Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help


  • This topic is locked This topic is locked
2 replies to this topic

#1 eva1

eva1

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:51 PM

Posted 02 June 2008 - 08:16 PM

eckard's System Scanner v20071014.68
Run by Compaq_Administrator on 2008-06-02 18:05:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
48: 2008-06-03 01:05:44 UTC - RP48 - Deckard's System Scanner Restore Point
47: 2008-06-02 14:00:00 UTC - RP47 - Software Distribution Service 3.0
46: 2008-06-02 02:07:48 UTC - RP46 - Installed SUPERAntiSpyware Free Edition
45: 2008-06-01 23:56:45 UTC - RP45 - Software Distribution Service 3.0
44: 2008-06-01 23:55:20 UTC - RP44 - Installed Windows Internet Explorer 7.


-- First Restore Point --
1: 2008-04-10 00:35:56 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Compaq_Administrator.exe) --------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:07:46 PM, on 6/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\wuauclt.exe
c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_05\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\TPW9XD1I\Autoruns[1]\autoruns.exe
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\UNS18Z0T\dss[1].exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdMgr.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [_SetRes] c:\hp\bin\cloaker c:\hp\bin\res.bat
O4 - HKLM\..\Run: [regcmdcons] c:\hp\bin\cloaker.exe c:\hp\bin\cmdcons.cmd
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZKxdm021YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 12103 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path ManagerŪ (32-bit)>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>

S2 MyWebSearchService (My Web Search Service) - c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe <Not Verified; MyWebSearch.com; My Web Search Bar>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-31 07:57:49 578 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Compaq_Administrator.job
2008-05-23 10:08:04 336 --a------ C:\WINDOWS\Tasks\HPCeeSchedule.job
2008-05-19 18:43:26 488 --a------ C:\WINDOWS\Tasks\Easy Internet Sign-up.job
2008-04-09 18:41:51 512 --a------ C:\WINDOWS\Tasks\Warranty Reminder 11 month.job


-- Files created between 2008-05-02 and 2008-06-02 -----------------------------

2008-06-02 18:07:11 0 d-------- C:\Program Files\Trend Micro
2008-06-01 19:08:06 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-01 19:07:49 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-01 19:07:49 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\SUPERAntiSpyware.com
2008-06-01 19:05:58 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-01 17:01:57 0 d-------- C:\Program Files\Common Files\Scanner
2008-06-01 17:01:53 0 d-------- C:\Program Files\CA Yahoo! Anti-Spy
2008-06-01 16:55:49 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Yahoo!
2008-06-01 16:55:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-06-01 16:55:47 0 d-------- C:\Program Files\Yahoo!
2008-06-01 16:55:46 0 d--h----- C:\WINDOWS\msdownld.tmp
2008-06-01 16:50:47 0 d-------- C:\WINDOWS\network diagnostic
2008-06-01 16:37:21 253440 --a------ C:\WINDOWS\apunbexu.dll
2008-05-27 18:12:26 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Apple Computer
2008-05-27 18:12:13 0 d-------- C:\Program Files\iPod
2008-05-27 18:12:08 0 d-------- C:\Program Files\iTunes
2008-05-27 18:11:56 0 d-------- C:\Program Files\Bonjour
2008-05-27 18:11:27 0 d-------- C:\Program Files\QuickTime
2008-05-27 18:11:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-27 18:11:12 0 d-------- C:\Program Files\Apple Software Update
2008-05-27 18:11:05 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-05-27 18:10:51 0 d-------- C:\Program Files\Common Files\Apple
2008-05-27 18:10:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-05-22 16:04:28 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Move Networks
2008-05-20 17:36:14 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\LimeWire
2008-05-19 14:50:11 4 --a------ C:\WINDOWS\system32\0AFDEE
2008-05-19 14:49:18 8413 --a------ C:\WINDOWS\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path ManagerŪ (32-bit)>
2008-05-19 14:48:03 0 d-------- C:\Program Files\Rhapsody
2008-05-17 09:00:58 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\FunWebProducts
2008-05-14 20:45:12 28672 --a------ C:\WINDOWS\system32\f3PSSavr.scr <Not Verified; FunWebProducts.com; Popular Screensavers>
2008-05-14 20:45:11 0 d-------- C:\Program Files\MyWebSearch
2008-05-14 20:45:05 0 d-------- C:\Program Files\FunWebProducts
2008-05-14 19:27:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-05-10 19:16:41 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\HP
2008-05-05 22:32:02 0 d-------- C:\Program Files\Windows Media Connect 2
2008-05-05 22:30:40 0 d-------- C:\WINDOWS\system32\LogFiles
2008-05-05 22:30:40 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-05-03 21:21:03 0 d-------- C:\WINDOWS\5IR0AJT2BLU3DMV4


-- Find3M Report ---------------------------------------------------------------

2008-06-02 18:06:36 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-02 17:22:44 0 d-------- C:\Program Files\Norton Internet Security
2008-06-01 19:05:58 0 d-------- C:\Program Files\Common Files
2008-06-01 16:04:38 0 d-------- C:\Program Files\Symantec
2008-05-19 14:49:19 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Real
2008-05-19 14:48:47 0 d-------- C:\Program Files\Real
2008-05-07 14:08:01 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Adobe
2008-04-25 03:15:35 0 d-------- C:\Program Files\Google
2008-04-25 03:01:21 0 d-------- C:\Program Files\MSXML 4.0
2008-04-24 14:49:04 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Google
2008-04-23 18:55:11 0 d-------- C:\Program Files\Quicken
2008-04-23 17:45:28 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Netscape
2008-04-23 12:00:35 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\HPQ
2008-04-22 18:41:16 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Macromedia
2008-04-09 16:40:16 0 d--h----- C:\Program Files\WindowsUpdate
2008-04-09 16:40:08 0 d-------- C:\Program Files\Windows Plus
2008-04-09 16:40:08 0 d-------- C:\Program Files\Windows NT
2008-04-09 16:39:56 0 d-------- C:\Program Files\WildTangent
2008-04-09 16:39:06 0 d-------- C:\Program Files\Sonic
2008-04-09 16:38:36 0 d-------- C:\Program Files\PC-Doctor for DOS
2008-04-09 16:38:03 0 d-------- C:\Program Files\PC-Doctor 5 for Windows
2008-04-09 16:36:27 0 d-------- C:\Program Files\Online Services
2008-04-09 16:36:08 0 d-------- C:\Program Files\Netscape
2008-04-09 16:35:55 0 d-------- C:\Program Files\music_now
2008-04-09 16:35:54 0 d-------- C:\Program Files\MSN Gaming Zone
2008-04-09 16:35:54 0 d-------- C:\Program Files\MSN Encarta Standard
2008-04-09 16:35:53 0 d-------- C:\Program Files\Movie Maker
2008-04-09 16:34:35 0 d-------- C:\Program Files\Microsoft Works
2008-04-09 16:34:15 0 d-------- C:\Program Files\Microsoft.NET
2008-04-09 16:34:15 0 d-------- C:\Program Files\Microsoft Money 2006
2008-04-09 16:34:15 0 d-------- C:\Program Files\microsoft frontpage
2008-04-09 16:34:15 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-04-09 16:34:15 0 d-------- C:\Program Files\Messenger
2008-04-09 16:34:02 0 d-------- C:\Program Files\Java
2008-04-09 16:33:59 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-09 16:33:53 0 d-------- C:\Program Files\HP Rhapsody
2008-04-09 16:29:31 0 d-------- C:\Program Files\HP Games
2008-04-09 16:28:34 0 d-------- C:\Program Files\HP
2008-04-09 16:27:58 0 d-------- C:\Program Files\Hewlett-Packard
2008-04-09 16:27:55 0 d-------- C:\Program Files\GemMaster
2008-04-09 16:27:49 0 d-------- C:\Program Files\EnglishOtto
2008-04-09 16:27:45 0 d-------- C:\Program Files\DISC
2008-04-09 16:27:38 0 d-------- C:\Program Files\Compaq Connections
2008-04-09 16:27:38 0 d-------- C:\Program Files\Common Files\xing shared
2008-04-09 16:27:37 0 d-------- C:\Program Files\Common Files\TiVo Shared
2008-04-09 16:27:10 0 d-------- C:\Program Files\Common Files\SureThing Shared
2008-04-09 16:26:57 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-04-09 16:26:50 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-04-09 16:26:45 0 d-------- C:\Program Files\Common Files\Real
2008-04-09 16:26:45 0 d-------- C:\Program Files\Common Files\Palo Alto Software
2008-04-09 16:26:45 0 d-------- C:\Program Files\Common Files\ODBC
2008-04-09 16:26:45 0 d-------- C:\Program Files\Common Files\MSSoap
2008-04-09 16:26:11 0 d-a------ C:\Program Files\Common Files\LightScribe
2008-04-09 16:26:10 0 d-------- C:\Program Files\Common Files\L&H
2008-04-09 16:26:06 0 d-------- C:\Program Files\Common Files\Java
2008-04-09 16:26:05 0 d-------- C:\Program Files\Common Files\Intuit
2008-04-09 16:26:03 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-09 16:26:02 0 d-------- C:\Program Files\Common Files\HP
2008-04-09 16:26:02 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-09 16:23:17 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Symantec
2008-04-09 16:23:16 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Intuit
2008-04-09 16:23:16 0 d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Identities
2008-04-09 15:51:28 667896 --a------ C:\WINDOWS\unins000.exe <Not Verified; ; Inno Setup>
2008-04-09 15:51:28 1235 --a------ C:\WINDOWS\unins000.dat
2008-04-09 15:51:17 12988 --a------ C:\WINDOWS\system32\CHODDI.SYS
2008-04-09 15:33:50 95822 --a------ C:\WINDOWS\hpqins69.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [09/29/2005 02:01 PM]
"RTHDCPL"="RTHDCPL.EXE" [03/08/2006 04:54 AM C:\WINDOWS\RTHDCPL.EXE]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [08/02/2005 04:19 PM C:\WINDOWS\arpwrmsg.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [01/24/2006 07:15 PM]
"nwiz"="nwiz.exe" [01/24/2006 07:15 PM C:\WINDOWS\system32\nwiz.exe]
"DISCover"="C:\Program Files\DISC\DISCover.exe" [03/15/2006 07:12 PM]
"DiscUpdateManager"="C:\Program Files\DISC\DiscUpdMgr.exe" [03/15/2006 07:11 PM]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [07/22/2005 03:14 PM]
"@"="" []
"PCDrProfiler"="" []
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/22/2007 10:19 PM]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [02/15/2006 03:34 PM]
"_SetRes"="c:\hp\bin\cloaker c:\hp\bin\res.bat" []
"regcmdcons"="c:\hp\bin\cloaker.exe" [11/06/1999 11:11 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [02/16/2005 11:11 PM]
"MyWebSearch Plugin"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL" [05/14/2008 08:45 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/09/2008 03:36 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]
"My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" [05/14/2008 08:45 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/09/2004 02:00 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 09:24 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [05/07/2008 08:59 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [05/13/2008 12:43 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe [4/9/2008 3:52:09 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{192fa7d7-0690-11dd-b141-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2008-06-02 18:08:09 ------------

BC AdBot (Login to Remove)

 


#2 pskelley

pskelley

  • Members
  • 1,487 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:51 PM

Posted 12 June 2008 - 06:18 PM

Welcome to Bleeping Computer, please be sure you have read and followed the
Preparation Guide For Use Before Posting A Hijackthis Log, Instructions for receiving help in cleaning your computer http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
All advice given is taken at your own risk.

I apologize for the wait, if your issues are not resolved, read the instructions posted above and then follow the directions below. If you no longer need help, I would appreciate a quick post letting me know so I can close your topic.

Could you please provide more information than "Please Help"? I can see some adware but you are in a much better position to tell me what malware symptoms you are experiencing. I am interested also in any error messages, post those word for word. Provide this information and a new HijackThis log (not Deckard's System Scan this time) using Add Reply and I will do all I can to help.

Thanks
MS-MVP Windows Security 2007-08
Proud Member ASAP
UNITE Member 2006

#3 pskelley

pskelley

  • Members
  • 1,487 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:51 PM

Posted 20 June 2008 - 10:10 AM

There has been no response to this topic in a week
This topic is closed
Thanks...pskelley
BleepingComputer
MS-MVP Windows Security 2007-08
Proud Member ASAP
UNITE Member 2006




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users