Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I've fixed many problems but this stumps me/ Computer 1


  • This topic is locked This topic is locked
8 replies to this topic

#1 hippiekiller

hippiekiller

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 10 March 2009 - 03:15 PM

This is on my own computer running Vista Home Premium. First it started by a search engine hijacker taking me to random ad sites when clicking on a google, yahoo, msn, etc site. I ran ad-aware and Malwarebytes' Anti-Malware and it found DNSChanger and mywebsearch. Cleaned all of it. Well I thought anyway. Now my login account freezes before it gets to the desktop and I have to use another administrator account. It's very important to me I fix this soon. I hope you guys understand and thanks for what you do.

Here's the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:30:31 PM, on 3/10/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\RtHDVCpl.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\MpcStar\Codecs\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7440 bytes

Sorry, I have no idea what happened there.

Edited by Orange Blossom, 10 March 2009 - 11:37 PM.
Removed duplicate and illegible log. ~ OB


BC AdBot (Login to Remove)

 


#2 hippiekiller

hippiekiller
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 18 March 2009 - 09:09 PM

Hey guys, I know I'm not supposed to bump my own posts but its been 8 days and I'm still waiting for someone to please look at this. I have another problem starting also, it says that a host process for Windows Services stopped working and was closed. I found this has to do something with the DHCP Service. When I try to start it manually it closed right away and the same error pops up. Also every now and then the internet just stops working sometimes requiring a restart. Please help me!

#3 hippiekiller

hippiekiller
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 18 March 2009 - 09:22 PM

I've noticed that some people are asking for a DDS Log. I've listed it just to save time. Thanks!

DDS (Ver_09-03-16.01) - NTFSx86
Run by Stan Brownell at 22:18:49.65 on Wed 03/18/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2942.1963 [GMT -4:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Windows\system32\schtasks.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Stan Brownell\Desktop\dds.com
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe"
mRun: [<NO NAME>]
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\mpcstar\codecs\quicktime\QTTask.exe" -atboottime
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-6 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-3-11 28544]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 921936]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pc-doc~1\PCD5SRVC.pkms [2007-9-12 25760]

=============== Created Last 30 ================

2009-03-18 21:46 <DIR> --d----- c:\programdata\TEMP
2009-03-18 21:46 118,784 a------- c:\windows\system32\MSSTDFMT.DLL
2009-03-18 21:46 <DIR> --d----- c:\program files\SpywareBlaster
2009-03-11 00:27 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-03-11 00:27 <DIR> --d----- c:\program files\Panda Security
2009-03-10 12:08 <DIR> --d----- c:\program files\Trend Micro
2009-03-10 10:50 <DIR> --d----- c:\users\stanbr~1\appdata\roaming\Malwarebytes
2009-03-06 01:46 15,688 a------- c:\windows\system32\lsdelete.exe
2009-03-06 01:38 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-03-06 01:37 <DIR> -cd-h--- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-06 01:37 <DIR> -cd-h--- c:\progra~2\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-06 01:37 <DIR> --d----- c:\programdata\Lavasoft
2009-03-06 01:37 <DIR> --d----- c:\program files\Lavasoft
2009-03-06 01:35 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-06 01:35 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-06 01:35 <DIR> --d----- c:\programdata\Malwarebytes
2009-03-06 01:35 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-06 01:35 <DIR> --d----- c:\progra~2\Malwarebytes
2009-03-04 18:17 <DIR> --d----- c:\program files\PLDivX
2009-03-02 12:58 122,960 a------- c:\windows\system32\XRZKRLAI.DLL
2009-02-23 18:41 <DIR> --d----- c:\programdata\Apple

==================== Find3M ====================

2009-03-06 01:55 143,360 a------- c:\windows\inf\infstrng.dat
2009-03-06 01:55 86,016 a------- c:\windows\inf\infstor.dat
2009-03-06 01:55 51,200 a------- c:\windows\inf\infpub.dat
2009-03-02 19:20 22,328 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-03-02 19:20 107,832 a------- c:\windows\system32\PnkBstrB.exe
2009-02-10 01:17 66,872 a------- c:\windows\system32\PnkBstrA.exe
2009-01-18 17:07 140,981 a------- c:\windows\hpoins14.dat
2009-01-15 02:11 827,392 a------- c:\windows\system32\wininet.dll
2009-01-03 19:43 319,456 a------- c:\windows\DIFxAPI.dll
2008-12-29 02:03 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-21 15:25 94 a------- c:\users\stanbr~1\appdata\roaming\wklnhst.dat
2008-12-19 02:47 174 a--sh--- c:\program files\desktop.ini
2008-12-19 02:36 665,600 a------- c:\windows\inf\drvindex.dat
2008-12-19 02:21 101,888 a------- c:\windows\system32\ifxcardm.dll
2008-12-19 02:21 82,432 a------- c:\windows\system32\axaltocm.dll
2008-12-19 01:59 152,576 a------- c:\windows\system32\SPWizUI.dll
2008-12-19 01:59 47,560 a------- c:\windows\system32\SPReview.exe
2008-12-19 01:21 246,840 a------- c:\windows\system32\clfs.sys
2008-12-19 01:16 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2008-12-19 01:16 272,896 a------- c:\windows\system32\polstore.dll
2008-12-19 01:16 61,440 a------- c:\windows\system32\winipsec.dll
2008-12-19 01:16 28,672 a------- c:\windows\system32\FwRemoteSvr.dll
2008-12-19 01:15 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2008-12-19 01:15 160,768 a------- c:\windows\system32\PortableDeviceTypes.dll
2008-12-19 01:15 94,720 a------- c:\windows\system32\PortableDeviceClassExtension.dll
2008-12-19 01:13 296,960 a------- c:\windows\system32\gdi32.dll
2008-12-19 01:11 28,672 a------- c:\windows\system32\Apphlpdm.dll
2008-12-19 01:11 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
2008-12-19 01:11 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
2008-12-19 01:11 2,560 a------- c:\windows\apppatch\AcRes.dll
2008-12-19 01:11 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2008-12-19 01:11 541,696 a------- c:\windows\apppatch\AcLayers.dll
2008-12-19 01:11 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2008-12-19 01:11 52,736 a------- c:\windows\apppatch\iebrshim.dll
2008-12-19 01:11 1,695,744 a------- c:\windows\system32\gameux.dll
2008-12-19 01:11 303,616 a------- c:\windows\system32\wmpeffects.dll
2008-12-19 01:10 2,032,640 a------- c:\windows\system32\win32k.sys
2008-12-19 01:10 1,191,936 a------- c:\windows\system32\msxml3.dll
2008-12-19 01:10 2,048 a------- c:\windows\system32\msxml3r.dll
2008-12-19 01:09 2,048 a------- c:\windows\system32\tzres.dll
2008-12-19 01:06 2,927,104 a------- c:\windows\explorer.exe
2008-12-19 01:02 6,014,976 a------- c:\windows\system32\NlsLexicons001a.dll
2008-12-19 01:01 6,656 a------- c:\windows\system32\kbd106n.dll
2008-12-19 01:01 988,216 a------- c:\windows\system32\winload.exe
2008-12-19 01:01 927,288 a------- c:\windows\system32\winresume.exe
2008-12-19 01:01 615,992 a------- c:\windows\system32\ci.dll
2008-12-19 01:01 378,368 a------- c:\windows\system32\srcore.dll
2008-12-19 01:01 318,464 a------- c:\windows\system32\rstrui.exe
2008-12-19 01:01 46,592 a------- c:\windows\system32\setbcdlocale.dll
2008-12-19 01:01 40,960 a------- c:\windows\system32\srclient.dll
2008-12-19 01:01 19,000 a------- c:\windows\system32\kd1394.dll
2008-12-19 01:01 14,848 a------- c:\windows\system32\srdelayed.exe
2008-12-19 00:59 738,304 a------- c:\windows\system32\inetcomm.dll
2008-12-19 00:59 84,480 a------- c:\windows\system32\INETRES.dll
2008-12-19 00:59 1,645,568 a------- c:\windows\system32\connect.dll
2008-12-19 00:59 1,314,816 a------- c:\windows\system32\quartz.dll
2008-12-19 00:58 3,601,464 a------- c:\windows\system32\ntkrnlpa.exe
2008-12-19 00:58 3,549,240 a------- c:\windows\system32\ntoskrnl.exe
2008-12-19 00:58 1,334,272 a------- c:\windows\system32\msxml6.dll
2008-12-19 00:58 2,048 a------- c:\windows\system32\msxml6r.dll
2008-12-19 00:43 1,524,736 a------- c:\windows\system32\wucltux.dll
2008-12-19 00:43 83,456 a------- c:\windows\system32\wudriver.dll
2008-12-19 00:43 162,064 a------- c:\windows\system32\wuwebv.dll
2008-12-19 00:43 31,232 a------- c:\windows\system32\wuapp.exe
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 22:19:15.08 ===============

DDS (Ver_09-03-16.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/19/2008 2:38:24 AM
System Uptime: 3/18/2009 8:38:49 PM (2 hours ago)

Motherboard: ASUSTek Computer INC. | | NARRA2
Processor: AMD Athlon™ 64 X2 Dual Core Processor 5600+ | Socket AM2 | 2600/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 456 GiB total, 330.121 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 1.298 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM ()
K: is FIXED (NTFS) - 298 GiB total, 261.51 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP109: 2/22/2009 12:00:05 AM - Scheduled Checkpoint
RP110: 2/23/2009 12:52:22 AM - Scheduled Checkpoint
RP111: 2/23/2009 5:41:43 PM - Installed QuickTime
RP112: 2/23/2009 9:28:45 PM - Windows Update
RP113: 2/25/2009 1:52:03 AM - Scheduled Checkpoint
RP114: 2/26/2009 1:31:11 AM - Scheduled Checkpoint
RP115: 2/27/2009 12:00:08 AM - Scheduled Checkpoint
RP116: 2/27/2009 6:15:39 AM - Windows Update
RP117: 2/28/2009 12:14:31 AM - Scheduled Checkpoint
RP118: 3/1/2009 12:00:10 AM - Scheduled Checkpoint
RP119: 3/2/2009 11:58:20 AM - Device Driver Package Install: Xerox Printers
RP120: 3/2/2009 3:35:15 PM - Windows Update
RP121: 3/3/2009 1:00:18 PM - Device Driver Package Install: Symantec Network Service
RP122: 3/4/2009 6:25:36 PM - Scheduled Checkpoint
RP123: 3/6/2009 12:00:04 AM - Scheduled Checkpoint
RP124: 3/6/2009 12:48:52 AM - Removed LiveUpdate (Symantec Corporation)
RP125: 3/6/2009 1:07:05 PM - Scheduled Checkpoint
RP126: 3/8/2009 6:53:02 PM - Scheduled Checkpoint
RP127: 3/9/2009 4:20:02 PM - Scheduled Checkpoint
RP128: 3/11/2009 8:05:31 AM - Scheduled Checkpoint
RP129: 3/12/2009 2:35:13 PM - Scheduled Checkpoint
RP130: 3/13/2009 7:13:11 PM - Scheduled Checkpoint
RP131: 3/15/2009 12:00:02 AM - Scheduled Checkpoint
RP132: 3/16/2009 - Scheduled Checkpoint
RP133: 3/17/2009 12:00:01 AM - Scheduled Checkpoint
RP134: 3/18/2009 12:27:00 PM - Scheduled Checkpoint

==== Installed Programs ======================

32 Bit HP CIO Components Installer
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.3
AIM 6
AIO_Scan
America's Army Deploy Client
America's Army Server Manager
Apple Software Update
Ares 3.0.7.7075
BitComet 1.07
BitZipper 5.1
BlackBerry Desktop Software 4.3
BufferChm
Cards_Calendar_OrderGift_DoMorePlugout
Compatibility Pack for the 2007 Office system
Copy
CustomerResearchQFolder
CyberLink DVD Suite Deluxe
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DJ_AIO_Software
DJ_AIO_Software_min
DVD-CLONER V6.00 Build 976
Enhanced Multimedia Keyboard Solution
eSupportQFolder
Full Tilt Poker
Hardware Diagnostic Tools
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
HP Active Support Library
HP Customer Experience Enhancements
HP Customer Feedback
HP Customer Participation Program 9.0
HP Deskjet All-In-One Software 9.0
HP Easy Setup - Frontend
HP Imaging Device Functions 9.0
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart Essential 2.5
HP Picasso Media Center Add-In
HP Product Assistant
HP Smart Web Printing
HP Solution Center 9.0
HP Total Care Advisor
HP Update
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
Java™ 6 Update 11
Java™ 6 Update 7
Java™ SE Runtime Environment 6 Update 1
LabelPrint
LightScribe System Software 1.17.90.1
LightScribe Template Labeler
LimeWire 4.18.8
Malwarebytes' Anti-Malware
MarketResearch
Microsoft Office Home and Student 60 day trial
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MpcStar 3.3
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 6.1
My HP Games
NI LabVIEW Run-Time Engine 5.1.1
NVIDIA Drivers
OpenOffice.org 3.0
Paint.NET v3.36
Panda ActiveScan 2.0
PLDivX
POV-Ray for Windows v3.6.1c
Power2Go
PowerDirector
PowerISO
PowerSimulator
progeCAD 2008 Smart! ENG
PSSWCORE
Python 2.5
QuickTime
Realtek High Definition Audio Driver
Roxio Media Manager
Scan
Soft Data Fax Modem with SmartCP
SolutionCenter
SpywareBlaster 4.1
Status
Toolbox
TrayApp
UnloadSupport
VideoToolkit01
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WeatherBug Gadget
WebReg
Winamp
Windows Live installer
Windows Live Mail
Windows Live Sign-in Assistant

==== End Of File ===========================

#4 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:09:09 PM

Posted 22 March 2009 - 12:54 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#5 hippiekiller

hippiekiller
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 22 March 2009 - 02:58 PM

Nothing has changed with this computer since the last log. It's been turned off most of the time since the first post. Also, the link to DDS.com does not work.

Thanks!

#6 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:08:09 PM

Posted 22 March 2009 - 06:14 PM

Howdy, my name is Hoov, and I will be helping you with your dilemma.

Please make sure you watch this thread for responses. If you click the options tab at the top of your first post, you can select to track this thread.

Here is what I am asking you to do during the repair of your computer

*Tell me everything that you have done, if anything, to try and fix this problem.

*Please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.

*Follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go. Don't install anything, even other programs that have nothing to do with security or malware, it could cause things to change, and I would never know it.

*Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try.

*Stick with me to the end. My aim is to fix your problems, and give you the tools and knowledge to keep this from happening again.

Now onto trying to fix your computer.

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

You say you have Malwarebytes' Anti-Malware installed, so the first thing I would like you to do is update it and run a full scan instead of a quick scan.

Then Run comboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Also make sure you close all your browsers just before the instructions tell you to start the scanner.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#7 hippiekiller

hippiekiller
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 22 March 2009 - 10:13 PM

Thank you for your help! I tried to run Antibytes but it wouldn't allow me. I found that when I changed the name of the .exe file it ran. However it would not let me update. The version I ran was a recent one so I hope it was up to date enough. It found no errors. However combofix found somethings including rootkit activity. I'm still getting the error "Host Process for Windows Services stopped working and was closed." Here's the ComboFix log, I'll be waiting on your advice. Thanks Alot!

ComboFix 09-03-22.01 - Stan Brownell 2009-03-22 22:53:57.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2942.2005 [GMT -4:00]
Running from: c:\users\Stan Brownell\Desktop\ComboFixx.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\AutoRun.inf
c:\windows\system32\drivers\gaopdxxetemxebuclyhrqmqcdtofsyicgsehsn.sys
c:\windows\system32\gaopdxojptiecpjrtmvtjnpjbecvtxpwsdjqfm.dll
D:\Autorun.inf
d:\recycler\S-0-1-29-100001268-100019052-100027409-3058.com
K:\Autorun.inf
k:\recycler\S-0-1-29-100001268-100019052-100027409-3058.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys


((((((((((((((((((((((((( Files Created from 2009-02-23 to 2009-03-23 )))))))))))))))))))))))))))))))
.

2009-03-22 22:35 . 2009-03-22 22:46 <DIR> d-------- C:\ComboFix
2009-03-18 21:46 . 2009-03-18 21:46 <DIR> d-------- c:\users\All Users\TEMP
2009-03-18 21:46 . 2009-03-18 21:46 <DIR> d-------- c:\program files\SpywareBlaster
2009-03-18 21:46 . 2009-03-18 21:46 <DIR> d-------- c:\progra~2\TEMP
2009-03-18 21:46 . 2005-08-25 19:18 118,784 --a------ c:\windows\System32\MSSTDFMT.DLL
2009-03-11 00:27 . 2009-03-11 00:27 <DIR> d-------- c:\program files\Panda Security
2009-03-11 00:27 . 2008-06-19 16:24 28,544 --a------ c:\windows\System32\drivers\pavboot.sys
2009-03-10 12:08 . 2009-03-10 12:08 <DIR> d-------- c:\program files\Trend Micro
2009-03-10 10:50 . 2009-03-10 10:50 <DIR> d-------- c:\users\Stan Brownell\AppData\Roaming\Malwarebytes
2009-03-06 01:46 . 2009-01-18 17:35 15,688 --a------ c:\windows\System32\lsdelete.exe
2009-03-06 01:38 . 2009-03-06 01:38 <DIR> d----c--- c:\windows\System32\DRVSTORE
2009-03-06 01:38 . 2009-01-18 17:30 64,160 --a------ c:\windows\System32\drivers\Lbd.sys
2009-03-06 01:37 . 2009-03-06 01:38 <DIR> d-------- c:\users\All Users\Lavasoft
2009-03-06 01:37 . 2009-03-06 01:37 <DIR> d--h-c--- c:\users\All Users\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-06 01:37 . 2009-03-06 01:37 <DIR> d-------- c:\program files\Lavasoft
2009-03-06 01:37 . 2009-03-06 01:38 <DIR> d-------- c:\progra~2\Lavasoft
2009-03-06 01:37 . 2009-03-06 01:37 <DIR> d--h-c--- c:\progra~2\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-06 01:35 . 2009-03-06 01:35 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-03-06 01:35 . 2009-03-22 21:22 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-06 01:35 . 2009-03-06 01:35 <DIR> d-------- c:\progra~2\Malwarebytes
2009-03-06 01:35 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-03-06 01:35 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-03-04 18:17 . 2009-03-04 18:17 <DIR> d-------- c:\program files\PLDivX
2009-03-02 12:58 . 2007-08-17 09:00 122,960 --a------ c:\windows\System32\XRZKRLAI.DLL
2009-02-23 18:41 . 2009-02-23 18:41 <DIR> d-------- c:\users\All Users\Apple
2009-02-23 18:41 . 2009-02-23 18:41 <DIR> d-------- c:\program files\Apple Software Update
2009-02-23 18:41 . 2009-02-23 18:41 <DIR> d-------- c:\progra~2\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-10 14:48 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-06 05:55 --------- d-----w c:\progra~2\Symantec
2009-03-06 05:48 --------- d-----w c:\progra~2\Viewpoint
2009-03-02 23:20 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-03-02 23:20 107,832 ----a-w c:\windows\System32\PnkBstrB.exe
2009-02-23 22:42 --------- d-----w c:\progra~2\Apple Computer
2009-02-12 08:00 --------- d-----w c:\program files\Windows Mail
2009-02-12 03:09 --------- d-----w c:\program files\uTorrent
2009-02-10 05:17 66,872 ----a-w c:\windows\System32\PnkBstrA.exe
2009-02-10 04:21 --------- d-----w c:\program files\America's Army Deploy Client
2009-02-10 04:19 --------- d-----w c:\program files\America's Army Server Manager
2009-02-10 04:18 --------- d-----w c:\program files\America's Army
2009-02-10 02:11 --------- d-----w c:\progra~2\America's Army Deploy Client
2009-02-04 23:25 --------- d-----w c:\progra~2\WildTangent
2009-01-26 23:01 --------- d-----w c:\program files\progeSOFT
2009-01-26 22:58 --------- d-----w c:\program files\POV-Ray for Windows v3.6
2009-01-15 06:11 827,392 ----a-w c:\windows\System32\wininet.dll
2009-01-09 20:19 13,440,584 ----a-w c:\users\Brad Brownell\Install_AIM.exe
2009-01-03 23:43 319,456 ----a-w c:\windows\DIFxAPI.dll
2008-12-29 06:03 410,984 ----a-w c:\windows\System32\deploytk.dll
2008-12-21 19:25 94 ----a-w c:\users\Stan Brownell\AppData\Roaming\wklnhst.dat
2008-12-19 06:47 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-12-07 2387968]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-22 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-22 92704]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-29 136600]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"QuickTime Task"="c:\program files\MpcStar\Codecs\QuickTime\QTTask.exe" [2009-01-05 413696]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-18 506712]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 c:\windows\RtHDVCpl.exe]

c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm
"vidc.tscc"= c:\progra~1\MpcStar\Codecs\tscc\tsccvid.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\c:\0autocheck autochk *\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{FDEA14BE-1578-480D-B947-07913692EE7E}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{3CA268D8-6478-4323-8E17-66B6DF6F76CD}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{7A70C150-4C21-4EF1-A044-4D769AA9FCEE}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{A6DE0F06-81E8-4940-9A95-B95504B26C20}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{DDA2F53F-2793-4E36-B4D5-4EDE3B0CAFCD}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{1D66C07D-DFB4-49A6-9AE2-82084F373E18}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{73F16873-9E45-44C6-BA08-38F0C3434930}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{739BFE31-9510-4B2D-B724-01B3E7EDEF5F}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{1C6BF9CD-C107-41FD-8612-4C8DAE77B999}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{61BFEE7C-F36C-4CB8-A899-DDCB9C253172}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{242FCB6B-422B-48E0-9A6A-83798A8500A4}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{284D3732-F43B-4CBF-8626-768F987D2DF7}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{FBA24D0C-5B7F-4820-8A23-F7C4DEAE1169}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{D2F80B7C-062E-4A37-8F16-2569FCF2FA87}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{7F746D97-1636-4B2C-92B0-0A15263C34F4}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [2009-03-06 64160]
R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [2009-03-11 28544]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 921936]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [2007-09-12 25760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b246f92f-d182-11dd-96dc-001e8cc59419}]
\shell\AutoRun\command - L:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-22 23:00:00
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
Completion time: 2009-03-22 23:02:11
ComboFix-quarantined-files.txt 2009-03-23 03:02:09

Pre-Run: 353,132,093,440 bytes free
Post-Run: 353,212,821,504 bytes free

176 --- E O F --- 2009-03-02 20:35:47

#8 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:08:09 PM

Posted 22 March 2009 - 11:06 PM

will Malwarebytes' Anti-Malware update now? If it does, do a full scan. If not, let me know.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#9 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:08:09 PM

Posted 06 April 2009 - 10:27 PM

This thread is closed due to inactivity.
If you need this topic reopened, please send me a PM. This applies to the thread originator only, all others start a new thread.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users