Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown malware


  • This topic is locked This topic is locked
2 replies to this topic

#1 lewmur01

lewmur01

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:31 AM

Posted 22 October 2009 - 09:44 AM

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/22 09:12
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: D:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB85F6000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: D:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBAE0A000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: D:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB7F5B000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: D:\Program Files\Yahoo! Games\Bejeweled 2 Deluxe\Bejeweled2.exe:{E775D448-17FC-7184-7B29-75963903A70E}
Status: Visible to the Windows API, but not on disk.

SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "D:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb868d6b8

#: 041 Function Name: NtCreateKey
Status: Hooked by "D:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb868d574

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "D:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb868da52

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "D:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb868d14c

#: 119 Function Name: NtOpenKey
Status: Hooked by "D:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb868d64e

#: 122 Function Name: NtOpenProcess
Status: Hooked by "D:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb868d08c

#: 128 Function Name: NtOpenThread
Status: Hooked by "D:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb868d0f0

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "D:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb868d76e

#: 204 Function Name: NtRestoreKey
Status: Hooked by "D:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb868d72e

#: 247 Function Name: NtSetValueKey
Status: Hooked by "D:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb868d8ae

==EOF==


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-13.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/10/2007 12:41:41 PM
System Uptime: 10/22/2009 7:58:16 AM (1 hours ago)

Motherboard: Quanta | | 30BF
Processor: AMD Turion™ 64 X2 Mobile Technology TL-58 | Socket S1 | 1894/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 46 GiB total, 36.989 GiB free.
D: is FIXED (NTFS) - 71 GiB total, 1.689 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 32 GiB total, 13.649 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Video Controller (VGA Compatible)
Device ID: PCI\VEN_10DE&DEV_0244&SUBSYS_30BF103C&REV_A2\3&13C0B0C5&0&28
Manufacturer:
Name: Video Controller (VGA Compatible)
PNP Device ID: PCI\VEN_10DE&DEV_0244&SUBSYS_30BF103C&REV_A2\3&13C0B0C5&0&28
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_10DE&DEV_0264&SUBSYS_30BF103C&REV_A3\3&13C0B0C5&0&51
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_10DE&DEV_0264&SUBSYS_30BF103C&REV_A3\3&13C0B0C5&0&51
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Coprocessor
Device ID: PCI\VEN_10DE&DEV_0271&SUBSYS_30BF103C&REV_A3\3&13C0B0C5&0&53
Manufacturer:
Name: Coprocessor
PNP Device ID: PCI\VEN_10DE&DEV_0271&SUBSYS_30BF103C&REV_A3\3&13C0B0C5&0&53
Service:

Class GUID:
Description: Modem Device on High Definition Audio Bus
Device ID: HDAUDIO\FUNC_02&VEN_1057&DEV_3055&SUBSYS_103C30BF&REV_1007\4&1AFC31B3&0&0101
Manufacturer:
Name: Modem Device on High Definition Audio Bus
PNP Device ID: HDAUDIO\FUNC_02&VEN_1057&DEV_3055&SUBSYS_103C30BF&REV_1007\4&1AFC31B3&0&0101
Service:

==== System Restore Points ===================

RP184: 7/29/2009 9:26:14 PM - System Checkpoint
RP185: 8/8/2009 12:56:22 PM - System Checkpoint
RP186: 8/8/2009 1:50:18 PM - Installed SyncToy 2.0 (x86)
RP187: 8/9/2009 10:10:11 PM - Installed Java™ 6 Update 15
RP188: 8/9/2009 10:10:49 PM - Installed Java Runtime Environment
RP189: 8/13/2009 8:22:08 PM - System Checkpoint
RP190: 8/24/2009 10:18:49 PM - System Checkpoint
RP191: 8/28/2009 1:24:50 PM - Installed BlackBerry Device Software Updater.
RP192: 8/30/2009 2:36:39 PM - System Checkpoint
RP193: 9/4/2009 3:43:14 PM - System Checkpoint
RP194: 9/5/2009 7:59:31 PM - System Checkpoint
RP195: 9/8/2009 4:41:02 PM - System Checkpoint
RP196: 9/10/2009 1:06:39 PM - Installed BlackBerry v4.2.2 for the 8320 Series Wireless Handheld
RP197: 9/12/2009 12:54:57 PM - System Checkpoint
RP198: 9/13/2009 2:48:40 PM - System Checkpoint
RP199: 9/14/2009 6:05:08 PM - System Checkpoint
RP200: 9/22/2009 12:49:08 PM - System Checkpoint
RP201: 9/24/2009 8:08:13 PM - System Checkpoint
RP202: 10/8/2009 8:30:24 PM - Installed iTunes
RP203: 10/13/2009 2:54:50 PM - System Checkpoint
RP204: 10/14/2009 5:03:45 PM - System Checkpoint
RP205: 10/15/2009 3:40:58 PM - Removed iTunes
RP206: 10/15/2009 3:43:42 PM - Removed QuickTime
RP207: 10/15/2009 3:44:37 PM - Removed Apple Software Update
RP208: 10/15/2009 3:45:41 PM - Removed Apple Mobile Device Support
RP209: 10/15/2009 3:47:26 PM - Removed Bonjour
RP210: 10/15/2009 3:47:56 PM - Removed Apple Application Support
RP211: 10/15/2009 4:02:25 PM - Installed iTunes
RP212: 10/21/2009 4:32:38 PM - System Checkpoint
RP213: 10/21/2009 7:17:51 PM - RegistryBackup10.21.2009-7_17_46-PM

==== Image File Execution Options ============

IFEO: image file execution options - svchost.exe
IFEO: a.exe - svchost.exe
IFEO: About.exe - svchost.exe
IFEO: AdwarePrj.exe - svchost.exe
IFEO: agent.exe - svchost.exe
IFEO: AntivirusPlus - svchost.exe
IFEO: AntivirusPlus.exe - svchost.exe
IFEO: AntivirusXP - svchost.exe
IFEO: AntivirusXP.exe - svchost.exe
IFEO: antivirusxppro2009.exe - svchost.exe
IFEO: AntiVirus_Pro.exe - svchost.exe
IFEO: Arrakis3.exe - svchost.exe
IFEO: ashAvast.exe - svchost.exe
IFEO: ashBug.exe - svchost.exe
IFEO: ashChest.exe - svchost.exe
IFEO: ashCnsnt.exe - svchost.exe
IFEO: ashLogV.exe - svchost.exe
IFEO: ashMaiSv.exe - svchost.exe
IFEO: ashPopWz.exe - svchost.exe
IFEO: ashQuick.exe - svchost.exe
IFEO: ashServ.exe - svchost.exe
IFEO: ashSimp2.exe - svchost.exe
IFEO: ashSimpl.exe - svchost.exe
IFEO: ashSkPcc.exe - svchost.exe
IFEO: ashSkPck.exe - svchost.exe
IFEO: ashUpd.exe - svchost.exe
IFEO: ashWebSv.exe - svchost.exe
IFEO: aswChLic.exe - svchost.exe
IFEO: aswRegSvr.exe - svchost.exe
IFEO: aswRunDll.exe - svchost.exe
IFEO: aswUpdSv.exe - svchost.exe
IFEO: av360.exe - svchost.exe
IFEO: avadmin.exe - svchost.exe
IFEO: AVCare.exe - svchost.exe
IFEO: avconfig.exe - svchost.exe
IFEO: avgchk.exe - svchost.exe
IFEO: avgcmgr.exe - svchost.exe
IFEO: avgcsrvx.exe - svchost.exe
IFEO: avgdumpx.exe - svchost.exe
IFEO: avgiproxy.exe - svchost.exe
IFEO: avgnsx.exe - svchost.exe
IFEO: avgscanx.exe - svchost.exe
IFEO: avgsrmax.exe - svchost.exe
IFEO: avgupd.exe - svchost.exe
IFEO: avgwdsvc.exe - svchost.exe
IFEO: avmailc.exe - svchost.exe
IFEO: avmcdlg.exe - svchost.exe
IFEO: avnotify.exe - svchost.exe
IFEO: avscan.exe - svchost.exe
IFEO: avupgsvc.exe - svchost.exe
IFEO: AVWEBGRD.EXE - svchost.exe
IFEO: avwsc.exe - svchost.exe
IFEO: b.exe - svchost.exe
IFEO: bdfvcl.exe - svchost.exe
IFEO: bdfvwiz.exe - svchost.exe
IFEO: BDInProcPatch.exe - svchost.exe
IFEO: BDMsnScan.exe - svchost.exe
IFEO: bdreinit.exe - svchost.exe
IFEO: bdsubwiz.exe - svchost.exe
IFEO: BDSurvey.exe - svchost.exe
IFEO: bdtkexec.exe - svchost.exe
IFEO: bdwizreg.exe - svchost.exe
IFEO: brw.exe - svchost.exe
IFEO: bspatch.exe - svchost.exe
IFEO: c.exe - svchost.exe
IFEO: cavscan.exe - svchost.exe
IFEO: cfp.exe - svchost.exe
IFEO: cfpconfg.exe - svchost.exe
IFEO: cfplogvw.exe - svchost.exe
IFEO: cfpupdat.exe - svchost.exe
IFEO: Cl.exe - svchost.exe
IFEO: cleanIELow.exe - svchost.exe
IFEO: cmdagent.exe - svchost.exe
IFEO: control - svchost.exe
IFEO: crashrep.exe - svchost.exe
IFEO: cssconfg.exe - svchost.exe
IFEO: cssupdat.exe - svchost.exe
IFEO: cssurf.exe - svchost.exe
IFEO: d.exe - svchost.exe
IFEO: deloeminfs.exe - svchost.exe
IFEO: dop.exe - svchost.exe
IFEO: driverctrl.exe - svchost.exe
IFEO: fact.exe - svchost.exe
IFEO: fixcfg.exe - svchost.exe
IFEO: fixfp.exe - svchost.exe
IFEO: frmwrk32.exe - svchost.exe
IFEO: guardgui.exe - svchost.exe
IFEO: History.exe - svchost.exe
IFEO: homeav2010.exe - svchost.exe
IFEO: Identity.exe - svchost.exe
IFEO: IEShow.exe - svchost.exe
IFEO: init32.exe - svchost.exe
IFEO: JsRcGen.exe - svchost.exe
IFEO: licmgr.exe - svchost.exe
IFEO: livesrv.exe - svchost.exe
IFEO: MalwareRemoval.exe - svchost.exe
IFEO: msa.exe - svchost.exe
IFEO: msconfig - svchost.exe
IFEO: OAcat.exe - svchost.exe
IFEO: OAhlp.exe - svchost.exe
IFEO: OAReg.exe - svchost.exe
IFEO: oasrv.exe - svchost.exe
IFEO: oaui.exe - svchost.exe
IFEO: oaview.exe - svchost.exe
IFEO: ODSW.exe - svchost.exe
IFEO: pav.exe - svchost.exe
IFEO: pc.exe - svchost.exe
IFEO: pctsAuxs.exe - svchost.exe
IFEO: pctsGui.exe - svchost.exe
IFEO: pctsSvc.exe - svchost.exe
IFEO: pctsTray.exe - svchost.exe
IFEO: PC_Antispyware2010.exe - svchost.exe
IFEO: PerAvir.exe - svchost.exe
IFEO: protector.exe - svchost.exe
IFEO: PSANCU.exe - svchost.exe
IFEO: PSANHost.exe - svchost.exe
IFEO: PSANToManager.exe - svchost.exe
IFEO: PSUNMain.exe - svchost.exe
IFEO: qh.exe - svchost.exe
IFEO: Quick Heal.exe - svchost.exe
IFEO: rscdwld.exe - svchost.exe
IFEO: SaveDefense.exe - svchost.exe
IFEO: SaveKeep.exe - svchost.exe
IFEO: seccenter.exe - svchost.exe
IFEO: Security Center.exe - svchost.exe
IFEO: setloadorder.exe - svchost.exe
IFEO: shield.exe - svchost.exe
IFEO: signcheck.exe - svchost.exe
IFEO: smartdefender.exe - svchost.exe
IFEO: smartprotector.exe - svchost.exe
IFEO: smrtdefp.exe - svchost.exe
IFEO: snetcfg.exe - svchost.exe
IFEO: spywarexpguard.exe - svchost.exe
IFEO: tapinstall.exe - svchost.exe
IFEO: taskmgr.exe - svchost.exe
IFEO: tsc.exe - svchost.exe
IFEO: uiscan.exe - svchost.exe
IFEO: upgrepl.exe - svchost.exe
IFEO: VisthAux.exe - svchost.exe
IFEO: VisthLic.exe - svchost.exe
IFEO: VisthUpd.exe - svchost.exe
IFEO: vsserv.exe - svchost.exe
IFEO: W3asbas.exe - svchost.exe
IFEO: winav.exe - svchost.exe
IFEO: windll32.exe - svchost.exe
IFEO: wscfxas.exe - svchost.exe
IFEO: wscfxav.exe - svchost.exe
IFEO: wscfxfw.exe - svchost.exe
IFEO: wsctool.exe - svchost.exe
IFEO: xpdeluxe.exe - svchost.exe
IFEO: ~1.exe - svchost.exe
IFEO: ~2.exe - svchost.exe

==== Installed Programs ======================

6300
6300_Help
6300Trb
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.3
AIM 6
AiO_Scan_CDA
AiOSoftwareNPI
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Antivirus
Bejeweled 2 Deluxe (remove only)
BlackBerry Device Software Updater
BlackBerry Media Sync
BlackBerry v4.2.2 for the 8320 Series Wireless Handheld
BlackBerry® Media Sync
Bonjour
Broadcom 802.11 Wireless LAN Adapter
Carbonite Online Backup Setup
CCScore
Destinations
DeviceManagementQFolder
DocProc
DocProcQFolder
DocumentViewerQFolder
Driver Installer
DynDNS Updater
eReader
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
eSupportQFolder
Fax_CDA
fflink
FullDPAppQFolder
Google Earth
Google Toolbar for Internet Explorer
Handmark® Bible For Pocket PC
HijackThis 2.0.2
HP Imaging Device Functions 7.0
HP Integrated Module with Bluetooth wireless technology
HP Officejet 5600 series
HP Photosmart, Officejet and Deskjet 7.0.A
HP Quick Launch Buttons 6.10 B9
HP Solution Center 7.0
HP Update
HP Webcam
HP Wireless Assistant
HPPhotoSmartExpress
HPProductAssistant
InstantShareDevicesMFC
iTunes
J2SE Runtime Environment 5.0 Update 3
Java™ 6 Update 15
Java™ 6 Update 5
Java™ 6 Update 7
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft ActiveSync
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office XP Professional
Microsoft Sync Framework Runtime v1.0 (x86)
Microsoft Sync Framework Services v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual Basic 6.0 Enterprise Edition
Microsoft Web Publishing Wizard 1.52
Microsoft XML Parser and SDK
Mobile Broadband Drivers
MobileMe Control Panel
Motorola Driver Installation
Mozilla Firefox (3.5.1)
MS-Errors ErrorFixer 3.2.9
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser
netbrdg
NewCopy_CDA
Nokia Connectivity Adapter Cable DKU-5
NVIDIA Drivers
OCR Software by I.R.I.S 7.0
OfotoXMI
OpenOffice.org Installer 1.0
PanoStandAlone
PANTECH PC USB Modem Software
ProductContextNPI
QuickTime
Readme
Realtek High Definition Audio Driver
RealtyData
RemoveIT Pro v4 - SE
Scan
ScannerCopy
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
SFR
SHASTA
skin0001
SKINXSDK
Skype™ 3.6
SolutionCenter
staticcr
Status
Synaptics Pointing Device Driver
SyncToy 2.0 (x86)
TeamViewer 4
The Clinical Documentation Sourcebook
The Print Shop 22
Toolbox
tooltips
TrayApp
UGInstaller
Unload
Update for Windows XP (KB951978)
Viewpoint Media Player
VistaBootPRO 3.3
VNC Free Edition 4.1.2
VPRINTOL
WebFldrs XP
WebReg
Windows Driver Package - usbvm326 (usbvm328) Image (10/12/2006 326.1.061012.25)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 9 Series Power Toy - Ratings Migration
Windows Mobile® Device Handbook
Windows XP Service Pack 3
WIRELESS
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

10/21/2009 3:40:02 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! iAVS4 Control Service service to connect.
10/21/2009 3:40:02 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Antivirus service to connect.
10/21/2009 3:40:02 PM, error: Service Control Manager [7000] - The avast! iAVS4 Control Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/21/2009 3:40:02 PM, error: Service Control Manager [7000] - The avast! Antivirus service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/21/2009 3:08:04 PM, error: Service Control Manager [7000] - The Zune Bus Enumerator Driver service failed to start due to the following error: The system cannot find the file specified.

==== End Of File ===========================


DDS (Ver_09-10-13.01) - NTFSx86
Run by CindyA at 8:37:14.06 on Thu 10/22/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1983.1419 [GMT -5:00]


============== Running Processes ===============

D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\WINDOWS\System32\svchost.exe -k imgsvc
D:\Program Files\Viewpoint\Common\ViewpointService.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
D:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
D:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\Microsoft ActiveSync\wcescomm.exe
D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
D:\PROGRA~1\MICROS~3\rapimgr.exe
D:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
D:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
D:\WINDOWS\System32\svchost.exe -k HTTPFilter
D:\Program Files\Skype\Plugin Manager\skypePM.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
D:\WINDOWS\system32\notepad.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
D:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
D:\Documents and Settings\CindyA\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ca/
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - d:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: : {01bf47e8-4662-4d8e-800c-fc491fbd7e22} - d:\docume~1\cindya\locals~1\temp\ASFDAS~1.DLL
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - d:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - d:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - d:\program files\yahoo!\common\yiesrvc.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - d:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - d:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - d:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - d:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - d:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "d:\program files\messenger\msmsgs.exe" /background
uRun: [Skype] "d:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Aim6]
uRun: [Yahoo! Pager] "d:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [H/PC Connection Agent] "d:\program files\microsoft activesync\wcescomm.exe"
uRun: [CompanionLink] "d:\program files\sprint desktop sync\sprint desktop sync.exe" -Icon
uRun: [swg] d:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [HP Software Update] d:\program files\hewlett-packard\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [SynTPEnh] d:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [SynTPStart] d:\program files\synaptics\syntp\SynTPStart.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Adobe Reader Speed Launcher] "d:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [AppleSyncNotifier] d:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [SunJavaUpdateSched] "d:\program files\java\jre6\bin\jusched.exe"
mRun: [CarboniteSetupLite] "d:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=1800
mRun: [QuickTime Task] "d:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "d:\program files\itunes\iTunesHelper.exe"
mRun: [avast!] d:\progra~1\alwils~1\avast4\ashDisp.exe
StartupFolder: d:\docume~1\alluse~1.win\startm~1\programs\startup\blueto~1.lnk - d:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: d:\docume~1\alluse~1.win\startm~1\programs\startup\deskto~1.lnk - d:\program files\research in motion\blackberry\DesktopMgr.exe
StartupFolder: d:\docume~1\alluse~1.win\startm~1\programs\startup\hpdigi~1.lnk - d:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
StartupFolder: d:\docume~1\alluse~1.win\startm~1\programs\startup\hpphot~1.lnk - d:\program files\hewlett-packard\digital imaging\bin\hpqthb08.exe
StartupFolder: d:\docume~1\alluse~1.win\startm~1\programs\startup\kodake~1.lnk - d:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: d:\docume~1\alluse~1.win\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: Send To &Bluetooth - d:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - d:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - d:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - d:\progra~1\micros~3\INetRepl.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - d:\program files\yahoo!\common\yiesrvc.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - d:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
Trusted Zone: jpclerkofcourt.us\ssl
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - d:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - d:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll
IFEO: image file execution options - svchost.exe
IFEO: a.exe - svchost.exe
IFEO: About.exe - svchost.exe
IFEO: AdwarePrj.exe - svchost.exe
IFEO: agent.exe - svchost.exe

Note: multiple IFEO entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - d:\docume~1\cindya\applic~1\mozilla\firefox\profiles\qljmvnpj.default\
FF - prefs.js: browser.search.selectedEngine - search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: d:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;d:\windows\system32\drivers\aswSP.sys [2009-10-21 114768]
R2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswFsBlk.sys [2009-10-21 20560]
R2 Viewpoint Manager Service;Viewpoint Manager Service;d:\program files\viewpoint\common\ViewpointService.exe [2008-7-25 24652]
R3 xtouch;xtouch;d:\windows\system32\drivers\xtouch.sys [2006-3-22 77952]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;d:\windows\system32\drivers\adm8511.sys --> d:\windows\system32\drivers\ADM8511.SYS [?]
S3 MotDev;Motorola Inc. USB Device;d:\windows\system32\drivers\motodrv.sys --> d:\windows\system32\drivers\motodrv.sys [?]
S3 PTDMBus;PANTECH USB Modem Composite Device Driver ;d:\windows\system32\drivers\PTDMBus.sys [2008-4-17 29952]
S3 PTDMMdm;PANTECH USB Modem Drivers ;d:\windows\system32\drivers\PTDMMdm.sys [2008-4-17 41856]
S3 PTDMVsp;PANTECH USB Modem Serial Port ;d:\windows\system32\drivers\PTDMVsp.sys [2008-4-17 39936]
S3 PTDMWWAN;PANTECH USB Modem WWAN Driver;d:\windows\system32\drivers\PTDMWWAN.sys [2008-4-17 59520]
S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);d:\windows\system32\drivers\swnc8u80.sys [2008-1-10 165248]
S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);d:\windows\system32\drivers\swumx80.sys [2008-1-10 142976]

=============== Created Last 30 ================

2009-10-21 19:15 <DIR> --d----- d:\program files\MS-Errors
2009-10-21 15:55 <DIR> --d----- d:\documents and settings\cindya\.housecall6.6
2009-10-19 20:58 <DIR> --d----- d:\program files\SafetyCenter
2009-10-15 16:02 <DIR> --d----- d:\program files\iPod
2009-10-15 16:02 <DIR> --d----- d:\program files\iTunes
2009-10-15 16:02 <DIR> --d----- d:\program files\Bonjour
2009-10-08 20:42 109,156 a---h--- d:\windows\system32\mlfcache.dat
2009-10-08 20:31 <DIR> --d----- d:\docume~1\alluse~1.win\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}

==================== Find3M ====================

2009-08-28 13:36 256 a------- d:\documents and settings\cindya\pool.bin
2009-07-25 05:23 411,368 a------- d:\windows\system32\deploytk.dll
2009-02-04 21:08 339,592 a------- d:\docume~1\cindya\applic~1\GDIPFONTCACHEV1.DAT
2008-03-14 12:44 32 a------- d:\docume~1\alluse~1.win\applic~1\ezsid.dat
2006-08-19 23:44 19,968 a------- d:\program files\common files\Doc1.doc

============= FINISH: 8:37:33.96 ===============

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:03:40 AM, on 10/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Viewpoint\Common\ViewpointService.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
D:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
D:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\Microsoft ActiveSync\wcescomm.exe
D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
D:\PROGRA~1\MICROS~3\rapimgr.exe
D:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
D:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Skype\Plugin Manager\skypePM.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
D:\WINDOWS\system32\msiexec.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\system32\notepad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {01BF47E8-4662-4D8E-800C-FC491FBD7E22} - D:\DOCUME~1\CindyA\LOCALS~1\Temp\ASFDAS~1.DLL (file missing)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - D:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - D:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SynTPEnh] D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SynTPStart] D:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [CarboniteSetupLite] "D:\Program Files\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=1800
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [CompanionLink] "d:\program files\sprint desktop sync\sprint desktop sync.exe" -Icon
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Desktop Manager.lnk = D:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = D:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Send To &Bluetooth - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} (RIM AxLoader) - http://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - D:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Software Updater (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - D:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - D:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - D:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - c:\Program Files\RealVNC\VNC4\WinVNC4.exe
O24 - Desktop Component 0: (no name) - http://photos-c.ll.facebook.com/photos-ll-..._90162_6110.jpg
O24 - Desktop Component 1: (no name) - http://img.att.net/cobrand/bellsouth/img/u...ader-Orange.png
O24 - Desktop Component 2: (no name) - http://mail.yimg.com/us.js.yimg.com/combo?...h/mg/uhbt2v7.js

--
End of file - 10818 bytes

BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:31 AM

Posted 31 October 2009 - 10:52 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:31 AM

Posted 05 November 2009 - 05:37 PM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
_temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users