2d09}\BootKbd.dll
O21 - SSODL: vbgtorfd - {716914B6-ADEC-461A-A635-B7975176212C} - C:\Windows\vbgtorfd.dll
O21 - SSODL: dwnrpofk - {290637DB-FCA1-4A1A-961C-D4BE1BEA9547} - C:\Windows\dwnrpofk.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files (x86)\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files (x86)\Norton Internet Security\isPwdSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13072 bytes

I have also noticed that i still have no task manager so i'm assuming o'm not yet clean.

thanks
Daniel
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Ok looks like I need to do this the manual way :) It may take a little longer

Download OTScanit to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanit folder and double-click on OTScanit.exe to start the program.
  • Check the box that says Scan All User Accounts
  • Check the Radio buttons for Files/Folders Created Within 90 Days and Files/Folders Modified Within 90 Days
  • Under Additional Scans check the following:
    • Reg - BotCheck
    • Reg - Desktop Components
    • Reg - Disabled MS Config Items
    • Reg - Security Settings
    • Reg - WOW Settings
    • File - Additional Folder Scans
    • File - Purity Scan
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#7
daniel393

daniel393

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi, the scan results were way to big for the forum to allow me to upload them, so i uploaded them to freefilehosting.com, heres the link http://myfreefilehos...a1d97221_1.25MB

hopefully that works.

thanks
Daniel
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I notice you still have some Norton on there - do you use their firewall or is it the leftovers from the anti-virus ?

Start OTScanit. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Unregister Dlls]
[Registry - Non-Microsoft Only]
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
YN -> {a66440a0-2800-4732-9e8f-0abdc1bc2d09} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\Installer\{a66440a0-2800-4732-9e8f-0abdc1bc2d09}\BootKbd.dll [BootKbd]
YN -> {290637DB-FCA1-4A1A-961C-D4BE1BEA9547} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\dwnrpofk.dll [dwnrpofk]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\gkW4mdhLRf -> C:\ProgramData\sbmxghir\unitsfkj.exe [C:\ProgramData\sbmxghir\unitsfkj.exe]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {B2DCA34E-9D1C-4EDA-A1BE-C24D1B4AAE55} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\kdftlboepta.dll [GNX Bingo]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {CCA281CA-C863-46ef-9331-5C8D4460577F}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Send To Bluetooth]
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> 
*DisplayName* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName
YY -> @%systemroot%\system32\wuaueng.dll -> 
< BotCheck > -> 
< Security Settings > -> 
*DisplayName* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DisplayName
YY -> @%SystemRoot%\system32\qmgr.dll -> 
< Security Settings > -> 
*DisplayName* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName
YY -> @%systemroot%\system32\wuaueng.dll -> 
< Security Settings > -> 
[Files/Folders - Created Within 90 days]
NY -> system32hoproxy.dll -> %SystemRoot%\system32hoproxy.dll
NY -> system32mwin32.exe -> %SystemRoot%\system32mwin32.exe
NY -> system32VBIEWER.OCX -> %SystemRoot%\system32VBIEWER.OCX
NY -> system32winlogonpc.exe -> %SystemRoot%\system32winlogonpc.exe
NY -> system32WINWGPX.EXE -> %SystemRoot%\system32WINWGPX.EXE
NY -> userconfig9x.dll -> %SystemRoot%\userconfig9x.dll
[Files Created - Additional Folder Scans - Non-Microsoft Only]
NY -> @Alternate Data Stream - 103 bytes -> %AllUsersProfile%\TEMP:FC460D15
NY -> vsosdk -> %AllUsersProfile%\vsosdk
NY -> WEBREG -> %AllUsersProfile%\WEBREG
NY -> WLInstaller -> %AllUsersProfile%\WLInstaller
NY -> @Alternate Data Stream - 0 bytes -> %UserProfile%\Desktop\ehthumbs_vista.db:encryptable
NY -> @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier
[Files/Folders - Modified Within 90 days]
NY -> system32hoproxy.dll -> %SystemRoot%\system32hoproxy.dll
NY -> system32mwin32.exe -> %SystemRoot%\system32mwin32.exe
NY -> system32VBIEWER.OCX -> %SystemRoot%\system32VBIEWER.OCX
NY -> system32winlogonpc.exe -> %SystemRoot%\system32winlogonpc.exe
NY -> system32WINWGPX.EXE -> %SystemRoot%\system32WINWGPX.EXE
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
NY -> @Alternate Data Stream - 103 bytes -> %AllUsersProfile%\TEMP:FC460D15
NY -> vsosdk -> %AllUsersProfile%\vsosdk
NY -> @Alternate Data Stream - 0 bytes -> %UserProfile%\Desktop\ehthumbs_vista.db:encryptable
NY -> @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier
[Empty Temp Folders]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new Hijackthis log.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

PRIOR TO POSTING THE RESULT

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Logs required : OTScanit result, MBAM log and a new Hijackthis
  • 0

#9
daniel393

daniel393

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Ok had some dramas with that otscan again, ive attached a image of the error msg that popped up when i tried to use it, the same msg popped up for about 4 files then the program just stopped responding and i had to shut it, everything appeared to go well with the mbam program.

otscanerror.jpg

Attached File  mbam_log_4_1_2008__17_17_54_.txt   3.74KB   150 downloads

Attached File  hijackthis.txt   12.77KB   51 downloads

I'm starting to think that if its going to be a massive mission to get rid of this i might just re format, the computer is only 3 weeks old so i havnt got much to loose that i havnt already backed up.

cheers
daniel

Attached Files


  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK the possible way to go from here is to first update Avast to 4.8 this updated version has a rootkit scanner enabled within the bootscan

To do this right click the @ icon select update - then programme update, a reboot will be required

Once updated commence a boot scan
To do this right click the @ icon and select start Avast
When it has completed the memory check then right click anywhere on the interface and select boot scan
Next, choose
  • Scan all local disks
  • scan archive files
  • click on Schedule
On the next dialog Operating system restart needed select Yes
Now avast! will restart your computer and start to scan before Windows fully loads.

IMPORTANT NOTE since your system has infections on it, avast! will give you dialog box with recommended actions, and options, please make sure if this happens, to click the Move to Chest button, and not to delete any reported files.

The boot log will be located here C:\Program Files\Alwil Software\Avast4\DATA\report\AswBoot.txt
  • 0

#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP