|
|
speedygonzo
new user
Reg'd: Sat
Posts: 18
|
|
Hello. In the past few days my computer has really started screwing up on me, and I am not knowledgeable enough with them to try and fix it myself. It is a half year old laptop with Windows Vista, and it has started to freeze and take an extremely long time to login. Any help would be appreciated. Thank you in advance.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:04:35 PM, on 4/6/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3...n&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: APSHook.dll
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 10677 bytes
|
|
Joe_London
HijackThis Helper
Reg'd: Tue
Posts: 10451
Loc: London
|
|
Please download ComboFix from either of these two locations
BleepingComputer
GeeksToGo
And save it to your Desktop.
* Double click combofix.exe & follow the prompts.
* When finished, it shall produce a log for you at C:\ComboFix.txt.
Post that log in your next reply
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Post back with the log from ComboFix and a new HJT log please.
Full Instructions
Joe.
--------------------
If I have helped you in any way, please consider a donation:
Joe's WebSite.
Member of UNITE and ASAP.
|
speedygonzo
new user
Reg'd: Sat
Posts: 18
|
|
Hi there and sorry for the delay in getting back to you with my ComboFix and HJT log, there were some more pressing issues at hand than the well-being of my computer.
ComboFix log
ComboFix 08-04-11.1 - Tom 2008-04-11 15:09:57.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1180 [GMT -4:00]
Running from: C:\Users\Tom\Desktop\ComboFix.exe
* Created a new restore point
.
TimedOut: Windir.dat
((((((((((((((((((((((((( Files Created from 2008-03-11 to 2008-04-11 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-11 19:06 --------- d-----w C:\Users\Tom\AppData\Roaming\AVG7
2008-04-11 18:26 --------- d-----w C:\Users\Tom\AppData\Roaming\.purple
2008-04-11 18:25 --------- d-----w C:\Users\Tom\AppData\Roaming\SiteAdvisor
2008-04-09 07:09 --------- d-----w C:\Program Files\Windows Mail
2008-04-09 07:03 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-08 03:00 --------- d-----w C:\Users\Tom\AppData\Roaming\uTorrent
2008-04-08 01:40 --------- d-----w C:\Program Files\Winamp
2008-04-08 01:39 --------- d-----w C:\Users\Tom\AppData\Roaming\Winamp
2008-04-06 23:28 --------- d-----w C:\Users\Tom\AppData\Roaming\Ventrilo
2008-04-06 23:28 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-04-06 23:28 --------- d-----w C:\ProgramData\avg7
2008-04-06 23:28 --------- d-----w C:\Program Files\uTorrent
2008-04-06 23:28 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-06 23:28 --------- d-----w C:\Program Files\CCleaner
2008-04-06 20:04 --------- d-----w C:\Program Files\Trend Micro
2008-04-06 19:48 --------- d-----w C:\Program Files\Trillian
2008-04-06 19:48 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-06 05:38 --------- d-----w C:\ProgramData\Lavasoft
2008-03-15 04:56 --------- d-----w C:\Program Files\Java
2008-03-13 12:42 53,768 ----a-w C:\Windows\system32\drivers\avgwfp.sys
2008-03-08 21:00 --------- d-----w C:\Program Files\Pidgin
2008-03-08 21:00 --------- d-----w C:\Program Files\Aspell
2008-03-08 20:59 --------- d-----w C:\Program Files\Common Files\GTK
2008-03-04 01:41 --------- d-----w C:\Program Files\iTunes
2008-03-04 01:40 --------- d-----w C:\ProgramData\Apple Computer
2008-03-04 01:40 --------- d-----w C:\Program Files\QuickTime
2008-03-04 01:40 --------- d-----w C:\Program Files\iPod
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll
2008-02-14 23:19 944,184 ----a-w C:\Windows\System32\winload.exe
2008-02-13 08:04 905,400 ----a-w C:\Windows\System32\winresume.exe
2008-02-13 08:04 595,456 ----a-w C:\Windows\System32\schedsvc.dll
2008-02-13 08:04 39,424 ----a-w C:\Windows\System32\lodctr.exe
2008-02-13 08:04 32,256 ----a-w C:\Windows\System32\unlodctr.exe
2008-02-13 08:04 23,552 ----a-w C:\Windows\System32\nshhttp.dll
2008-02-13 08:04 17,408 ----a-w C:\Windows\System32\prflbmsg.dll
2008-02-13 08:04 115,200 ----a-w C:\Windows\System32\loadperf.dll
2008-01-29 23:04 127,034 ------r C:\Windows\bwUnin-8.1.1.50-8876480SL.exe
2008-01-06 00:53 27,145 ----a-w C:\Users\Tom\AppData\Roaming\nvModes.dat
2007-12-08 08:21 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 00:57 1232896]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 17:46 1460560]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 08:35 125440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-12-08 04:08 1006264]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 23:36 827392]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 13:50 4390912 C:\Windows\RtHDVCpl.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 10:37 174872]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-04-23 21:11 176128]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 14:38 159744]
"HP Health Check Scheduler"="[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [ ]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 16:18 472776]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 19:12 317128]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 02:11 49152]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-05-01 06:27 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-05-01 06:27 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-05-01 06:27 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"CognizanceTS"="c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 14:12 17920]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 05:45 222208]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-16 23:34 634880]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-20 17:05 579072]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 16:32 56080 C:\Windows\KHALMNPR.Exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-06 05:10 219136]
C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 23:24:54 98632]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-12-20 13:27:40 719664]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-01-29 19:04:11 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-01-29 19:02:40 692224]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2007-12-06 05:10 9216 C:\Windows\System32\avgwlntf.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
--a------ 2007-03-20 18:23 1773568 C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{13E7CAB1-8C19-46A4-8595-B519D0CCDAB9}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{58D260C0-3DF1-49E3-A75A-B3D8384FD89D}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A4759974-8F61-4213-B530-BE06C687D6F6}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{DC7859B0-CBAE-415B-A667-911548BF0F66}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{695E2909-8796-448A-93BE-AAED4C4094EE}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{120F2C11-3921-434A-BD3D-D023521DCA49}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{488EC094-12C2-4B43-A465-813BB1505EBB}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{149FD8B6-BC4D-447F-BB19-ED54C80B2A55}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{B47B33C5-6E81-4165-973D-7D51BD8A525D}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{E136D845-C595-4FF9-B1E6-D32C93061D58}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"TCP Query User{42715349-62CE-4470-B565-31E3EFF36650}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{F626A5FA-82CE-4F08-A706-81A7C6B77990}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{D6C0B8A6-7CCA-43D2-98CA-DCDAA85CF4A9}C:\\program files\\hp\\hp software update\\hpwucli.exe"= UDP:C:\program files\hp\hp software update\hpwucli.exe:HP Software Update Client
"UDP Query User{48D01C7B-005D-4771-A0D0-E99426CEBCD9}C:\\program files\\hp\\hp software update\\hpwucli.exe"= TCP:C:\program files\hp\hp software update\hpwucli.exe:HP Software Update Client
"{8F1A9012-AEDF-4931-B505-A15C4F5CDDAA}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{31BBEDCA-9D7B-4CBA-8380-55E4B055E831}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{3FD0F1B7-23B5-4008-8483-D9608CA2AD45}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{13D85435-BE4F-48B4-AF43-005A9BFAA3A8}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"TCP Query User{E4642D31-3709-4E38-887E-276BF1BF467D}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= UDP:C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
"UDP Query User{F4EBA399-71B2-44E2-B5F7-FF9AE1A65B3E}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= TCP:C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
"TCP Query User{FB320A2A-BC19-4C1D-9C72-6A6381A3CA75}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{249733AA-3204-4E7B-ADC0-682E50CE77CD}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{48FDCF8A-2B49-4927-967D-78048EEAAB78}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{07F638CE-41B5-435D-8A52-74D1B207DCC0}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{0693BF28-EB5D-4CDE-AB87-92BEF444031A}C:\\windows\\system32\\mstsc.exe"= UDP:C:\windows\system32\mstsc.exe:Remote Desktop Connection
"UDP Query User{E06B761E-5FC7-4068-94B3-883E864FF6A7}C:\\windows\\system32\\mstsc.exe"= TCP:C:\windows\system32\mstsc.exe:Remote Desktop Connection
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
R2 ASBroker;Logon Session Broker;C:\Windows\System32\svchost.exe [2006-11-02 05:45]
R2 ASChannel;Local Communication Channel;C:\Windows\System32\svchost.exe [2006-11-02 05:45]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2007-08-31 17:46]
R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-03-13 08:42]
R3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2007-01-02 06:45]
R3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-01-02 06:45]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-01-02 06:45]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 03:30]
S3 UMPass;Microsoft UMPass Driver;C:\Windows\system32\DRIVERS\umpass.sys [2006-11-02 04:55]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
GPSvcGroup REG_MULTI_SZ GPSvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d621b5f-a3da-11dc-b44e-001e37670f88}]
\shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
"2008-04-11 04:21:05 C:\Windows\Tasks\User_Feed_Synchronization-{7664D63B-9080-4F7B-A555-CA1DD586C6BA}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-11 15:20:18
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Bioscrypt\VeriSoft\Bin\asghost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-04-11 15:22:59 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-11 19:22:52
The system cannot find message text for message number 0x2379 in the message file for Application.
The system cannot find message text for message number 0x2379 in the message file for Application.
.
2008-04-11 18:00:57 --- E O F ---
HJT log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:04:35 PM, on 4/6/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3...n&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: APSHook.dll
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 10677 bytes
Also, I believe an error came up during the HJT scan, however I accidently pressed a key before I could read it. Once again I apologize for taking so long to reply, since I'm sure you put plenty of time and effort into helping everyone on here.
|
Joe_London
HijackThis Helper
Reg'd: Tue
Posts: 10451
Loc: London
|
|
Hi speedygonzo,
Quote:
sorry for the delay in getting back to you with my ComboFix and HJT log
Does this mean you have to change your name, lol. Just joking its OK.
I've looked through your logs and can't see anything untoward there at all so far. One thing I did notice however is that you appear to be running in selective mode and consequently all the programmes on the computer cannot be seen.
Please follow the instructions here:
http://www.netsquirrel.com/msconfig/msconfig_vista.html
Once you have it opened click on the 'Startup Tab' and make sure there is a checkmark beside each entry.
Also check the 'General Tab' has the "normal startup" option checked. REBOOT when asked to by Windows to complete the change.
Then post a new HJT log.
Joe.
--------------------
If I have helped you in any way, please consider a donation:
Joe's WebSite.
Member of UNITE and ASAP.
|
speedygonzo
new user
Reg'd: Sat
Posts: 18
|
|
Hello again. Thanks for being patient with me. The only programs I had turned off upon startup were iTunes, Quicktime, and an HP program that annoyed me. However I did turn them off and ran HJT again as you asked. Thanks again for the help. Also, it seems that after ComboFix ran, my computer started up like it normally would, with no problems whatsoever. I'm not sure what it did, if anything, but right now the problem seems to be solved.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:15:35 PM, on 4/13/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Grisoft\AVG7\avgw.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3...n&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: APSHook.dll
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 10489 bytes
|
Joe_London
HijackThis Helper
Reg'd: Tue
Posts: 10451
Loc: London
|
|
Hi speedygonzo,
Pleased its sorted.
Combofix usually resets everything and so has fixed the problem.
Please delete this via Windows Explorer.
Open Windows Explorer, Locate and delete the following item(s), if present. Make sure you're able to view system and hidden files/ folders:
files...
C:\Windows\bwUnin-8.1.1.50-8876480SL.exe
-
Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them from "Safe Mode".
Reboot the Computer.
Post back and let me know how you got on and then I'll give you the instructions on how to remove Combofix..
Joe.
--------------------
If I have helped you in any way, please consider a donation:
Joe's WebSite.
Member of UNITE and ASAP.
|
speedygonzo
new user
Reg'd: Sat
Posts: 18
|
|
I found the file you asked for and rebooted. Unfortunately, the logon time was once again slow, and it flashed to an all white screen for about 10 seconds before showing the desktop, like it did before ComboFix ran.
|
Joe_London
HijackThis Helper
Reg'd: Tue
Posts: 10451
Loc: London
|
|
When you say logon do you mean logon to the Internet or boot up at startup? Please run Combofix again and post a new log.
Joe.
--------------------
If I have helped you in any way, please consider a donation:
Joe's WebSite.
Member of UNITE and ASAP.
|
speedygonzo
new user
Reg'd: Sat
Posts: 18
|
|
I'm sorry if I didn't clarify before, but it's the boot up at startup that is taking a very long time. Sorry for the delay again but my internet hasn't been functioning for a day or so. Here's my newest ComboFix log.
ComboFix 08-04-11.1 - Tom 2008-04-16 18:09:15.2 - NTFSx86
Running from: C:\Users\Tom\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2008-03-16 to 2008-04-16 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-16 22:07 --------- d-----w C:\Users\Tom\AppData\Roaming\AVG7
2008-04-16 21:41 --------- d-----w C:\Users\Tom\AppData\Roaming\.purple
2008-04-16 17:27 --------- d-----w C:\Users\Tom\AppData\Roaming\SiteAdvisor
2008-04-09 07:09 --------- d-----w C:\Program Files\Windows Mail
2008-04-09 07:03 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-08 03:00 --------- d-----w C:\Users\Tom\AppData\Roaming\uTorrent
2008-04-08 01:40 --------- d-----w C:\Program Files\Winamp
2008-04-08 01:39 --------- d-----w C:\Users\Tom\AppData\Roaming\Winamp
2008-04-06 23:28 --------- d-----w C:\Users\Tom\AppData\Roaming\Ventrilo
2008-04-06 23:28 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-04-06 23:28 --------- d-----w C:\ProgramData\avg7
2008-04-06 23:28 --------- d-----w C:\Program Files\uTorrent
2008-04-06 23:28 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-06 23:28 --------- d-----w C:\Program Files\CCleaner
2008-04-06 20:04 --------- d-----w C:\Program Files\Trend Micro
2008-04-06 19:48 --------- d-----w C:\Program Files\Trillian
2008-04-06 19:48 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-06 05:38 --------- d-----w C:\ProgramData\Lavasoft
2008-03-15 04:56 --------- d-----w C:\Program Files\Java
2008-03-13 12:42 53,768 ----a-w C:\Windows\system32\drivers\avgwfp.sys
2008-03-08 21:00 --------- d-----w C:\Program Files\Pidgin
2008-03-08 21:00 --------- d-----w C:\Program Files\Aspell
2008-03-08 20:59 --------- d-----w C:\Program Files\Common Files\GTK
2008-03-04 01:41 --------- d-----w C:\Program Files\iTunes
2008-03-04 01:40 --------- d-----w C:\ProgramData\Apple Computer
2008-03-04 01:40 --------- d-----w C:\Program Files\QuickTime
2008-03-04 01:40 --------- d-----w C:\Program Files\iPod
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll
2008-02-14 23:19 944,184 ----a-w C:\Windows\System32\winload.exe
2008-02-13 08:05 613,888 ----a-w C:\Windows\System32\wpd_ci.dll
2008-02-13 08:05 558,080 ----a-w C:\Windows\System32\oleaut32.dll
2008-02-13 08:05 35,328 ----a-w C:\Windows\System32\dispci.dll
2008-02-13 08:05 260,096 ----a-w C:\Windows\System32\dpx.dll
2008-02-13 08:05 224,824 ----a-w C:\Windows\System32\clfs.sys
2008-02-13 08:05 221,696 ----a-w C:\Windows\System32\umpnpmgr.dll
2008-02-13 08:05 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-13 08:05 19,456 ----a-w C:\Windows\System32\cfgmgr32.dll
2008-02-13 08:05 12,800 ----a-w C:\Windows\System32\batt.dll
2008-02-13 08:05 101,888 ----a-w C:\Windows\System32\drvinst.exe
2008-02-13 08:05 1,585,664 ----a-w C:\Windows\System32\setupapi.dll
2008-02-13 08:04 905,400 ----a-w C:\Windows\System32\winresume.exe
2008-02-13 08:04 595,456 ----a-w C:\Windows\System32\schedsvc.dll
2008-02-13 08:04 39,424 ----a-w C:\Windows\System32\lodctr.exe
2008-02-13 08:04 32,256 ----a-w C:\Windows\System32\unlodctr.exe
2008-02-13 08:04 23,552 ----a-w C:\Windows\System32\nshhttp.dll
2008-02-13 08:04 17,408 ----a-w C:\Windows\System32\prflbmsg.dll
2008-02-13 08:04 115,200 ----a-w C:\Windows\System32\loadperf.dll
2008-02-13 08:03 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-13 08:03 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 08:03 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-13 08:03 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-13 08:03 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-13 08:03 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-13 08:03 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-13 08:03 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-13 08:03 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-13 08:03 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-13 08:03 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-01-06 00:53 27,145 ----a-w C:\Users\Tom\AppData\Roaming\nvModes.dat
2007-12-08 08:21 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((( snapshot@2008-04-11_15.22.27.93 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-11 19:18:47 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-04-16 22:06:01 67,584 --s-a-w C:\Windows\bootstat.dat
- 2007-12-06 09:04:24 172,968 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2008-04-16 21:42:12 172,968 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2008-04-11 19:20:09 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
+ 2008-04-16 22:07:45 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
- 2008-04-11 19:19:55 786,432 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-04-16 22:08:20 786,432 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
- 2008-04-11 19:20:09 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
+ 2008-04-16 22:07:20 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
- 2008-04-11 19:19:55 786,432 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-04-16 22:08:15 786,432 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
- 2008-04-11 19:13:24 104,024 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-04-13 20:47:27 104,024 ----a-w C:\Windows\System32\perfc009.dat
- 2008-04-11 19:13:24 618,648 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-04-13 20:47:27 618,648 ----a-w C:\Windows\System32\perfh009.dat
- 2008-04-11 19:07:22 4,220 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3909711029-806886337-32125860-1000_UserData.bin
+ 2008-04-16 22:08:40 4,402 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3909711029-806886337-32125860-1000_UserData.bin
- 2008-04-11 19:07:22 61,464 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-04-16 22:08:40 61,900 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-04-11 19:07:20 34,914 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-04-16 22:08:39 35,258 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 00:57 1232896]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 17:46 1460560]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 08:35 125440]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-03-20 18:23 1773568]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-12-08 04:08 1006264]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 23:36 827392]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 13:50 4390912 C:\Windows\RtHDVCpl.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 10:37 174872]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-04-23 21:11 176128]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 14:38 159744]
"HP Health Check Scheduler"="[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [ ]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 16:18 472776]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 19:12 317128]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 02:11 49152]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-05-01 06:27 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-05-01 06:27 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-05-01 06:27 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"CognizanceTS"="c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 14:12 17920]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-16 23:34 634880]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 11:11 579584]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 16:32 56080 C:\Windows\KHALMNPR.Exe]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-06 05:10 219136]
C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 23:24:54 98632]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-12-20 13:27:40 719664]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-01-29 19:04:11 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-01-29 19:02:40 692224]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2007-12-06 05:10 9216 C:\Windows\System32\avgwlntf.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{13E7CAB1-8C19-46A4-8595-B519D0CCDAB9}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{58D260C0-3DF1-49E3-A75A-B3D8384FD89D}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A4759974-8F61-4213-B530-BE06C687D6F6}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{DC7859B0-CBAE-415B-A667-911548BF0F66}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{695E2909-8796-448A-93BE-AAED4C4094EE}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{120F2C11-3921-434A-BD3D-D023521DCA49}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{488EC094-12C2-4B43-A465-813BB1505EBB}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{149FD8B6-BC4D-447F-BB19-ED54C80B2A55}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{B47B33C5-6E81-4165-973D-7D51BD8A525D}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{E136D845-C595-4FF9-B1E6-D32C93061D58}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"TCP Query User{42715349-62CE-4470-B565-31E3EFF36650}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{F626A5FA-82CE-4F08-A706-81A7C6B77990}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{D6C0B8A6-7CCA-43D2-98CA-DCDAA85CF4A9}C:\\program files\\hp\\hp software update\\hpwucli.exe"= UDP:C:\program files\hp\hp software update\hpwucli.exe:HP Software Update Client
"UDP Query User{48D01C7B-005D-4771-A0D0-E99426CEBCD9}C:\\program files\\hp\\hp software update\\hpwucli.exe"= TCP:C:\program files\hp\hp software update\hpwucli.exe:HP Software Update Client
"{8F1A9012-AEDF-4931-B505-A15C4F5CDDAA}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{31BBEDCA-9D7B-4CBA-8380-55E4B055E831}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{3FD0F1B7-23B5-4008-8483-D9608CA2AD45}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{13D85435-BE4F-48B4-AF43-005A9BFAA3A8}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"TCP Query User{E4642D31-3709-4E38-887E-276BF1BF467D}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= UDP:C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
"UDP Query User{F4EBA399-71B2-44E2-B5F7-FF9AE1A65B3E}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= TCP:C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
"TCP Query User{FB320A2A-BC19-4C1D-9C72-6A6381A3CA75}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{249733AA-3204-4E7B-ADC0-682E50CE77CD}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{48FDCF8A-2B49-4927-967D-78048EEAAB78}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{07F638CE-41B5-435D-8A52-74D1B207DCC0}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{0693BF28-EB5D-4CDE-AB87-92BEF444031A}C:\\windows\\system32\\mstsc.exe"= UDP:C:\windows\system32\mstsc.exe:Remote Desktop Connection
"UDP Query User{E06B761E-5FC7-4068-94B3-883E864FF6A7}C:\\windows\\system32\\mstsc.exe"= TCP:C:\windows\system32\mstsc.exe:Remote Desktop Connection
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
R2 ASBroker;Logon Session Broker;C:\Windows\System32\svchost.exe [2006-11-02 05:45]
R2 ASChannel;Local Communication Channel;C:\Windows\System32\svchost.exe [2006-11-02 05:45]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2007-08-31 17:46]
R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-03-13 08:42]
R3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2007-01-02 06:45]
R3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-01-02 06:45]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-01-02 06:45]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 03:30]
S3 UMPass;Microsoft UMPass Driver;C:\Windows\system32\DRIVERS\umpass.sys [2006-11-02 04:55]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
GPSvcGroup REG_MULTI_SZ GPSvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d621b5f-a3da-11dc-b44e-001e37670f88}]
\shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
"2008-04-16 18:23:09 C:\Windows\Tasks\User_Feed_Synchronization-{7664D63B-9080-4F7B-A555-CA1DD586C6BA}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-16 18:13:08
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-16 18:13:52
ComboFix-quarantined-files.txt 2008-04-16 22:13:46
The system cannot find message text for message number 0x2379 in the message file for Application.
The system cannot find message text for message number 0x2379 in the message file for Application.
.
2008-04-11 18:00:57 --- E O F ---
|
Joe_London
HijackThis Helper
Reg'd: Tue
Posts: 10451
Loc: London
|
|
Can't see anything untoward there, Can you post your computers full Speck?
I ask because you have a lot of programmes running and it will take some time to load them all
I notice you have Windows Defender and Spybot running. They more or less do the same thing so I suggest chosing which one you want and disable the other one but keep it available on your hard drive.
Logitech Desktop Messenger tends to be a resource hog so you can disable it and Logitech SetPoint if you don't use them.
Try not to have any unwanted stuff running at startup to speed up the boot time. Be careful though as lots of programmes have to be running to work properly.
Let me know what you want done about the above.
Joe.
--------------------
If I have helped you in any way, please consider a donation:
Joe's WebSite.
Member of UNITE and ASAP.
|
|
Previous
Index
Next
Threaded
Edit
Reply
Quote
