Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

cannot uninstall bluesoleil program [RESOLVED]


  • This topic is locked This topic is locked

#1
Mikey's gal

Mikey's gal

    Member

  • Member
  • PipPip
  • 72 posts
I bought a bluetooth adapter on ebay and as soon as I installed the thing it froze up my computer. It never did finish installing. When I tried to uninstall what was in there it didn't budge. I tried to uninstall through change/remove programs list. I ran my virus and spyware scans and discovered I had been infected with over 200 infections. One of them was called "bluetooth fake". I looked up how to identify a fake on google and learned this particular product does not have a manufacturers name. I think I got took big time!!!! Here is my hijackthislog. Thanks for your help.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:42:44 PM, on 4/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...o&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Vongo Service - Unknown owner - C:\Program Files\Vongo\VongoService.exe (file missing)
O24 - Desktop Component 0: (no name) - http://images.wikia..../87/Alqitty.jpg
O24 - Desktop Component 1: (no name) - http://images.jupite...33/23473344.jpg
O24 - Desktop Component 2: (no name) - http://www.hollyscoo...ael_jackson.jpg
O24 - Desktop Component 3: (no name) - http://www.greenash....ppy.preview.png
O24 - Desktop Component 4: (no name) - http://www.freequali...-beach-girl.jpg
O24 - Desktop Component 5: (no name) - http://www.pennfoste...in-image-12.jpg

--
End of file - 8518 bytes
  • 0

Advertisements


#2
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Hi, Mikey's gal :)

Welcome.

Please right click on the Desktop and select Properties. Click on the Desktop tab, then on Customize Desktop. Click on the Web tab. Delete all items therein, except for "My current web page". Click Ok out of the Properties window.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#3
Mikey's gal

Mikey's gal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
ComboFix 08-04-20.5 - User 2008-04-21 22:19:58.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.157 [GMT -4:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\28463
C:\WINDOWS\system32\28463\FCUR.001
C:\WINDOWS\system32\28463\FCUR.002
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-03-22 to 2008-04-22 )))))))))))))))))))))))))))))))
.

2008-04-21 18:42 . 2008-04-21 18:42 <DIR> d-------- C:\Documents and Settings\User\Application Data\Uniblue
2008-04-21 15:50 . 2008-04-21 16:18 3,603 --a------ C:\logfile
2008-04-21 15:46 . 2008-04-21 16:21 <DIR> d-------- C:\Program Files\Kodak
2008-04-21 15:39 . 2008-04-21 15:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kodak
2008-04-21 12:37 . 2008-04-21 14:59 <DIR> d-------- C:\Documents and Settings\User\Application Data\muvee Technologies
2008-04-21 12:37 . 2008-04-21 14:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\muvee Technologies
2008-04-19 11:52 . 2008-04-19 11:52 <DIR> d-------- C:\Documents and Settings\User\Application Data\Nokia Multimedia Player
2008-04-19 11:26 . 2008-04-21 09:36 67,200 --a------ C:\Documents and Settings\User\Application Data\NMM-MetaData.db
2008-04-19 10:44 . 2008-04-19 10:46 <DIR> d-------- C:\Documents and Settings\User\Application Data\PC Suite
2008-04-19 10:44 . 2008-04-19 10:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-04-19 10:41 . 2008-04-21 09:00 <DIR> d-------- C:\Documents and Settings\User\Application Data\Nokia
2008-04-19 10:40 . 2008-04-19 10:40 <DIR> d-------- C:\Program Files\DIFX
2008-04-19 10:40 . 2008-04-19 10:40 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-04-19 10:40 . 2008-04-19 10:40 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-04-19 10:40 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-04-19 10:39 . 2008-04-19 10:39 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-04-19 10:39 . 2008-04-19 10:40 <DIR> d-------- C:\Program Files\Nokia
2008-04-19 10:39 . 2007-11-29 10:32 48,128 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-04-19 10:37 . 2008-04-19 10:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-04-19 09:25 . 2004-08-03 22:58 100,992 --a------ C:\WINDOWS\system32\drivers\bthpan.sys
2008-04-19 09:25 . 2004-08-03 22:58 100,992 --a------ C:\WINDOWS\system32\dllcache\bthpan.sys
2008-04-18 13:28 . 2008-04-18 13:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-04-18 08:28 . 2004-09-21 18:18 148,830 --a------ C:\WINDOWS\system32\drivers\bcbthub.sys
2008-04-07 22:31 . 2008-04-07 22:31 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-04-07 22:29 . 2008-04-19 10:47 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-03-30 11:42 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-03-30 11:42 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\dllcache\hidserv.dll
2008-03-30 11:42 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-03-30 11:42 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys
2008-03-30 11:42 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-03-30 11:42 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys
2008-03-28 18:44 . 2008-03-28 18:44 <DIR> d-------- C:\Documents and Settings\User\Application Data\Sonic
2008-03-28 18:41 . 2008-03-28 18:41 9,216 --ahs---- C:\WINDOWS\Thumbs.db
2008-03-28 18:25 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-03-28 18:25 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-21 20:24 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-21 18:22 1,414 ----a-w C:\Documents and Settings\User\Application Data\wklnhst.dat
2008-04-18 12:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-10 00:29 --------- d-----w C:\Program Files\Hewlett-Packard
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-18 21:37 --------- d-----w C:\Program Files\Java
2008-03-18 21:16 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-18 17:06 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-03-18 17:06 --------- d-----w C:\Documents and Settings\User\Application Data\Malwarebytes
2008-03-18 17:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-18 14:27 --------- d-----w C:\Program Files\Trend Micro
2008-03-18 14:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-17 18:42 --------- d-----w C:\Program Files\DIGStream
2008-03-17 17:34 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-03-17 17:28 --------- d-----w C:\Documents and Settings\User\Application Data\Grisoft
2008-03-17 17:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-16 22:23 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-03-12 21:23 --------- d-----w C:\Documents and Settings\User\Application Data\LimeWire
2008-03-06 15:14 831,048 ----a-w C:\WINDOWS\system32\WudfUpdate_01005.dll
2008-02-28 18:37 --------- d-----w C:\Program Files\Disney
2008-02-26 19:41 --------- d-----w C:\Program Files\music_now
2008-02-26 19:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-26 19:35 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-26 19:35 --------- d-----w C:\Documents and Settings\User\Application Data\SUPERAntiSpyware.com
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 09:07 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2006-12-29 15:52 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-11-26 14:47 251 -c--a-w C:\Program Files\wt3d.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43 4670704]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-03-04 21:12 1481968]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 18:41 1232896]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-03-28 11:20 1079296]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 01:58 458752]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 11:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 01:22 794713]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 13:23 1187840]
"Reminder"="C:\Windows\CREATOR\Remind_XP.exe" [2006-02-09 12:52 643072]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [ ]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 14:37 79224]
"Monitor"="C:\WINDOWS\PixArt\PAC207\Monitor.exe" [2006-11-03 12:01 319488]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-11 00:03 36975]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-06-23 17:43 102400]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [ ]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 19:30 81920]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 19:30 249856]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 08:17 94208]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 08:17 118784]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 08:13 77824]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-06 00:56 64512]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2006-03-16 00:00 158208]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"<NO NAME>"= 0

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 14:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 2006-03-16 00:00 110592 C:\WINDOWS\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsmqIntCert]


[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 14:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 14:35]
S3 PAC207;PC Camer@;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-06-12 12:39]
S3 pccsmcfd;PCCS Mode Change Filter Driver;C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 15:53]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f4ddea7-7c02-11db-9e40-806d6172696f}]
\Shell\AutoRun\command - D:\setupSNK.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-04-21 23:05:05 C:\WINDOWS\Tasks\EasyShare Registration RunOnce Task.job"
- C:\WINDOWS\system32\rundll32.exesC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.5.30.2.sxt _RegistrationOfferSilence@16
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-21 22:22:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-21 22:26:00
ComboFix-quarantined-files.txt 2008-04-22 02:25:01

Pre-Run: 52,801,523,712 bytes free
Post-Run: 53,579,833,344 bytes free

172 --- E O F --- 2008-04-14 19:48:06




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:30:47 PM, on 4/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Vongo Service - Unknown owner - C:\Program Files\Vongo\VongoService.exe (file missing)
O24 - Desktop Component 0: (no name) - http://images.wikia..../87/Alqitty.jpg
O24 - Desktop Component 1: (no name) - http://images.jupite...33/23473344.jpg
O24 - Desktop Component 2: (no name) - http://www.hollyscoo...ael_jackson.jpg
O24 - Desktop Component 3: (no name) - http://www.greenash....ppy.preview.png
O24 - Desktop Component 4: (no name) - http://www.freequali...-beach-girl.jpg
O24 - Desktop Component 5: (no name) - http://www.pennfoste...in-image-12.jpg

--
End of file - 8509 bytes


Thanks a bunch!
  • 0

#4
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Hi, Mikey's gal :)

These images are in your system as desktop items. Going throughout the "Customize Desktop" process above, should make these disappear.

O24 - Desktop Component 0: (no name) - http://images.wikia..../87/Alqitty.jpg
O24 - Desktop Component 1: (no name) - http://images.jupite...33/23473344.jpg
O24 - Desktop Component 2: (no name) - http://www.hollyscoo...ael_jackson.jpg
O24 - Desktop Component 3: (no name) - http://www.greenash....ppy.preview.png
O24 - Desktop Component 4: (no name) - http://www.freequali...-beach-girl.jpg
O24 - Desktop Component 5: (no name) - http://www.pennfoste...in-image-12.jpg


I don't know if you wish to keep them.

As far as Malware, there is no sign of it. There are files related to Bluetooth present in the system. These represent no malware, thus I have not proceeded to remove them. Should you wish to remove them, please let me know.

If you wish to install the Bluetooth adapter, perhaps you should first check if there are bonafide drivers available for this adapter at Motorola and download these.

Please let me know.
  • 0

#5
Mikey's gal

Mikey's gal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
Hi there,
Thanks for your help. I got those images off there. I had to delete each one seperately. I'm happy that I don't have malware. Cool. I do want that program removed from the computer since I can't do anything with it. (bluesoleil) When I try to remove it from add/remove program it won't go away. So, yes, if you could help me with that I would appreciate it. I noticed my task manager is accessible now and the comma is gone after "my computer". One other thing, I saw rundll32.exe in my startup list. Is that ok?

Thanks again.
  • 0

#6
Mikey's gal

Mikey's gal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
I think there is a bluetooth driver on the computer ... I noticed it after I couldn't use the bluesoleil program. I have used it with the adapter. So the only bluetooth files I would like removed are the ones associated with bluesoleil.

Thanks again. :)
  • 0

#7
Mikey's gal

Mikey's gal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
When I start the computer is warns an alert notice and has a warning sign that says:

Error loading C:\DOCUME-1\ALLUSE-1\APPLIC-1\Kodak\EasyShareSetup\$REGIS-1\Registration_7.5.30.2.sxt

The specified module could not be found.

The title of the warning is RUNDLL

Thanks.
  • 0

#8
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Hi, Mikey's gal

  • Copy the entire contents of the Quote Box below to Notepad.
  • Name the file as CFScript.txt
  • Change the Save as Type to All Files
  • and Save it on the desktop
File::C:\WINDOWS\Tasks\EasyShare Registration RunOnce Task.jobC:\WINDOWS\system32\drivers\bthpan.sysC:\WINDOWS\system32\dllcache\bthpan.sysC:\WINDOWS\system32\drivers\bcbthub.sysC:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnkC:\WINDOWS\pss\BlueSoleil.lnkCommon StartupC:\WINDOWS\system32\bthprops.cplFolder::C:\Documents and Settings\All Users\Application Data\BluetoothRegistry::[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]"<NO NAME>"=-[-HKEY_LOCAL_MACHINE\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk][-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]

Posted Image

Once saved, referring to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report.


Posted ImageDownload Deckard's System Scanner (DSS) from here or here to your Desktop. Note: You must be logged onto an account with administrator privileges.
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of both, the main.txt and the extra.txt in your next reply.
If the files are too long, attach them to a reply:
  • Scroll down to [Attachments].
  • Browse to the following folder:
    • C:\Deckard\System Scanner
  • Click Upload to upload these files one by one
  • Submit your reply

  • 0

#9
Mikey's gal

Mikey's gal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
ComboFix 08-04-20.5 - User 2008-04-22 21:24:49.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.198 [GMT -4:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\User\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup
C:\WINDOWS\system32\bthprops.cpl
C:\WINDOWS\system32\dllcache\bthpan.sys
C:\WINDOWS\system32\drivers\bcbthub.sys
C:\WINDOWS\system32\drivers\bthpan.sys
C:\WINDOWS\Tasks\EasyShare Registration RunOnce Task.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Bluetooth
C:\WINDOWS\system32\bthprops.cpl
C:\WINDOWS\system32\dllcache\bthpan.sys
C:\WINDOWS\system32\drivers\bcbthub.sys
C:\WINDOWS\system32\drivers\bthpan.sys
C:\WINDOWS\Tasks\EasyShare Registration RunOnce Task.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_BthPan


((((((((((((((((((((((((( Files Created from 2008-03-23 to 2008-04-23 )))))))))))))))))))))))))))))))
.

2008-04-22 21:25 . 2004-08-04 00:56 110,592 --a------ C:\WINDOWS\system32\dllcache\bthprops.cpl
2008-04-21 18:42 . 2008-04-21 18:42 <DIR> d-------- C:\Documents and Settings\User\Application Data\Uniblue
2008-04-21 15:50 . 2008-04-21 16:18 3,603 --a------ C:\logfile
2008-04-21 15:46 . 2008-04-21 16:21 <DIR> d-------- C:\Program Files\Kodak
2008-04-21 15:39 . 2008-04-21 15:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kodak
2008-04-21 12:37 . 2008-04-21 14:59 <DIR> d-------- C:\Documents and Settings\User\Application Data\muvee Technologies
2008-04-21 12:37 . 2008-04-21 14:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\muvee Technologies
2008-04-19 10:44 . 2008-04-19 10:46 <DIR> d-------- C:\Documents and Settings\User\Application Data\PC Suite
2008-04-19 10:44 . 2008-04-19 10:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-04-19 10:41 . 2008-04-21 09:00 <DIR> d-------- C:\Documents and Settings\User\Application Data\Nokia
2008-04-19 10:40 . 2008-04-19 10:40 <DIR> d-------- C:\Program Files\DIFX
2008-04-19 10:40 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-04-19 10:39 . 2008-04-19 10:39 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-04-19 10:39 . 2007-11-29 10:32 48,128 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-04-19 10:37 . 2008-04-19 10:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-04-18 08:28 . 2004-09-21 18:18 116,021 --a------ C:\WINDOWS\system32\drivers\fw203x.sys
2008-04-07 22:31 . 2008-04-07 22:31 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-04-07 22:29 . 2008-04-19 10:47 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-03-30 11:42 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-03-30 11:42 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\dllcache\hidserv.dll
2008-03-30 11:42 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-03-30 11:42 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys
2008-03-30 11:42 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-03-30 11:42 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys
2008-03-28 18:44 . 2008-03-28 18:44 <DIR> d-------- C:\Documents and Settings\User\Application Data\Sonic
2008-03-28 18:41 . 2008-03-28 18:41 9,216 --ahs---- C:\WINDOWS\Thumbs.db
2008-03-28 18:25 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-03-28 18:25 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-23 01:33 0 ----a-w C:\WINDOWS\system32\drivers\SET2.tmp
2008-04-21 20:24 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-21 18:22 1,414 ----a-w C:\Documents and Settings\User\Application Data\wklnhst.dat
2008-04-18 12:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-10 00:29 --------- d-----w C:\Program Files\Hewlett-Packard
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-18 21:37 --------- d-----w C:\Program Files\Java
2008-03-18 21:16 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-18 17:06 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-03-18 17:06 --------- d-----w C:\Documents and Settings\User\Application Data\Malwarebytes
2008-03-18 17:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-18 14:27 --------- d-----w C:\Program Files\Trend Micro
2008-03-18 14:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-17 18:42 --------- d-----w C:\Program Files\DIGStream
2008-03-17 17:34 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-03-17 17:28 --------- d-----w C:\Documents and Settings\User\Application Data\Grisoft
2008-03-17 17:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-16 22:23 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-03-12 21:23 --------- d-----w C:\Documents and Settings\User\Application Data\LimeWire
2008-03-06 15:14 831,048 ----a-w C:\WINDOWS\system32\WudfUpdate_01005.dll
2008-02-28 18:37 --------- d-----w C:\Program Files\Disney
2008-02-26 19:41 --------- d-----w C:\Program Files\music_now
2008-02-26 19:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-26 19:35 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-26 19:35 --------- d-----w C:\Documents and Settings\User\Application Data\SUPERAntiSpyware.com
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 09:07 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2006-12-29 15:52 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-11-26 14:47 251 -c--a-w C:\Program Files\wt3d.ini
.

((((((((((((((((((((((((((((( snapshot@2008-04-21_22.24.52.65 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-21 23:01:43 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-23 01:28:53 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2005-10-21 00:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2008-04-23 01:28:58 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_744.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43 4670704]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-03-04 21:12 1481968]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 01:58 458752]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 11:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 01:22 794713]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 13:23 1187840]
"Reminder"="C:\Windows\CREATOR\Remind_XP.exe" [2006-02-09 12:52 643072]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [ ]
"Monitor"="C:\WINDOWS\PixArt\PAC207\Monitor.exe" [2006-11-03 12:01 319488]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-11 00:03 36975]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-06-23 17:43 102400]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [ ]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 19:30 81920]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 19:30 249856]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 08:17 94208]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 08:17 118784]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 08:13 77824]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-06 00:56 64512]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:56 110592 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"<NO NAME>"= 0

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 14:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 14:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 14:35]
S3 PAC207;PC Camer@;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-06-12 12:39]
S3 pccsmcfd;PCCS Mode Change Filter Driver;C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 15:53]

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-22 21:30:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
.
**************************************************************************
.
Completion time: 2008-04-22 21:38:21 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-23 01:38:15
ComboFix2.txt 2008-04-22 02:26:01

Pre-Run: 53,750,231,040 bytes free
Post-Run: 53,664,452,608 bytes free

195 --- E O F --- 2008-04-14 19:48:06
  • 0

#10
Mikey's gal

Mikey's gal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
Deckard's System Scanner v20071014.68
Run by User on 2008-04-22 21:48:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
61: 2008-04-23 01:48:17 UTC - RP247 - Deckard's System Scanner Restore Point
60: 2008-04-23 01:24:33 UTC - RP246 - ComboFix created restore point
59: 2008-04-22 21:14:13 UTC - RP245 - Removed Nokia Connectivity Cable Driver
58: 2008-04-22 02:19:44 UTC - RP244 - ComboFix created restore point
57: 2008-04-21 22:46:07 UTC - RP243 - Uniblue RegistryBooster


-- First Restore Point --
1: 2008-01-28 22:56:53 UTC - RP187 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis (run as User.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:49:07 PM, on 4/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\User\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\User.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Vongo Service - Unknown owner - C:\Program Files\Vongo\VongoService.exe (file missing)

--
End of file - 7061 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080318-135931-176 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
backup-20080318-135931-781 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
backup-20080318-135931-813 O21 - SSODL: altvxvm - {93ACF0B8-2E42-4B19-95EA-7A98BBC3954A} - C:\WINDOWS\altvxvm.dll (file missing)
backup-20080318-135931-990 O4 - HKLM\..\Run: [FCUR Agent] C:\WINDOWS\system32\28463\FCUR.exe

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil©>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R3 Afc (PPdus ASPI Shell) - c:\windows\system32\drivers\afc.sys <Not Verified; Arcsoft, Inc.; Arcsoft® ASPI Shell>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows ® 2000 DDK driver>
S3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil>
S3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys
S3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys <Not Verified; IVT Corporation; BlueSoleil>
S3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 Vongo Service - c:\program files\vongo\vongoservice.exe (file missing)
S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel® PRO/Wireless 3945ABG Network Connection
Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_135B103C&REV_02\4&38B5BDF7&0&00E2
Manufacturer: Intel Corporation
Name: Intel® PRO/Wireless 3945ABG Network Connection
PNP Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_135B103C&REV_02\4&38B5BDF7&0&00E2
Service: w39n51

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Mickey's gal
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Mickey's gal
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd


-- Files created between 2008-03-22 and 2008-04-22 -----------------------------

2008-04-21 22:19:16 68096 --a------ C:\WINDOWS\zip.exe
2008-04-21 22:19:16 49152 --a------ C:\WINDOWS\VFind.exe
2008-04-21 22:19:16 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-21 22:19:16 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-21 22:19:16 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-21 22:19:16 98816 --a------ C:\WINDOWS\sed.exe
2008-04-21 22:19:16 80412 --a------ C:\WINDOWS\grep.exe
2008-04-21 22:19:16 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-21 18:42:10 0 d-------- C:\Documents and Settings\User\Application Data\Uniblue
2008-04-21 15:50:09 3603 --a------ C:\logfile
2008-04-21 15:46:21 0 d-------- C:\Program Files\Kodak
2008-04-21 15:39:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Kodak
2008-04-21 12:37:48 0 d-------- C:\Documents and Settings\User\Application Data\muvee Technologies
2008-04-21 12:37:47 0 d-------- C:\Documents and Settings\All Users\Application Data\muvee Technologies
2008-04-19 10:44:16 0 d-------- C:\Documents and Settings\User\Application Data\PC Suite
2008-04-19 10:44:14 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-04-19 10:41:50 0 d-------- C:\Documents and Settings\User\Application Data\Nokia
2008-04-19 10:40:07 0 d-------- C:\Program Files\DIFX
2008-04-19 10:39:37 0 d-------- C:\Program Files\PC Connectivity Solution
2008-04-19 10:39:19 48128 --a------ C:\WINDOWS\system32\nmwcdcls.dll <Not Verified; Nokia; >
2008-04-19 10:37:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-04-18 08:28:34 63488 -ra------ C:\WINDOWS\system32\drivers\wssbtr1f.sys <Not Verified; National Semiconductor Sweden AB; National Semiconductor Sweden AB BlueCard PCMCIA driver>
2008-04-18 08:28:34 48556 -ra------ C:\WINDOWS\system32\drivers\SktBt2k.sys <Not Verified; Socket Communications, Inc.; SIO9502K>
2008-04-18 08:28:33 77824 -ra------ C:\WINDOWS\system32\drivers\SioUi2k.dll <Not Verified; Socket Communications Inc.; 16C950>
2008-04-18 08:28:33 48076 -ra------ C:\WINDOWS\system32\drivers\Sio9502k.sys <Not Verified; Socket Communications, Inc.; SIO9502K>
2008-04-18 08:28:33 40960 -ra------ C:\WINDOWS\system32\drivers\SCTray.exe <Not Verified; Socket Communications Inc.; SCTray>
2008-04-18 08:28:33 51169 -ra------ C:\WINDOWS\system32\drivers\OXSER.SYS <Not Verified; OEM; OX16C95x>
2008-04-18 08:28:24 11736 --a------ C:\WINDOWS\system32\drivers\VHIDMini.sys <Not Verified; IVT Corporation; IVT BlueSoleil>
2008-04-18 08:28:24 82148 --a------ C:\WINDOWS\system32\drivers\VcommMgr.sys <Not Verified; IVT Corporation; BlueSoleil>
2008-04-18 08:28:24 61312 --a------ C:\WINDOWS\system32\drivers\VComm.sys <Not Verified; IVT Corporation; BlueSoleil>
2008-04-18 08:28:24 11860 --a------ C:\WINDOWS\system32\drivers\vbtenum.sys
2008-04-18 08:28:24 13304 --a------ C:\WINDOWS\system32\drivers\BTNetFilter.sys
2008-04-18 08:28:23 116021 --a------ C:\WINDOWS\system32\drivers\fw203x.sys <Not Verified; Broadcom; >
2008-04-18 08:28:23 10804 --a------ C:\WINDOWS\system32\drivers\BtNetDrv.sys <Not Verified; IVT Corporation; BlueSoleil>
2008-04-18 08:28:23 28271 --a------ C:\WINDOWS\system32\drivers\BTHidMgr.sys <Not Verified; IVT Corporation; BlueSoleil©>
2008-04-18 08:28:23 23000 --a------ C:\WINDOWS\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver>
2008-04-18 08:28:23 20480 --a------ C:\WINDOWS\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows ® 2000 DDK driver>
2008-04-18 08:28:23 7680 --a------ C:\WINDOWS\system32\btinstall.dll <Not Verified; IVT Corporation; BlueSoleil>
2008-04-18 08:28:23 49152 --a------ C:\WINDOWS\system32\btfunc.dll <Not Verified; IVT Corporation; BlueSoleil>
2008-04-07 22:31:20 0 d-------- C:\Program Files\Windows Media Connect 2
2008-04-07 22:29:50 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-03-28 18:44:26 0 d-------- C:\Documents and Settings\User\Application Data\Sonic


-- Find3M Report ---------------------------------------------------------------

2008-04-22 17:13:39 0 d-------- C:\Program Files\Common Files
2008-04-21 16:24:21 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-21 14:22:09 1414 --a------ C:\Documents and Settings\User\Application Data\wklnhst.dat
2008-04-18 08:28:09 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-09 20:29:55 0 d-------- C:\Program Files\Hewlett-Packard
2008-03-18 17:37:45 0 d-------- C:\Program Files\Java
2008-03-18 17:29:32 0 d-------- C:\Program Files\Online Services
2008-03-18 17:16:57 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-18 13:06:31 0 d-------- C:\Documents and Settings\User\Application Data\Malwarebytes
2008-03-18 13:06:18 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-18 10:27:19 0 d-------- C:\Program Files\Trend Micro
2008-03-17 14:42:37 0 d-------- C:\Program Files\DIGStream
2008-03-17 13:28:45 0 d-------- C:\Documents and Settings\User\Application Data\Grisoft
2008-03-16 18:23:57 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-14 19:33:11 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-03-12 17:23:15 0 d-------- C:\Documents and Settings\User\Application Data\LimeWire
2008-02-28 14:37:30 0 d-------- C:\Program Files\Disney
2008-02-26 15:41:58 0 d-------- C:\Program Files\music_now
2008-02-26 15:35:47 0 d-------- C:\Documents and Settings\User\Application Data\SUPERAntiSpyware.com
2008-02-26 15:35:20 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-23 20:20:43 552 --a------ C:\WINDOWS\system32\d3d8caps.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [05/04/2006 01:58 AM]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [06/02/2006 11:02 AM C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [06/17/2006 01:22 AM]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [10/11/2005 01:23 PM]
"Reminder"="C:\Windows\CREATOR\Remind_XP.exe" [02/09/2006 12:52 PM]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" []
"Monitor"="C:\WINDOWS\PixArt\PAC207\Monitor.exe" [11/03/2006 12:01 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [11/11/2005 12:03 AM]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [06/23/2006 05:43 PM]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" []
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [08/11/2005 07:30 PM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [08/11/2005 07:30 PM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [03/23/2006 08:17 AM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [03/23/2006 08:17 AM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [03/23/2006 08:13 AM]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/06/2005 12:56 AM]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [05/08/2007 04:24 PM]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"BluetoothAuthenticationAgent"="bthprops.cpl" [08/04/2004 12:56 AM C:\WINDOWS\system32\bthprops.cpl]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/30/2007 05:43 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [03/04/2008 09:12 PM]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
@=0
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 02:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 02:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ




-- End of Deckard's System Scanner: finished at 2008-04-22 21:49:34 ------------


Extra file is in attachments. Thank you so much. :)

Attached Files


  • 0

Advertisements


#11
Mikey's gal

Mikey's gal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
Hi, just a thought ... my avast resident protection is not working. The avast icon is no longer on the bottom of my screen. Thanks.
  • 0

#12
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Need more information.

1. Launch Notepad, and copy/paste the contents of the quote box below into a new Notepad file. Save it with file name options.txt and save as file type: all files to your desktop.

RegSearch Options File

[Search]
BlueSoleil

[Exclude]

[Options]
Filter=KVDLUI



2. Download Registry Search to your desktop.
  • Right click on the compressed RegSearch folder, and choose "Extract All". In the box that pops open, click "Next", then "Next" again, and then "Finish". You now have another RegSearch folder on your desktop.
  • Open the new folder, and double click on regsearch.exe
  • Click "Import" in the lower left corner and browse to the options.txt file that you just saved on your desktop. Do not choose the one in the RegSearch folder itself.
  • Click OK and Registry Search will scan your registry for the file(s), and a Notepad box will open with a report.
  • Please reply here with the entire contents of the Notepad file from RegSearch.

  • 0

#13
Mikey's gal

Mikey's gal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
Hi there, the place you sent me said the page could not be found. So I looked around for another route to be able to download registry research. It may be the same one you were directing me to.

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0

; Results at 4/23/2008 4:14:28 PM for strings:
; 'bluesoleil'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C704648D-6030-47E9-ADBA-1E13B6A784AE}\InprocServer32]
@="C:\\Program Files\\IVT Corporation\\BlueSoleil\\outlookAddin.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{33F8870F-6C4E-4E8D-ACE0-7F3158EF7442}\1.0\0\win32]
@="C:\\Program Files\\IVT Corporation\\BlueSoleil\\outlookAddin.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{33F8870F-6C4E-4E8D-ACE0-7F3158EF7442}\1.0\HELPDIR]
@="C:\\Program Files\\IVT Corporation\\BlueSoleil\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\IVT Corporation\BlueSoleil]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\BlueSoleil.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\BlueSoleil.exe]
@="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}]
"DisplayName"="BlueSoleil"

; End Of The Log...
  • 0

#14
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Just about.

Please download the enclosed folder. Save and extract its contents to the desktop. It is a batch file. Once extracted doubleclick on the Regquery.bat file and post the report it will produce.
  • 0

#15
Mikey's gal

Mikey's gal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
netsvcs REG_MULTI_SZ 6to4\0AppMgmt\0AudioSrv\0Browser\0CryptSvc\0DMServer\0DHCP\0ERSvc\
0EventSystem\0FastUserSwitchingCompatibility\0HidServ\0Ias\0Iprip\0Irmon\
0LanmanServer\0LanmanWorkstation\0Messenger\0Netman\0Nla\0Ntmssvc\0NWCWorkstation\
0Nwsapagent\0Rasauto\0Rasman\0Remoteaccess\0Schedule\0Seclogon\0SENS\0Sharedaccess\
0SRService\0Tapisrv\0Themes\0TrkWks\0W32Time\0WZCSVC\0Wmi\0WmdmPmSp\0winmgmt\0wscsvc\
0xmlprov\0MHN\0BITS\0wuauserv\0ShellHWDetection\0helpsvc\0WmdmPmSN\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\DComLaunch
CoInitializeSecurityParam REG_DWORD 0x1
DefaultRpcStackSize REG_DWORD 0x8

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\HTTPFilter
CoInitializeSecurityParam REG_DWORD 0x1

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalService
CoInitializeSecurityParam REG_DWORD 0x1
AuthenticationCapabilities REG_DWORD 0x2000

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\netsvcs
CoInitializeSecurityParam REG_DWORD 0x1
AuthenticationCapabilities REG_DWORD 0x3020

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\PCHealth
CoInitializeSecurityParam REG_DWORD 0x2
AuthenticationCapabilities REG_DWORD 0x40

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\termsvcs
CoInitializeSecurityParam REG_DWORD 0x1
DefaultRpcStackSize REG_DWORD 0x8
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP