Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

new to forum [RESOLVED]


  • This topic is locked This topic is locked

#1
gladesrunner

gladesrunner

    New Member

  • Member
  • Pip
  • 3 posts
Hi, I am interested in learning more on ridding my pc of malware. Here is my log. appreciate your time and assistance Thanks Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:02:54 PM, on 5/24/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\WinTV\Ir.exe
C:\Program Files\Belkin\F5D8051v2\Belkinwcui.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=26347
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O4 - Global Startup: Belkin Wireless Networking Utility.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.micr...veX/MSDcode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1210501370026
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 9996 bytes
  • 0

Advertisements


#2
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Welcome to GTG.

What problems are you having? The log is clear....


1. Download combofix at http://www.techsuppo...Bs/ComboFix.exe or http://download.blee...Bs/ComboFix.exe Save it to your Desktop before you run it.
2. Double-click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply.

Note:
Do not click on combofix's window while it's running. That may cause it to stall.
  • 0

#3
gladesrunner

gladesrunner

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Hi,
Appreciate your suggestion. Not having any big problem and figured I would learn more on preventive maintenance. Have a basic understanding of firewalls and antivirus and lavasoft. Here is my combofix log Greyknight, have a look when you get a chance, no huge rush on it. Happy Memorial day. gladesrunner.

ComboFix 08-05-25.3 - HP_Administrator 2008-05-25 22:22:09.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1529 [GMT -4:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Downloaded Program Files\ODCTOOLS
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-04-26 to 2008-05-26 )))))))))))))))))))))))))))))))
.

2008-05-25 13:38 . 2008-05-25 13:38 <DIR> d-------- C:\Program Files\Armor2net
2008-05-25 13:38 . 2003-12-01 23:32 32,896 --a------ C:\WINDOWS\system32\APFTrans.sys
2008-05-24 17:25 . 2008-05-24 17:25 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-24 17:25 . 2008-05-24 22:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-24 16:28 . 2008-05-24 16:28 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Apple Computer
2008-05-24 16:28 . 2008-05-25 22:01 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-24 16:28 . 2008-05-24 16:28 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-24 16:27 . 2008-05-24 16:28 <DIR> d-------- C:\Program Files\iTunes
2008-05-24 16:27 . 2008-05-24 16:27 <DIR> d-------- C:\Program Files\iPod
2008-05-24 16:27 . 2008-05-24 16:27 <DIR> d-------- C:\Program Files\Bonjour
2008-05-24 16:26 . 2008-05-24 16:27 <DIR> d-------- C:\Program Files\QuickTime
2008-05-24 16:26 . 2008-05-24 16:26 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-05-24 16:26 . 2008-05-24 16:26 <DIR> d-------- C:\Program Files\Apple Software Update
2008-05-24 16:26 . 2008-05-24 16:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-24 16:26 . 2008-05-24 16:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-05-24 16:22 . 2008-05-24 16:25 <DIR> d-------- C:\apple itunes download
2008-05-24 14:41 . 2008-05-24 14:42 <DIR> d-------- C:\Program Files\not valid downloads
2008-05-20 22:33 . 2008-05-20 22:33 <DIR> d-------- C:\HP software updates j
2008-05-20 00:17 . 2008-05-20 00:17 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-16 22:22 . 2008-05-16 22:22 <DIR> d-------- C:\WINDOWS\system32\en
2008-05-16 22:22 . 2008-05-16 22:22 <DIR> d-------- C:\WINDOWS\system32\bits
2008-05-16 22:08 . 2008-04-13 20:12 69,120 --------- C:\WINDOWS\system32\wlanapi.dll
2008-05-16 22:06 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
2008-05-14 19:48 . 2008-05-14 19:49 <DIR> d-------- C:\hijack this
2008-05-14 19:47 . 2008-05-14 19:47 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-13 22:50 . 2008-05-13 22:50 <DIR> d-------- C:\Program Files\MSBuild
2008-05-13 22:50 . 2008-05-19 16:55 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-05-13 22:47 . 2008-05-13 23:55 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-05-13 22:45 . 2008-05-13 22:45 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-05-13 22:44 . 2008-05-13 22:44 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-05-13 22:44 . 2008-05-13 22:44 <DIR> d-------- C:\f064eb4c1e7a50e970
2008-05-13 22:44 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-05-13 22:37 . 2008-04-13 20:12 290,304 --------- C:\WINDOWS\system32\rhttpaa.dll
2008-05-13 22:37 . 2008-04-13 20:11 136,192 --------- C:\WINDOWS\system32\aaclient.dll
2008-05-13 22:37 . 2008-04-13 20:12 53,248 --------- C:\WINDOWS\system32\tsgqec.dll
2008-05-13 17:00 . 2008-05-13 17:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\RoboForm
2008-05-13 16:58 . 2008-05-13 16:58 <DIR> d-------- C:\Program Files\Siber Systems
2008-05-13 02:13 . 2008-05-13 02:13 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\InstallShield
2008-05-13 01:55 . 2008-05-13 01:55 <DIR> d-------- C:\WINDOWS\Performance
2008-05-13 01:53 . 2008-05-13 01:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2008-05-13 01:52 . 2008-05-13 01:52 <DIR> d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2008-05-12 23:54 . 2004-02-06 14:16 204,800 --a------ C:\WINDOWS\system32\Mdcustoms.ocx
2008-05-12 23:54 . 2006-02-14 13:11 118,784 --a------ C:\WINDOWS\system32\HCWSched.ocx
2008-05-12 23:54 . 1998-06-25 23:00 89,600 --a------ C:\WINDOWS\system32\MSCAL.OCX
2008-05-12 23:54 . 2004-09-23 01:06 73,792 --a------ C:\WINDOWS\system32\CHSUITE.OCX
2008-05-12 23:54 . 2006-01-25 16:38 69,632 --a------ C:\WINDOWS\system32\3DES.dll
2008-05-12 23:54 . 2002-12-27 12:33 65,536 --a------ C:\WINDOWS\system32\dmcrypto.dll
2008-05-12 23:54 . 2001-01-12 11:02 53,248 --a------ C:\WINDOWS\system32\MDCustomPanels.ocx
2008-05-12 23:54 . 2006-01-25 16:49 40,960 --a------ C:\WINDOWS\system32\HcwTvTvOCX.ocx
2008-05-12 23:54 . 2006-02-10 12:59 30,439 --a------ C:\WINDOWS\Irremote.ini
2008-05-12 23:54 . 2006-02-16 17:47 28,672 --a------ C:\WINDOWS\system32\hcwsched.dll
2008-05-12 23:52 . 2008-05-13 00:37 <DIR> d-------- C:\Program Files\WinTV
2008-05-12 23:52 . 2008-05-12 23:52 <DIR> d-------- C:\Program Files\Common Files\IviSDK
2008-05-12 23:51 . 2008-05-12 23:51 <DIR> d-------- C:\DECCHECK
2008-05-12 23:51 . 2008-04-13 14:46 85,248 --a------ C:\WINDOWS\system32\drivers\nabtsfec.sys
2008-05-12 23:51 . 2008-04-13 14:46 19,200 --a------ C:\WINDOWS\system32\drivers\wstcodec.sys
2008-05-12 23:51 . 2008-04-13 14:46 17,024 --a------ C:\WINDOWS\system32\drivers\ccdecode.sys
2008-05-12 23:51 . 2008-04-13 20:12 16,384 --a------ C:\WINDOWS\system32\ipsink.ax
2008-05-12 23:51 . 2008-04-13 14:46 15,232 --a------ C:\WINDOWS\system32\drivers\streamip.sys
2008-05-12 23:51 . 2008-04-13 14:46 11,136 --a------ C:\WINDOWS\system32\drivers\slip.sys
2008-05-12 23:51 . 2008-04-13 14:46 10,880 --a------ C:\WINDOWS\system32\drivers\ndisip.sys
2008-05-12 23:51 . 2008-04-13 14:39 5,504 --a------ C:\WINDOWS\system32\drivers\mstee.sys
2008-05-12 23:49 . 2008-05-12 23:52 3,116 --a------ C:\WINDOWS\HCWPNP.INI
2008-05-12 22:53 . 2008-05-12 22:53 <DIR> d-------- C:\WINDOWS\Sun
2008-05-12 22:41 . 2008-05-12 22:41 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\OpenOffice.org2
2008-05-12 22:37 . 2008-05-25 14:15 <DIR> d-------- C:\ppp
2008-05-12 16:41 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-12 16:41 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-12 00:18 . 2008-05-12 00:18 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-05-12 00:16 . 2008-05-12 00:16 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-05-12 00:16 . 2008-05-12 00:17 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-05-11 23:54 . 2008-05-11 23:54 <DIR> d-------- C:\Program Files\OpenOffice.org 2.4
2008-05-11 23:09 . 2008-05-11 23:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-05-11 23:09 . 2005-10-21 19:58 49,920 --a------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-05-11 23:09 . 2005-10-21 19:58 16,496 --a------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-05-11 23:06 . 2008-04-13 14:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-05-11 23:06 . 2005-10-21 19:52 21,568 --a------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-05-11 23:05 . 2008-05-16 22:38 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-05-11 23:05 . 2006-12-06 01:50 892,928 -ra------ C:\WINDOWS\system32\hpotiop4.dll
2008-05-11 23:05 . 2006-12-06 01:50 675,840 -ra------ C:\WINDOWS\system32\hpowiax4.dll
2008-05-11 23:05 . 2006-12-06 02:02 364,544 -ra------ C:\WINDOWS\system32\hppldcoi.dll
2008-05-11 23:05 . 2006-12-06 02:02 309,760 -ra------ C:\WINDOWS\system32\difxapi.dll
2008-05-11 23:05 . 2006-12-06 01:50 294,912 -ra------ C:\WINDOWS\system32\hpovst11.dll
2008-05-11 23:05 . 2008-04-13 14:45 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-05-11 23:03 . 2008-04-13 14:45 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-05-11 23:03 . 2008-04-13 14:45 10,368 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-05-11 18:37 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-11 18:30 . 2008-05-24 22:37 <DIR> d-------- C:\firefox downloads
2008-05-11 18:28 . 2008-05-25 22:16 <DIR> d-------- C:\Program Files\Mozilla Firefox 3 Beta 5
2008-05-11 18:25 . 2008-05-11 18:26 <DIR> d-------- C:\browsers
2008-05-11 15:45 . 2008-03-01 09:06 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-11 15:45 . 2007-04-17 05:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-11 15:45 . 2007-03-08 01:10 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-11 15:45 . 2008-03-01 09:06 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-11 15:45 . 2008-03-01 09:06 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-11 15:45 . 2008-03-01 09:06 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-11 15:45 . 2008-03-01 09:06 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-11 15:45 . 2008-03-01 09:06 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-11 15:45 . 2008-02-22 06:00 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-11 15:40 . 2008-05-25 14:24 121 --a------ C:\WINDOWS\bdagent.INI
2008-05-11 15:28 . 2008-05-11 15:28 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Bitdefender
2008-05-11 15:27 . 2008-05-11 15:27 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-05-11 15:27 . 2008-05-11 15:27 <DIR> d-------- C:\Program Files\BitDefender
2008-05-11 15:27 . 2008-05-11 15:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-05-11 14:57 . 2008-05-20 00:22 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-05-11 14:57 . 2008-05-11 14:57 354,560 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-05-11 14:57 . 2008-04-04 14:51 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-05-11 14:56 . 2008-05-24 17:24 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-11 14:42 . 2008-05-11 14:42 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\TuneUp Software
2008-05-11 14:42 . 2008-05-11 14:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-05-11 13:04 . 2008-05-11 13:04 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-05-11 12:54 . 2008-05-11 12:54 227 --a------ C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
2008-05-11 12:53 . 2008-05-11 12:53 214 --a------ C:\WINDOWS\HP_48BitScanUpdatePatch.ini
2008-05-11 12:49 . 2008-05-11 12:49 <DIR> d-------- C:\SystemRoot
2008-05-11 12:48 . 2008-05-11 12:48 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\WinBatch
2008-05-11 12:46 . 2008-05-19 16:55 <DIR> d-------- C:\temp
2008-05-11 12:45 . 2008-05-11 12:45 214 --a------ C:\WINDOWS\HP_InstantSHareJPG.ini
2008-05-11 12:44 . 2008-05-11 12:44 221 --a------ C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
2008-05-11 12:20 . 2006-08-30 01:52 491,648 --a------ C:\WINDOWS\system32\Mrvw243.sys
2008-05-11 12:20 . 2006-08-30 01:52 476,416 --a------ C:\WINDOWS\system32\Mrvw245.sys
2008-05-11 12:20 . 2006-09-07 06:08 18,493 --a------ C:\WINDOWS\system32\netmw245.inf
2008-05-11 12:20 . 2006-09-13 22:57 8,573 --a------ C:\WINDOWS\system32\mrvw245.cat
2008-05-11 12:19 . 2006-03-20 23:23 23,040 --------- C:\WINDOWS\kb913800.exe
2008-05-11 12:18 . 2008-05-20 00:21 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\AdobeUM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-25 17:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-12 03:53 --------- d-----w C:\Program Files\Java
2008-05-11 16:56 --------- d-----w C:\Program Files\HP
2008-05-11 16:56 --------- d-----w C:\Program Files\Hewlett-Packard
2008-05-11 16:44 139,264 ----a-w C:\WINDOWS\system32\hpzjrd01.dll
2008-05-11 06:56 --------- d-----w C:\Program Files\GemMaster
2008-05-11 06:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-11 04:02 61,440 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2008-05-11 04:02 45,056 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2008-05-11 04:02 44,032 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2008-05-11 04:02 40,960 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2008-05-11 04:02 341,048 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection3.dll
2008-05-11 04:02 32,768 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2008-05-11 04:02 32,768 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2008-05-11 04:02 163,840 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2008-04-14 09:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 09:42 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 09:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 00:13 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 00:13 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:13 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\dllcache\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:24 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:18 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:15 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 18:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 18:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 18:53 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 18:53 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-13 18:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-13 18:51 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
2008-04-13 18:51 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
2008-04-13 18:51 101,120 ------w C:\WINDOWS\system32\drivers\bthpan.sys
2008-04-13 18:46 61,696 ----a-w C:\WINDOWS\system32\drivers\ohci1394.sys
2008-04-13 18:46 59,136 ------w C:\WINDOWS\system32\drivers\rfcomm.sys
2008-04-13 18:46 53,376 ----a-w C:\WINDOWS\system32\drivers\1394bus.sys
2008-04-13 18:46 37,888 ------w C:\WINDOWS\system32\drivers\bthmodem.sys
2008-04-13 18:46 36,480 ------w C:\WINDOWS\system32\drivers\bthprint.sys
2008-04-13 18:46 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-13 18:46 25,600 ------w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-13 18:46 25,344 ----a-w C:\WINDOWS\system32\drivers\sonydcam.sys
2008-04-13 18:46 18,944 ------w C:\WINDOWS\system32\drivers\bthusb.sys
2008-04-13 18:46 17,024 ------w C:\WINDOWS\system32\drivers\bthenum.sys
2008-04-13 18:46 121,984 ------w C:\WINDOWS\system32\drivers\usbvideo.sys
2008-04-13 18:44 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys
2008-04-13 18:44 799,744 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-05-13 22:18 160592]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 13:41 1605740]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44 61440]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 15:46 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-02-16 17:45 360448]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 03:50 221184]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"Armor2net"="C:\Program Files\Armor2net\Armor2net Personal Firewall\Armor2net.exe" [2004-05-30 13:08 991309]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
AutoStart IR.lnk - C:\Program Files\WinTV\Ir.exe [2008-05-12 23:54:43 106551]
Belkin Wireless Networking Utility.lnk - C:\Program Files\Belkin\F5D8051v2\Belkinwcui.exe [2008-05-11 12:20:08 1576960]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 10:23:26 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AlwaysReady Power Message APP"=ARPWRMSG.EXE
"DISCover"=C:\Program Files\DISC\DISCover.exe
"DiscUpdateManager"=C:\Program Files\DISC\DiscUpdateMgr.exe
"HPHUPD08"=c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"ehTray"=C:\WINDOWS\ehome\ehtray.exe
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\DISC\\DISCover.exe"=
"C:\\Program Files\\DISC\\myFTP.exe"=
"C:\\Program Files\\DISC\\DiscStreamHub.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R0 APFTrans;Armor2net Filter;C:\WINDOWS\system32\APFTrans.sys [2003-12-01 23:32]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-13 20:12]
R3 iComp;Hauppauge WinTV PVR2 USB2 Encoder;C:\WINDOWS\system32\DRIVERS\HCWUSB2.sys [2006-01-23 17:46]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-11 14:57]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-26 02:00:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
"2008-05-24 20:26:38 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-11 06:27:15 C:\WINDOWS\Tasks\Warranty Reminder 11 Months.job"
- c:\hp\bin\cloaker.exe>c:\\windows\\system32\\pcintro\\reminder\\Warranty\months.ba
- c:\hp\bin
"2008-05-11 06:27:15 C:\WINDOWS\Tasks\Warranty Reminder 15 Days.job"
- c:\hp\bin\cloaker.exe<c:\\windows\\system32\\pcintro\\reminder\\Warranty\days.ba
- c:\hp\bin
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-25 22:23:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Armor2net\Armor2net Personal Firewall\NETDOG.DLL
.
Completion time: 2008-05-25 22:24:28
ComboFix-quarantined-files.txt 2008-05-26 02:24:25

Pre-Run: 226,046,459,904 bytes free
Post-Run: 226,034,728,960 bytes free

344 --- E O F --- 2008-05-19 20:55:43
  • 0

#4
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
If you want to learn more about security, you might want to join GeekU and get training on how to remove malware.

Your log is clean.

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If none, you should be set to go.
  • 0

#5
gladesrunner

gladesrunner

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
This is a good forum, glad I was welcomed as a member. This was my first choice of sites from the list provided by hijack this and Ive already seen positive results. Think I'll stick. Its good to know my computer is ok and that I have some resource to solve problems when they arise. I will also keep an eye out to help someone else with an issue I have dealt with. Ive learned I recieve good when I give a little back. Thanks...
  • 0

#6
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
No problem. Glad we have helped out.

Just one last thing, to remove Combofix, go to Start->Run, copy/paste in combofix /u and hit OK.
  • 0

#7
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP