Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Trojan.gen


  • Please log in to reply
2 replies to this topic

#1 Bob Gunn

Bob Gunn

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:St. Louis, Missouri
  • Local time:01:30 AM

Posted 30 June 2008 - 07:29 PM

I run my spysweep and antivirus daily and everyday, I get a return of about 17 potential treats that are quarantined, but not removed. I need some help with cleaning my computer up thanks.

Deckard's System Scanner v20071014.68
Run by Robert on 2008-06-30 19:20:18
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Robert.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:20:27 PM, on 6/30/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Windows\notepad.exe
C:\Users\Robert\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Robert.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QlbCtrl] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] "C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe"
O4 - HKLM\..\Run: [WAWifiMessage] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\FreeAgentLauncher.exe" C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [HPAdvisor] "C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Connections.lnk = C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9589 bytes

-- Files created between 2008-05-30 and 2008-06-30 -----------------------------

2008-06-29 22:18:04 0 d-------- C:\Users\All Users\ZoomBrowser
2008-06-29 22:15:44 0 d-------- C:\Program Files\Canon
2008-06-29 22:02:52 0 d-------- C:\Program Files\Common Files\Canon
2008-06-29 21:20:07 0 d-------- C:\Users\All Users\WindowsSearch
2008-06-24 20:22:27 0 d-------- C:\Program Files\Apple Software Update
2008-06-23 01:04:12 0 d-------- C:\DaveMatthews2
2008-06-23 00:15:25 0 d-------- C:\DaveMatthews
2008-06-22 17:51:59 0 d-------- C:\Program Files\Common Files\Motorola Shared
2008-06-22 02:56:35 0 d-------- C:\Program Files\vghd
2008-06-18 20:07:38 0 d-------- C:\PerfLogs
2008-06-18 18:33:38 0 d-------- C:\SEINFELD34
2008-06-17 09:21:15 0 d-------- C:\seinfeld31
2008-06-16 22:21:24 0 d-------- C:\Windows\system32\URTTEMP
2008-06-16 22:18:18 0 d-------- C:\Program Files\Seagate
2008-06-16 21:29:05 0 d-------- C:\Program Files\bfgclient
2008-06-16 21:27:09 0 d-------- C:\BigFishGamesCache
2008-06-15 21:07:05 0 d-------- C:\Program Files\Common Files\Deterministic Networks
2008-06-15 21:06:59 0 d-------- C:\Program Files\Cisco Systems
2008-06-15 14:52:47 0 d-------- C:\Users\All Users\NVIDIA
2008-06-13 22:45:08 0 d-------- C:\Program Files\Common Files\xing shared
2008-06-13 22:44:50 0 d-------- C:\Program Files\Real
2008-06-13 22:44:47 0 d-------- C:\Program Files\Common Files\Real
2008-06-13 21:54:03 0 d-------- C:\Users\All Users\Microsoft Corporation
2008-06-13 21:53:38 0 d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2008-06-13 21:29:27 0 d-------- C:\Program Files\Flagship Studios
2008-06-13 20:28:56 0 d-------- C:\Program Files\iPod
2008-06-13 20:28:33 0 d-------- C:\Program Files\iTunes
2008-06-13 20:25:14 0 d-------- C:\Program Files\Bonjour
2008-06-13 20:22:28 0 d-------- C:\Program Files\QuickTime
2008-06-13 20:22:07 0 d-------- C:\Users\All Users\Apple Computer
2008-06-13 20:16:56 0 d-------- C:\Program Files\Common Files\Apple
2008-06-13 20:16:22 0 d-------- C:\Users\All Users\Apple
2008-06-13 17:03:26 0 d-------- C:\info
2008-06-13 16:59:36 0 d-------- C:\Windows\system32\drivers\AU_Backup
2008-06-13 16:54:03 0 d-------- C:\Users\All Users\Trend Micro
2008-06-13 16:52:38 0 d-------- C:\Program Files\Trend Micro
2008-06-13 16:42:14 0 d-------- C:\Users\All Users\Webroot
2008-06-13 16:42:14 0 d-------- C:\Program Files\Webroot
2008-06-13 16:42:14 0 d-------- C:\Program Files\AskSBar
2008-06-13 16:40:44 164 --a------ C:\install.dat
2008-06-13 15:34:32 47360 --a------ C:\Windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-06-13 15:34:21 0 d-------- C:\Program Files\LG Software Innovations
2008-06-13 15:32:27 604 --ah----- C:\Windows\T4
2008-06-13 15:32:27 0 d-------- C:\Users\All Users\Sibelius Software
2008-06-13 15:32:26 604 --ah----- C:\Windows\system32\T3
2008-06-13 15:32:26 608 --ah----- C:\Users\All Users\T2
2008-06-13 15:32:26 604 --ah----- C:\Program Files\STLL Notifier
2008-06-13 15:23:09 0 d-------- C:\Program Files\Sibelius Software
2008-06-13 11:38:17 1732 --a------ C:\Windows\system32\drivers\nvphy.bin
2008-06-13 09:55:21 86144 --a------ C:\Windows\system32\drivers\mupp.sys
2008-06-13 09:55:20 0 d-------- C:\Windows\system32\stk
2008-06-13 09:55:20 0 d-------- C:\Windows\system32\mgi
2008-06-13 09:55:19 0 d-------- C:\Windows\system32\1039a
2008-06-13 09:55:16 0 d-------- C:\Windows\system32\netrax06
2008-06-13 09:55:16 0 d-------- C:\Temp
2008-06-13 09:54:20 0 d-------- C:\Program Files\uTorrent
2008-06-13 09:53:16 0 d-------- C:\Users\All Users\DVD Shrink
2008-06-13 09:53:14 0 d-------- C:\Program Files\DVD Shrink
2008-06-13 09:21:07 0 d-------- C:\Users\All Users\Viewpoint
2008-06-13 09:21:06 0 d-------- C:\Program Files\Viewpoint
2008-06-13 09:21:05 0 d-------- C:\Users\All Users\acccore
2008-06-13 09:20:57 0 d-------- C:\Users\All Users\AOL
2008-06-13 09:20:57 0 d-------- C:\Users\All Users\AOL OCP
2008-06-13 09:20:44 0 d-------- C:\Program Files\Common Files\AOL
2008-06-13 09:20:15 0 d-------- C:\Program Files\AIM6
2008-06-12 21:55:44 0 d-------- C:\Program Files\MSXML 4.0
2008-06-12 21:46:23 0 d-------- C:\Program Files\BitLord2
2008-06-12 21:43:50 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-12 21:43:38 0 --a------ C:\Windows\nsreg.dat
2008-06-11 17:36:13 0 d-------- C:\Users\All Users\HP
2008-06-11 15:54:05 0 d-------- C:\Windows\Prefetch
2008-06-11 15:53:49 0 d--hs---- C:\System Volume Information
2008-06-11 15:25:40 0 dr------- C:\Users\Robert\Searches
2008-06-11 15:25:31 0 dr------- C:\Users\Robert\Contacts
2008-06-11 15:23:25 44 --a------ C:\Windows\system\hpsysdrv.dat
2008-06-11 15:18:52 81 --a------ C:\Windows\system32\LOG
2008-06-11 15:18:48 0 dr------- C:\Users\Robert\Videos
2008-06-11 15:18:48 0 d--hs---- C:\Users\Robert\Templates
2008-06-11 15:18:48 0 d--hs---- C:\Users\Robert\Start Menu
2008-06-11 15:18:48 0 d--hs---- C:\Users\Robert\SendTo
2008-06-11 15:18:48 0 dr------- C:\Users\Robert\Saved Games
2008-06-11 15:18:48 0 d--hs---- C:\Users\Robert\Recent
2008-06-11 15:18:48 0 d--hs---- C:\Users\Robert\PrintHood
2008-06-11 15:18:48 0 dr------- C:\Users\Robert\Pictures
2008-06-11 15:18:48 2097152 --ahs---- C:\Users\Robert\NTUSER.DAT
2008-06-11 15:18:48 0 d--hs---- C:\Users\Robert\NetHood
2008-06-11 15:18:48 0 d--hs---- C:\Users\Robert\My Documents
2008-06-11 15:18:48 0 dr------- C:\Users\Robert\Music
2008-06-11 15:18:48 0 d--hs---- C:\Users\Robert\Local Settings
2008-06-11 15:18:48 0 dr------- C:\Users\Robert\Links
2008-06-11 15:18:48 0 dr------- C:\Users\Robert\Favorites
2008-06-11 15:18:48 0 dr------- C:\Users\Robert\Downloads
2008-06-11 15:18:48 0 dr------- C:\Users\Robert\Documents
2008-06-11 15:18:48 0 dr------- C:\Users\Robert\Desktop
2008-06-11 15:18:48 0 d--hs---- C:\Users\Robert\Cookies
2008-06-11 15:18:48 0 d--hs---- C:\Users\Robert\Application Data
2008-06-11 15:18:48 0 d--h----- C:\Users\Robert\AppData
2008-06-11 14:58:29 0 d-------- C:\Program Files\Java
2008-06-11 14:58:29 0 d-------- C:\Program Files\Common Files\Java
2008-06-11 14:55:04 0 d-------- C:\Users\All Users\Hewlett-Packard
2008-06-11 14:48:58 272384 --a------ C:\Windows\system32\ShellvRTF64.dll <Not Verified; XSS; XSS ShellvRTF>
2008-06-11 14:48:58 237568 --a------ C:\Windows\system32\ShellvRTF.dll <Not Verified; XSS; XSS ShellvRTF>
2008-06-11 14:48:56 0 d-------- C:\Windows\SMINST
2008-06-11 14:48:51 0 d-------- C:\Program Files\HPQ
2008-06-11 14:48:47 0 d-------- C:\Program Files\Common Files\LightScribe
2008-06-11 14:47:57 1560576 --a------ C:\Windows\system32\BttnCmns_64.dll <Not Verified; Hewlett-Packard Company; Q Menu>
2008-06-11 14:47:57 1560576 --a------ C:\Windows\system32\BttnCmns.dll <Not Verified; Hewlett-Packard Company; Q Menu>
2008-06-11 14:47:57 987136 --a------ C:\Windows\system32\BttnCmn.dll <Not Verified; Hewlett-Packard Company; Q Menu>
2008-06-11 14:45:38 0 d-------- C:\Program Files\DivX
2008-06-11 14:45:10 0 d-------- C:\Program Files\muvee Technologies
2008-06-11 14:45:09 0 d-------- C:\Program Files\Common Files\muvee Technologies
2008-06-11 14:41:52 0 d-------- C:\Program Files\earthlink totalaccess
2008-06-11 14:41:34 0 d-------- C:\Program Files\Online Services
2008-06-11 14:41:09 0 d-------- C:\Windows\HPCPCUninstall-6811507
2008-06-11 14:40:54 0 d-------- C:\Program Files\HP Connections
2008-06-11 14:37:37 0 d-------- C:\Users\All Users\WildTangent
2008-06-11 14:33:37 0 d-------- C:\Program Files\HP Games
2008-06-11 14:33:01 0 d-------- C:\Users\All Users\Adobe
2008-06-11 14:32:29 0 d-------- C:\Users\All Users\CyberLink
2008-06-11 14:32:02 44544 --a------ C:\Windows\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP1>
2008-06-11 14:31:31 0 d-------- C:\Program Files\HP
2008-06-11 14:31:02 0 d-------- C:\Users\All Users\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
2008-06-11 14:30:50 0 d-------- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
2008-06-11 14:29:01 0 d-------- C:\Windows\PCHEALTH
2008-06-11 14:29:01 0 d-------- C:\Program Files\Microsoft.NET
2008-06-11 14:27:27 0 d-------- C:\Users\All Users\Microsoft Help
2008-06-11 14:27:02 0 dr-h----- C:\MSOCache
2008-06-11 14:25:46 0 d-------- C:\Program Files\Microsoft Works
2008-06-11 14:25:03 0 d-------- C:\Windows\system32\Macromed
2008-06-11 14:21:05 0 d-------- C:\Windows\SoftwareDistribution
2008-06-11 14:14:33 0 d-------- C:\Users\All Users\Symantec
2008-06-11 14:14:19 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-11 14:14:08 0 d-------- C:\Program Files\Common Files\SureThing Shared
2008-06-11 14:11:25 0 d-------- C:\Users\All Users\Sonic
2008-06-11 14:10:44 0 d-------- C:\Users\All Users\Roxio
2008-06-11 14:10:43 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-06-11 14:10:43 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-06-11 14:07:43 0 d-------- C:\Program Files\Roxio
2008-06-11 14:07:40 0 d--hs---- C:\Windows\Installer
2008-06-11 14:05:06 0 d-------- C:\Users\All Users\InstallShield
2008-06-11 14:04:29 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-11 14:04:18 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-11 14:01:18 0 d-------- C:\Program Files\Hewlett-Packard
2008-06-11 13:57:37 0 d--hs---- C:\$RECYCLE.BIN
2008-06-11 13:51:37 0 d-------- C:\Program Files\Synaptics
2008-06-11 13:49:41 0 d-------- C:\Program Files\CONEXANT
2008-06-11 13:38:45 0 d-------- C:\Windows\OEMCert
2008-06-11 13:38:44 0 d-------- C:\Windows\panther
2008-06-11 13:38:13 0 d--h----- C:\HP


-- Find3M Report ---------------------------------------------------------------

2008-06-30 19:11:24 13072 --a------ C:\Users\Robert\AppData\Roaming\nvModes.dat
2008-06-30 19:11:24 13072 --a------ C:\Users\Robert\AppData\Roaming\nvModes.001
2008-06-29 22:47:04 0 d-------- C:\Users\Robert\AppData\Roaming\ZoomBrowser EX
2008-06-29 22:02:52 0 d-------- C:\Program Files\Common Files
2008-06-22 02:56:33 0 d-------- C:\Users\Robert\AppData\Roaming\vghd
2008-06-18 20:19:23 174 --ahs---- C:\Program Files\desktop.ini
2008-06-18 20:08:47 0 d-------- C:\Program Files\Windows Calendar
2008-06-18 20:08:46 0 d-------- C:\Program Files\Windows Sidebar
2008-06-18 20:08:46 0 d-------- C:\Program Files\Windows Mail
2008-06-18 20:08:46 0 d-------- C:\Program Files\Movie Maker
2008-06-18 20:08:45 0 d-------- C:\Program Files\Windows Photo Gallery
2008-06-18 20:08:45 0 d-------- C:\Program Files\Windows Journal
2008-06-18 20:08:45 0 d-------- C:\Program Files\Windows Collaboration
2008-06-18 20:08:43 0 d-------- C:\Program Files\Windows Defender
2008-06-13 22:45:45 0 d-------- C:\Users\Robert\AppData\Roaming\Real
2008-06-13 20:31:04 0 d-------- C:\Users\Robert\AppData\Roaming\Apple Computer
2008-06-13 16:42:14 0 d-------- C:\Users\Robert\AppData\Roaming\Webroot
2008-06-13 15:34:47 0 d-------- C:\Users\Robert\AppData\Roaming\Vso
2008-06-13 15:34:47 34 --a------ C:\Users\Robert\AppData\Roaming\pcouffin.log
2008-06-13 15:34:32 47360 --a------ C:\Users\Robert\AppData\Roaming\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-06-13 15:34:32 1144 --a------ C:\Users\Robert\AppData\Roaming\pcouffin.inf
2008-06-13 15:34:32 7176 --a------ C:\Users\Robert\AppData\Roaming\pcouffin.cat
2008-06-13 15:34:32 81920 --a------ C:\Users\Robert\AppData\Roaming\ezpinst.exe
2008-06-13 15:33:21 0 d-------- C:\Users\Robert\AppData\Roaming\Sibelius Software
2008-06-13 11:49:01 0 d-------- C:\Users\Robert\AppData\Roaming\uTorrent
2008-06-13 09:47:57 0 d-------- C:\Users\Robert\AppData\Roaming\WinRAR
2008-06-13 09:43:50 0 d-------- C:\Users\Robert\AppData\Roaming\acccore
2008-06-13 09:21:03 0 d-------- C:\Users\Robert\AppData\Roaming\Adobe
2008-06-12 21:43:26 0 d-------- C:\Users\Robert\AppData\Roaming\Mozilla
2008-06-11 17:36:36 0 d-------- C:\Users\Robert\AppData\Roaming\CyberLink
2008-06-11 17:36:13 0 d-------- C:\Users\Robert\AppData\Roaming\HP
2008-06-11 15:26:37 0 d-------- C:\Users\Robert\AppData\Roaming\Hewlett-Packard
2008-06-11 15:25:33 0 d-------- C:\Users\Robert\AppData\Roaming\Identities
2008-06-11 15:21:49 0 d-------- C:\Users\Robert\AppData\Roaming\Macromedia
2008-06-11 14:45:48 74 --a------ C:\autoexec.bat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
06/13/2008 04:42 PM 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
06/13/2008 04:42 PM 267592 --a------ C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [06/13/2008 04:42 PM 267592]

[-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [01/19/2008 02:38 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [01/18/2008 07:31 PM]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [11/24/2006 05:33 PM]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [02/17/2005 01:11 AM]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [11/06/2006 12:58 PM]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [11/28/2006 05:42 PM]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [10/18/2006 11:56 AM]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [10/18/2006 11:32 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06/02/2008 11:13 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [06/13/2008 10:44 PM]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [06/04/2008 05:00 PM]
"StxTrayMenu"="C:\Program Files\Seagate\SystemTray\FreeAgentLauncher.exe" [01/18/2007 01:20 PM]
"@"="" []
"NvSvc"="RUNDLL32.exe" [11/02/2006 04:45 AM C:\Windows\System32\rundll32.exe]
"NvCplDaemon"="RUNDLL32.exe" [11/02/2006 04:45 AM C:\Windows\System32\rundll32.exe]
"NvMediaCenter"="RUNDLL32.exe" [11/02/2006 04:45 AM C:\Windows\System32\rundll32.exe]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [01/04/2008 08:56 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [01/19/2008 02:33 AM]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [11/21/2006 06:36 PM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [06/06/2008 11:04 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [02/16/2005 06:15 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Launcher"=%WINDIR%\SMINST\launcher.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Connections.lnk - C:\Program Files\HP Connections\6811507\Program\HP Connections.exe [6/11/2008 2:41:01 PM]
VPN Client.lnk - C:\Windows\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico [6/15/2008 9:09:37 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableUIADesktopToggle"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- "G:\Install FreeAgent Tools.exe" /run


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-06-30 19:22:44 ------------


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:14:06 PM, on 6/30/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Users\Robert\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Robert.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QlbCtrl] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] "C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe"
O4 - HKLM\..\Run: [WAWifiMessage] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\FreeAgentLauncher.exe" C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [HPAdvisor] "C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Connections.lnk = C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9658 bytes

BC AdBot (Login to Remove)

 


#2 Bob Gunn

Bob Gunn
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:St. Louis, Missouri
  • Local time:01:30 AM

Posted 09 July 2008 - 10:04 PM

how long does it take to get a reply on this website?

#3 Yourhighness

Yourhighness

    The BSG Malware Fighter


  • Malware Response Team
  • 7,943 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg
  • Local time:07:30 AM

Posted 21 July 2008 - 11:59 AM

Hello Bob Gunn and welcome to BleepingComputer!

Apollogies for the delay. The forum has been very busy lately. If you are still having problems, then please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic: Preparation Guide For Use Before Posting A Hijackthis Log. Please also post the problems you are having.

When posting your log, please make sure you post the HijackThis log as a reply and not as an attachment. If we do not hear back from you within a couple of days we will need to close your topic.

Thanks,

Johannes

"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users