Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

rootkit malware program has taken over my pc


  • This topic is locked This topic is locked
2 replies to this topic

#1 dvo1

dvo1

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 15 October 2010 - 12:45 AM

I am running XP media center edition on a HP desktop.
My issues are I get redirected, My HP/MS/NortonSec.Suite updates are not really being updated. This thing has control over everything.
I have run combofix,hijackthis/xraypc/spybot/malwarebytes which will not update no matter what I try...the clean.exe to completely remove than re-installing renamed and getting rules and manual updater. Nothing works.
We have two desktops here at the house. The pc in question for this post is run on wireless through a router and is the same one I mentioned above. I have downloaded and run rkill.
I also have tried for 9 hours now to run gmer but it gets most of the way through the scan than goes to blue screen and crashes my computer than reboots. So I have been unable to save a log of what it did scan. Defogger was run and cd emulator has been disabled,so I don't know why it will not finish and let me save the scan. Here are all the logs that I do have. Thank you for your help in advance.


DDS (Ver_10-10-10.03) - NTFSx86
Run by HP_Administrator at 0:34:13.23 on Thu 10/14/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.417 [GMT -7:00]

AV: Norton Security Suite *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
svchost.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe
svchost.exe
C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\4.2.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\4.2.0.12\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\4.2.0.12\coIEPlg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [CTDVDDET] "c:\program files\creative\sbaudigy4\dvdaudio\CTDVDDET.EXE"
mRun: [CTSysVol] c:\program files\creative\sbaudigy4\surround mixer\CTSysVol.exe /r
mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
mRun: [CTHelper] CTHELPER.EXE
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\documents and settings\hp_administrator\start menu\programs\startup\CurseClientStartup.ccip
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1286167286390
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

============= SERVICES / DRIVERS ===============

R0 FixTDSS;FixTDSS;c:\windows\system32\drivers\FixTDSS.sys [2010-10-5 15792]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0402000.00c\symds.sys [2010-10-3 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0402000.00c\symefa.sys [2010-10-3 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20101001.001\BHDrvx86.sys [2010-10-5 692272]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0402000.00c\cchpx86.sys [2010-10-3 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0402000.00c\ironx86.sys [2010-10-3 116784]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\4.2.0.12\ccsvchst.exe [2010-10-3 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-10-3 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20101012.001\IDSXpx86.sys [2010-9-15 341880]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-10-14 38224]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20101013.022\NAVENG.SYS [2010-10-13 86064]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20101013.022\NAVEX15.SYS [2010-10-13 1371184]
S3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [2006-11-10 468768]

=============== Created Last 30 ================

2010-10-14 07:11:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-14 07:11:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-10-14 07:11:05 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-14 07:11:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-14 05:56:31 -------- d-----w- c:\windows\SxsCaPendDel
2010-10-14 05:47:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\LightScribe
2010-10-13 22:07:33 -------- d-----w- C:\ProgramData
2010-10-13 22:06:34 -------- d---a-w- C:\swsetup
2010-10-13 22:01:22 -------- d-----w- c:\docume~1\hp_adm~1\applic~1\WinBatch
2010-10-13 22:00:07 -------- d-----w- c:\windows\Downloaded Installations
2010-10-13 21:26:56 -------- d-----w- c:\program files\common files\xing shared
2010-10-13 21:26:30 569397 ----a-w- c:\program files\internet explorer\plugins\richfx\player\nprfxins.dll
2010-10-13 11:33:31 -------- d-----w- c:\docume~1\hp_adm~1\locals~1\applic~1\Adobe
2010-10-13 04:40:50 -------- d-----w- c:\docume~1\hp_adm~1\locals~1\applic~1\Symantec
2010-10-12 23:04:19 -------- d-----w- c:\docume~1\alluse~1\applic~1\F-Secure
2010-10-12 22:52:06 -------- d-----w- C:\temp
2010-10-12 21:56:22 -------- d-----w- c:\docume~1\hp_adm~1\locals~1\applic~1\Identities
2010-10-12 21:46:54 -------- d-----w- c:\docume~1\hp_adm~1\locals~1\applic~1\Deployment
2010-10-12 21:45:39 -------- d-----w- c:\windows\system32\XPSViewer
2010-10-12 21:45:12 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-10-12 21:44:27 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-10-12 21:44:27 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-10-12 21:44:27 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-10-12 21:44:27 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-10-12 21:44:27 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-10-12 21:44:27 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-10-12 21:44:27 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2010-10-12 21:44:27 117760 ------w- c:\windows\system32\prntvpt.dll
2010-10-12 21:44:25 -------- d-----w- C:\340d3597cd51b83b4c7b905258
2010-10-12 21:36:09 -------- d--h--r- C:\AHCache
2010-10-12 20:34:23 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-12 20:34:23 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-12 20:33:34 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-10-12 20:32:10 -------- d-sh--w- c:\documents and settings\hp_administrator\IECompatCache
2010-10-05 22:09:15 -------- d-----w- c:\docume~1\alluse~1\applic~1\Blizzard Entertainment
2010-10-05 20:59:48 -------- d-----w- c:\program files\World of Warcraft
2010-10-05 20:53:52 -------- d-----w- c:\docume~1\alluse~1\applic~1\Blizzard
2010-10-05 20:52:25 -------- d-----w- c:\program files\common files\Blizzard Entertainment
2010-10-05 10:23:29 -------- d-----w- c:\program files\ESET
2010-10-05 09:54:02 -------- d-----w- c:\docume~1\hp_adm~1\applic~1\Malwarebytes
2010-10-05 09:44:05 -------- d-----w- c:\docume~1\hp_adm~1\applic~1\HPQ
2010-10-05 08:14:28 15792 ----a-w- c:\windows\system32\drivers\FixTDSS.sys
2010-10-05 08:14:28 -------- d-----w- c:\docume~1\hp_adm~1\applic~1\FixTDSS
2010-10-05 04:43:53 -------- d-----w- c:\windows\system32\appmgmt
2010-10-04 23:35:54 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-10-04 23:35:54 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2010-10-04 19:49:35 -------- d-sha-r- C:\cmdcons
2010-10-04 19:48:27 -------- d-----w- C:\devin129881d
2010-10-04 17:52:34 41624 ----a-w- c:\windows\system32\drivers\fsbts.sys
2010-10-04 17:42:02 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-04 17:42:02 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-04 10:07:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-10-04 10:07:40 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-10-04 09:47:48 -------- d-----w- c:\program files\Trend Micro
2010-10-04 09:17:44 98816 ----a-w- c:\windows\sed.exe
2010-10-04 09:17:44 77312 ----a-w- c:\windows\MBR.exe
2010-10-04 09:17:44 256512 ----a-w- c:\windows\PEV.exe
2010-10-04 09:17:44 161792 ----a-w- c:\windows\SWREG.exe
2010-10-04 09:17:36 -------- d-----w- C:\devin1
2010-10-04 08:25:01 -------- d-sh--w- c:\documents and settings\hp_administrator\PrivacIE
2010-10-04 08:13:14 -------- d-sh--w- c:\documents and settings\hp_administrator\IETldCache
2010-10-04 07:59:59 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-10-04 07:40:26 13312 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-10-04 07:35:28 -------- d-----w- c:\windows\ie8updates
2010-10-04 07:34:21 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-10-04 07:34:20 602112 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-10-04 07:34:20 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-10-04 07:34:18 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-10-04 07:34:18 1986560 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-10-04 07:34:15 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-10-04 07:34:15 11080192 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-10-04 07:30:57 -------- dc-h--w- c:\windows\ie8
2010-10-04 07:06:36 -------- d-----w- c:\docume~1\hp_adm~1\locals~1\applic~1\NPE
2010-10-04 06:58:24 -------- d-----w- c:\docume~1\hp_adm~1\applic~1\Tific
2010-10-04 06:41:14 361904 ----a-w- c:\windows\system32\drivers\n360\0402000.00c\symtdi.sys
2010-10-04 06:41:14 339504 ----a-w- c:\windows\system32\drivers\n360\0402000.00c\symtdiv.sys
2010-10-04 06:41:13 501888 ----a-w- c:\windows\system32\drivers\n360\0402000.00c\cchpx86.sys
2010-10-04 06:41:13 43696 ----a-w- c:\windows\system32\drivers\n360\0402000.00c\srtspx.sys
2010-10-04 06:41:13 328752 ----a-r- c:\windows\system32\drivers\n360\0402000.00c\symds.sys
2010-10-04 06:41:13 325680 ----a-w- c:\windows\system32\drivers\n360\0402000.00c\srtsp.sys
2010-10-04 06:41:13 173104 ----a-w- c:\windows\system32\drivers\n360\0402000.00c\symefa.sys
2010-10-04 06:41:13 116784 ----a-w- c:\windows\system32\drivers\n360\0402000.00c\ironx86.sys
2010-10-04 06:40:53 -------- d-----w- c:\windows\system32\drivers\n360\0402000.00C
2010-10-04 06:39:33 -------- d-----w- C:\N360_BACKUP
2010-10-04 06:37:04 -------- d-----w- C:\0b02079b0bcb2f41288a4151
2010-10-04 06:34:14 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-10-04 06:34:14 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-10-04 06:34:10 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-10-04 06:34:10 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-10-04 06:34:10 -------- d-----w- c:\program files\Symantec
2010-10-04 06:33:43 -------- d-----w- c:\windows\system32\drivers\N360
2010-10-04 06:33:37 -------- d-----w- c:\program files\Norton Security Suite
2010-10-04 06:29:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\PCSettings
2010-10-04 06:29:29 -------- d-----w- c:\program files\NortonInstaller
2010-10-04 06:29:29 -------- d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2010-10-04 06:09:23 -------- d-----w- c:\windows\system32\scripting
2010-10-04 06:09:22 -------- d-----w- c:\windows\system32\en
2010-10-04 06:09:22 -------- d-----w- c:\windows\system32\bits
2010-10-04 06:09:22 -------- d-----w- c:\windows\l2schemas
2010-10-04 06:07:13 -------- d-----w- c:\windows\network diagnostic
2010-10-04 06:03:26 17920 ------w- c:\windows\system32\dllcache\msyuv.dll
2010-10-04 05:19:49 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-10-04 05:10:03 -------- d-----w- c:\windows\ServicePackFiles
2010-10-04 05:08:39 -------- d-----w- c:\program files\MSXML 4.0
2010-10-04 05:00:18 63488 ------w- c:\windows\system32\drivers\atinxsxx.sys
2010-10-04 04:53:36 -------- d-----w- c:\program files\CleanUp!
2010-10-04 04:40:35 23040 ------w- c:\windows\kb913800.exe
2010-10-04 04:40:12 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2010-10-04 04:39:58 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-10-04 04:39:58 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2010-10-04 04:39:28 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-10-04 04:37:32 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-10-04 04:36:54 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-10-04 04:36:53 218112 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-10-04 04:36:28 -------- d-sh--w- c:\documents and settings\hp_administrator\UserData
2010-10-04 04:35:59 -------- d-----w- c:\windows\system32\PreInstall
2010-10-04 04:29:50 -------- d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-10-04 04:26:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation
2010-10-04 04:26:03 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-10-04 04:26:02 604776 ----a-w- c:\windows\system32\nvuninst.exe
2010-10-04 04:26:02 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-10-04 04:26:02 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-10-04 04:25:58 -------- d-----w- c:\program files\NVIDIA Corporation
2010-10-04 04:20:43 -------- d-----w- c:\windows\setup.pss
2010-10-04 04:20:34 -------- d-----w- c:\windows\setupupd
2010-10-04 04:15:48 -------- d-----w- c:\windows\system32\SoftwareDistribution
2010-10-03 11:53:31 -------- d-----r- c:\documents and settings\all users\Documents
2010-10-03 11:52:01 -------- d-----r- c:\windows\Offline Web Pages
2010-10-03 11:49:26 -------- d-sh--r- c:\windows\system32\dllcache
2010-09-18 19:23:26 974848 ------w- c:\windows\system32\dllcache\mfc42u.dll

==================== Find3M ====================

2010-10-13 21:26:22 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-10-13 21:26:22 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-10-04 20:44:00 155752 ----a-w- c:\windows\system32\nvsvc32.exe
2010-10-04 08:12:03 135680 ----a-w- c:\windows\system32\taskmgr.exe
2010-10-04 06:11:31 208896 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
2010-10-04 06:11:19 45056 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\uninstallui\eHelpSetup.exe
2010-10-04 06:11:18 61440 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\modemutil.dll
2010-10-04 06:11:18 44032 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\scripts\devcon.exe
2010-10-04 06:11:18 40960 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\ScDmi.dll
2010-10-04 06:11:18 341048 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\HPBasicDetection3.dll
2010-10-04 06:11:18 32768 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\uploadHSC.dll
2010-10-04 06:11:18 32768 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\Scom.dll
2010-10-04 06:11:18 163840 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\modemcheck.dll
2010-09-18 19:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-16 12:05:55 1288192 ----a-w- c:\windows\system32\ole32.dll


============= FINISH: 0:35:51.10 ===============
Logfile of X-RayPc Build 39029 (Installed 1286161154)
Scan saved at 10/4/2010 3:03:57 AM

Registry Settings:
IE Start Page (User) : http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE Start Page (Global) : http://go.microsoft.com/fwlink/?LinkId=69157
IE Blank Page : C:\WINDOWS\system32\blank.htm
IE Default Page : http://go.microsoft.com/fwlink/?LinkId=69157
IE Search Page (User) : http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE Search Page (Global) : http://go.microsoft.com/fwlink/?LinkId=54896
IE Default Search : http://go.microsoft.com/fwlink/?LinkId=69157
HOSTS Directory : %SystemRoot%\System32\drivers\etc

C:\WINDOWS\system32\services.exe (110592 65df52f5b8b6e9bbd183505225c37315)
C:\WINDOWS\system32\lsass.exe (13312 bf2466b3e18e970d8a976fb95fc1ca85)
C:\WINDOWS\system32\nvsvc32.exe (155752 a2322c6207ebb0761a6c8cc9003ebacf)
C:\WINDOWS\system32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
C:\WINDOWS\System32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
C:\WINDOWS\system32\spoolsv.exe (58880 60784f891563fb1b767f70117fc2428f)
C:\WINDOWS\system32\CTsvcCDA.EXE (44032 3c8b6609712f4ff78e521f6dcfc4032b)
C:\WINDOWS\eHome\ehRecvr.exe (237568 d039a0c347632622934906bd59a4e1ea)
C:\WINDOWS\eHome\ehSched.exe (102912 a53243709439ac2a4c216b817f8d7411)
C:\WINDOWS\ehome\ehtray.exe (67584 7e48b4958c131e9643ddcd2e7ca3fe9f)
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (151552 3765535734daeb53e783e239e5d6475b)
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (90112 b122be74e283a2bc7febc180bfd2efd5)
C:\Program Files\Common Files\LightScribe\LSSrvc.exe (49152 5d4b38a8d8525356798f5e560c3a3090)
C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe (57344 93d27c8d2902c8f88e9b70fc20998976)
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (49152 c62d19bfbddf9ca47e01545a4b196158)
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe (90112 9e1992c27ecf7f08c154dcacf32f1aab)
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe (49152 821f73b833c4daebc33c1a9a4b16bb5a)
C:\WINDOWS\system32\RUNDLL32.EXE (33280 037b1e7798960e0420003d05bb577ee6)
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe (36903 cbcda25b76b570a8252644594edf3be9)
C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe (126392 8e643fd5f38fa9a2eda27268a1e9499f)
C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe (126392 8e643fd5f38fa9a2eda27268a1e9499f)
C:\WINDOWS\eHome\ehmsas.exe (46592 03a905fba1d62317087db5c21c0f8f62)
C:\WINDOWS\system32\dllhost.exe (5120 0a9ba6af531afe7fa5e4fb973852d863)
C:\WINDOWS\system32\wuauclt.exe (53472 62bb79160f86cd962f312c68c6239bfd)
C:\WINDOWS\explorer.exe (1033728 12896823fb95bfb3dc9b46bcaedc9923)
c:\windows\system\hpsysdrv.exe (52736 06a1ecb63df139ec639e084d4ab3c9d7)
C:\Program Files\DISC\DISCover.exe (1073152 074bdcd9685b7f9be26738af5a128c34)
C:\Program Files\DISC\DiscUpdMgr.exe (65536 62c8b30d352aa3f8ed0fcf238da66de4)
C:\Program Files\DISC\DiscStreamHub.exe (57344 c1c37fe08cf9465d162f9e60a24e5d44)
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Temporary Directory 1 for devinx.zip\x-raypc.exe (348928 df5ba440e4384adcd1a0bf653da84387)

Service: ALG C:\WINDOWS\System32\alg.exe (44544 8c515081584a38aa007909cd02020b3d)
Service: AudioSrv C:\WINDOWS\System32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: BITS C:\WINDOWS\system32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: Browser C:\WINDOWS\system32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: COMSysApp C:\WINDOWS\system32\dllhost.exe (5120 0a9ba6af531afe7fa5e4fb973852d863)
Service: Creative Service for CDROM Access C:\WINDOWS\system32\CTsvcCDA.EXE (44032 3c8b6609712f4ff78e521f6dcfc4032b)
Service: CryptSvc C:\WINDOWS\system32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: DcomLaunch C:\WINDOWS\system32\svchost -k DcomLaunch
Service: Dhcp C:\WINDOWS\system32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: dmserver C:\WINDOWS\System32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: Dnscache C:\WINDOWS\system32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: ehRecvr C:\WINDOWS\eHome\ehRecvr.exe (237568 d039a0c347632622934906bd59a4e1ea)
Service: ehSched C:\WINDOWS\eHome\ehSched.exe (102912 a53243709439ac2a4c216b817f8d7411)
Service: ERSvc C:\WINDOWS\System32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: Eventlog C:\WINDOWS\system32\services.exe (110592 65df52f5b8b6e9bbd183505225c37315)
Service: EventSystem C:\WINDOWS\system32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: FastUserSwitchingCompatibility C:\WINDOWS\System32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: helpsvc C:\WINDOWS\System32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (90112 b122be74e283a2bc7febc180bfd2efd5)
Service: lanmanserver C:\WINDOWS\system32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: lanmanworkstation C:\WINDOWS\system32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe (49152 5d4b38a8d8525356798f5e560c3a3090)
Service: LmHosts C:\WINDOWS\system32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe (99328 df0a511f38f16016bf658fca0090cb87)
Service: N360 C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe (126392 8e643fd5f38fa9a2eda27268a1e9499f)
Service: Netman C:\WINDOWS\System32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: Nla C:\WINDOWS\system32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: NVSvc C:\WINDOWS\system32\nvsvc32.exe (155752 a2322c6207ebb0761a6c8cc9003ebacf)
Service: PlugPlay C:\WINDOWS\system32\services.exe (110592 65df52f5b8b6e9bbd183505225c37315)
Service: PolicyAgent C:\WINDOWS\system32\lsass.exe (13312 bf2466b3e18e970d8a976fb95fc1ca85)
Service: ProtectedStorage C:\WINDOWS\system32\lsass.exe (13312 bf2466b3e18e970d8a976fb95fc1ca85)
Service: RasMan C:\WINDOWS\system32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: RemoteRegistry C:\WINDOWS\system32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: RpcSs C:\WINDOWS\system32\svchost -k rpcss
Service: SamSs C:\WINDOWS\system32\lsass.exe (13312 bf2466b3e18e970d8a976fb95fc1ca85)
Service: Schedule C:\WINDOWS\System32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: seclogon C:\WINDOWS\System32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: SENS C:\WINDOWS\system32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: SharedAccess C:\WINDOWS\System32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: ShellHWDetection C:\WINDOWS\System32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: Spooler C:\WINDOWS\system32\spoolsv.exe (58880 60784f891563fb1b767f70117fc2428f)
Service: srservice C:\WINDOWS\system32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: SSDPSRV C:\WINDOWS\system32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: TapiSrv C:\WINDOWS\System32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: TermService C:\WINDOWS\System32\svchost -k DComLaunch
Service: Themes C:\WINDOWS\System32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: TrkWks C:\WINDOWS\system32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: W32Time C:\WINDOWS\System32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: WebClient C:\WINDOWS\system32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: winmgmt C:\WINDOWS\system32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: wscsvc C:\WINDOWS\System32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: wuauserv C:\WINDOWS\system32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: WZCSVC C:\WINDOWS\System32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)

O2 - BHO: (Yahoo! Toolbar Helper) - {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (438848 47c526e479521908aacbc247fac2c491)
O2 - BHO: (AcroIEHlprObj Class) - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (63136 b61d5d651ecc6055c29bf826ca7b1141)
O2 - BHO: (Symantec NCO BHO) - {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\coIEPlg.dll (394608 9c75d4a47baba32707110c6242e9761c)
O2 - BHO: (Symantec Intrusion Prevention) - {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\IPSBHO.DLL (79224 e60f55692de0df4f393a2a18c7fb9662)
O2 - BHO: (SSVHelper Class) - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (184423 f01726f7ca8538fdd4663c9db8feaedc)
O2 - BHO: (hpWebHelper Class) - {aaae832a-5fff-4661-9c8f-369692d1dcb9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (208896 bebdf2293f53049569285b9b2fa7ec68)

O3 - Toolbar: Yahoo! Toolbar {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (438848 47c526e479521908aacbc247fac2c491)
O3 - Toolbar: Norton Toolbar {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\coIEPlg.dll (394608 9c75d4a47baba32707110c6242e9761c)

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (67584 7e48b4958c131e9643ddcd2e7ca3fe9f)
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (151552 3765535734daeb53e783e239e5d6475b)
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE (45056 db20fce248d269e1c396e70a91e587c8)
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe (57344 93d27c8d2902c8f88e9b70fc20998976)
O4 - HKLM\..\Run: [AudioDrvEmulator] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (49152 c62d19bfbddf9ca47e01545a4b196158)
O4 - HKLM\..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (16384 926153887ed53c268249691d5bbfb9ad)
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE (90112 c419df63e0121d72411285780c2fc6cc)
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe (90112 9e1992c27ecf7f08c154dcacf32f1aab)
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE (237568 f3eaea279f09a7779c18793c87640794)
O4 - HKLM\..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (249856 a789b145f17fa5c2326907f4872fe173)
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe (49152 821f73b833c4daebc33c1a9a4b16bb5a)
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe (1753192 64a9832cd323b49d9efd0cc58cfdee4f)
O4 - HKLM\..\Run: [NvMediaCenter] C:\WINDOWS\system32\NvMcTray.dll (110696 848f20153185a85ab09a4fbced4e7cc7)
O4 - HKLM\..\Run: [NvCplDaemon] C:\WINDOWS\system32\NvCpl.dll (13923432 58a517026e5c8674a70b9b6650691efe)
O4 - HKLM\..\ShellServiceObjectDelayLoad: [PostBootReminder] C:\WINDOWS\system32\shell32.dll (8462336 304cff53c9c9beb03607abe94a8fc781)
O4 - HKLM\..\ShellServiceObjectDelayLoad: [CDBurn] C:\WINDOWS\system32\SHELL32.dll (8462336 304cff53c9c9beb03607abe94a8fc781)
O4 - HKLM\..\ShellServiceObjectDelayLoad: [WebCheck] C:\WINDOWS\system32\webcheck.dll (236544 cc8915db4e33e8fb29ca0d2dbf75306e)
O4 - HKLM\..\ShellServiceObjectDelayLoad: [SysTray] C:\WINDOWS\system32\stobject.dll (121856 50512fc9b7878e3c2c147bc17326a7db)


O16 - DPF: {6e32070a-766d-4ee6-879c-dc1fa91d2fc3} (MUWebControl Class)- http://www.update.microsoft.com/microsoftu...b?1286167286390 - C:\WINDOWS\Downloaded Program Files\muweb.inf (295 168775061869e42cfdd941d1efb012cf)
O16 - DPF: {8ad9c840-044e-11d1-b3e9-00805f499d93} (Java Plug-in)- http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (184423 f01726f7ca8538fdd4663c9db8feaedc)
O16 - DPF: {cafeefac-0015-0000-0006-abcdeffedcba} (Java Plug-in)- http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (184423 f01726f7ca8538fdd4663c9db8feaedc)
O16 - DPF: {cafeefac-ffff-ffff-ffff-abcdeffedcba} (Java Plug-in 1.5.0_06)- http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll (69746 d2cf6bb5e9020e6707b62575f8083954)

020 - HKLM\..\Notify: [crypt32chain] C:\WINDOWS\system32\crypt32.dll (599040 bdaaf79dd63f194434d31a74b9bb8b77)
020 - HKLM\..\Notify: [cryptnet] C:\WINDOWS\system32\cryptnet.dll (64512 c14350fc0d47d806699c4f907fc6785b)
020 - HKLM\..\Notify: [cscdll] C:\WINDOWS\system32\cscdll.dll (101888 515a7fae2070c2b0242b2353443e2f11)
020 - HKLM\..\Notify: [dimsntfy] C:\WINDOWS\System32\dimsntfy.dll (19456 e2092f0a1d7abc243f9c2362483d150d)
020 - HKLM\..\Notify: [ScCertProp] C:\WINDOWS\system32\wlnotify.dll (92672 2cc34e8bb667eef78899546e12649196)
020 - HKLM\..\Notify: [Schedule] C:\WINDOWS\system32\wlnotify.dll (92672 2cc34e8bb667eef78899546e12649196)
020 - HKLM\..\Notify: [sclgntfy] C:\WINDOWS\system32\sclgntfy.dll (20480 63ff9068e5bda0bc9ecd38fbbb216e24)
020 - HKLM\..\Notify: [SensLogn] C:\WINDOWS\system32\WlNotify.dll (92672 2cc34e8bb667eef78899546e12649196)
020 - HKLM\..\Notify: [termsrv] C:\WINDOWS\system32\wlnotify.dll (92672 2cc34e8bb667eef78899546e12649196)
020 - HKLM\..\Notify: [wlballoon] C:\WINDOWS\system32\wlnotify.dll (92672 2cc34e8bb667eef78899546e12649196)



Logfile of X-RayPc Build 39029 (Installed 1286161154)
Scan saved at 10/4/2010 3:03:57 AM

Registry Settings:
IE Start Page (User) : http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE Start Page (Global) : http://go.microsoft.com/fwlink/?LinkId=69157
IE Blank Page : C:\WINDOWS\system32\blank.htm
IE Default Page : http://go.microsoft.com/fwlink/?LinkId=69157
IE Search Page (User) : http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE Search Page (Global) : http://go.microsoft.com/fwlink/?LinkId=54896
IE Default Search : http://go.microsoft.com/fwlink/?LinkId=69157
HOSTS Directory : %SystemRoot%\System32\drivers\etc

C:\WINDOWS\system32\services.exe (110592 65df52f5b8b6e9bbd183505225c37315)
C:\WINDOWS\system32\lsass.exe (13312 bf2466b3e18e970d8a976fb95fc1ca85)
C:\WINDOWS\system32\nvsvc32.exe (155752 a2322c6207ebb0761a6c8cc9003ebacf)
C:\WINDOWS\system32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
C:\WINDOWS\System32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
C:\WINDOWS\system32\spoolsv.exe (58880 60784f891563fb1b767f70117fc2428f)
C:\WINDOWS\system32\CTsvcCDA.EXE (44032 3c8b6609712f4ff78e521f6dcfc4032b)
C:\WINDOWS\eHome\ehRecvr.exe (237568 d039a0c347632622934906bd59a4e1ea)
C:\WINDOWS\eHome\ehSched.exe (102912 a53243709439ac2a4c216b817f8d7411)
C:\WINDOWS\ehome\ehtray.exe (67584 7e48b4958c131e9643ddcd2e7ca3fe9f)
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (151552 3765535734daeb53e783e239e5d6475b)
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (90112 b122be74e283a2bc7febc180bfd2efd5)
C:\Program Files\Common Files\LightScribe\LSSrvc.exe (49152 5d4b38a8d8525356798f5e560c3a3090)
C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe (57344 93d27c8d2902c8f88e9b70fc20998976)
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (49152 c62d19bfbddf9ca47e01545a4b196158)
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe (90112 9e1992c27ecf7f08c154dcacf32f1aab)
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe (49152 821f73b833c4daebc33c1a9a4b16bb5a)
C:\WINDOWS\system32\RUNDLL32.EXE (33280 037b1e7798960e0420003d05bb577ee6)
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe (36903 cbcda25b76b570a8252644594edf3be9)
C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe (126392 8e643fd5f38fa9a2eda27268a1e9499f)
C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe (126392 8e643fd5f38fa9a2eda27268a1e9499f)
C:\WINDOWS\eHome\ehmsas.exe (46592 03a905fba1d62317087db5c21c0f8f62)
C:\WINDOWS\system32\dllhost.exe (5120 0a9ba6af531afe7fa5e4fb973852d863)
C:\WINDOWS\system32\wuauclt.exe (53472 62bb79160f86cd962f312c68c6239bfd)
C:\WINDOWS\explorer.exe (1033728 12896823fb95bfb3dc9b46bcaedc9923)
c:\windows\system\hpsysdrv.exe (52736 06a1ecb63df139ec639e084d4ab3c9d7)
C:\Program Files\DISC\DISCover.exe (1073152 074bdcd9685b7f9be26738af5a128c34)
C:\Program Files\DISC\DiscUpdMgr.exe (65536 62c8b30d352aa3f8ed0fcf238da66de4)
C:\Program Files\DISC\DiscStreamHub.exe (57344 c1c37fe08cf9465d162f9e60a24e5d44)
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Temporary Directory 1 for devinx.zip\x-raypc.exe (348928 df5ba440e4384adcd1a0bf653da84387)

Service: ALG C:\WINDOWS\System32\alg.exe (44544 8c515081584a38aa007909cd02020b3d)
Service: AudioSrv C:\WINDOWS\System32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: BITS C:\WINDOWS\system32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: Browser C:\WINDOWS\system32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: COMSysApp C:\WINDOWS\system32\dllhost.exe (5120 0a9ba6af531afe7fa5e4fb973852d863)
Service: Creative Service for CDROM Access C:\WINDOWS\system32\CTsvcCDA.EXE (44032 3c8b6609712f4ff78e521f6dcfc4032b)
Service: CryptSvc C:\WINDOWS\system32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: DcomLaunch C:\WINDOWS\system32\svchost -k DcomLaunch
Service: Dhcp C:\WINDOWS\system32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: dmserver C:\WINDOWS\System32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: Dnscache C:\WINDOWS\system32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: ehRecvr C:\WINDOWS\eHome\ehRecvr.exe (237568 d039a0c347632622934906bd59a4e1ea)
Service: ehSched C:\WINDOWS\eHome\ehSched.exe (102912 a53243709439ac2a4c216b817f8d7411)
Service: ERSvc C:\WINDOWS\System32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: Eventlog C:\WINDOWS\system32\services.exe (110592 65df52f5b8b6e9bbd183505225c37315)
Service: EventSystem C:\WINDOWS\system32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: FastUserSwitchingCompatibility C:\WINDOWS\System32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: helpsvc C:\WINDOWS\System32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (90112 b122be74e283a2bc7febc180bfd2efd5)
Service: lanmanserver C:\WINDOWS\system32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: lanmanworkstation C:\WINDOWS\system32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe (49152 5d4b38a8d8525356798f5e560c3a3090)
Service: LmHosts C:\WINDOWS\system32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe (99328 df0a511f38f16016bf658fca0090cb87)
Service: N360 C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe (126392 8e643fd5f38fa9a2eda27268a1e9499f)
Service: Netman C:\WINDOWS\System32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: Nla C:\WINDOWS\system32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: NVSvc C:\WINDOWS\system32\nvsvc32.exe (155752 a2322c6207ebb0761a6c8cc9003ebacf)
Service: PlugPlay C:\WINDOWS\system32\services.exe (110592 65df52f5b8b6e9bbd183505225c37315)
Service: PolicyAgent C:\WINDOWS\system32\lsass.exe (13312 bf2466b3e18e970d8a976fb95fc1ca85)
Service: ProtectedStorage C:\WINDOWS\system32\lsass.exe (13312 bf2466b3e18e970d8a976fb95fc1ca85)
Service: RasMan C:\WINDOWS\system32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: RemoteRegistry C:\WINDOWS\system32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: RpcSs C:\WINDOWS\system32\svchost -k rpcss
Service: SamSs C:\WINDOWS\system32\lsass.exe (13312 bf2466b3e18e970d8a976fb95fc1ca85)
Service: Schedule C:\WINDOWS\System32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: seclogon C:\WINDOWS\System32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: SENS C:\WINDOWS\system32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: SharedAccess C:\WINDOWS\System32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: ShellHWDetection C:\WINDOWS\System32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: Spooler C:\WINDOWS\system32\spoolsv.exe (58880 60784f891563fb1b767f70117fc2428f)
Service: srservice C:\WINDOWS\system32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: SSDPSRV C:\WINDOWS\system32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: TapiSrv C:\WINDOWS\System32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: TermService C:\WINDOWS\System32\svchost -k DComLaunch
Service: Themes C:\WINDOWS\System32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: TrkWks C:\WINDOWS\system32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: W32Time C:\WINDOWS\System32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: WebClient C:\WINDOWS\system32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: winmgmt C:\WINDOWS\system32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: wscsvc C:\WINDOWS\System32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: wuauserv C:\WINDOWS\system32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: WZCSVC C:\WINDOWS\System32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)

O2 - BHO: (Yahoo! Toolbar Helper) - {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (438848 47c526e479521908aacbc247fac2c491)
O2 - BHO: (AcroIEHlprObj Class) - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (63136 b61d5d651ecc6055c29bf826ca7b1141)
O2 - BHO: (Symantec NCO BHO) - {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\coIEPlg.dll (394608 9c75d4a47baba32707110c6242e9761c)
O2 - BHO: (Symantec Intrusion Prevention) - {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\IPSBHO.DLL (79224 e60f55692de0df4f393a2a18c7fb9662)
O2 - BHO: (SSVHelper Class) - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (184423 f01726f7ca8538fdd4663c9db8feaedc)
O2 - BHO: (hpWebHelper Class) - {aaae832a-5fff-4661-9c8f-369692d1dcb9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (208896 bebdf2293f53049569285b9b2fa7ec68)

O3 - Toolbar: Yahoo! Toolbar {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (438848 47c526e479521908aacbc247fac2c491)
O3 - Toolbar: Norton Toolbar {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\coIEPlg.dll (394608 9c75d4a47baba32707110c6242e9761c)

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (67584 7e48b4958c131e9643ddcd2e7ca3fe9f)
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (151552 3765535734daeb53e783e239e5d6475b)
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE (45056 db20fce248d269e1c396e70a91e587c8)
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe (57344 93d27c8d2902c8f88e9b70fc20998976)
O4 - HKLM\..\Run: [AudioDrvEmulator] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (49152 c62d19bfbddf9ca47e01545a4b196158)
O4 - HKLM\..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (16384 926153887ed53c268249691d5bbfb9ad)
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE (90112 c419df63e0121d72411285780c2fc6cc)
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe (90112 9e1992c27ecf7f08c154dcacf32f1aab)
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE (237568 f3eaea279f09a7779c18793c87640794)
O4 - HKLM\..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (249856 a789b145f17fa5c2326907f4872fe173)
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe (49152 821f73b833c4daebc33c1a9a4b16bb5a)
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe (1753192 64a9832cd323b49d9efd0cc58cfdee4f)
O4 - HKLM\..\Run: [NvMediaCenter] C:\WINDOWS\system32\NvMcTray.dll (110696 848f20153185a85ab09a4fbced4e7cc7)
O4 - HKLM\..\Run: [NvCplDaemon] C:\WINDOWS\system32\NvCpl.dll (13923432 58a517026e5c8674a70b9b6650691efe)
O4 - HKLM\..\ShellServiceObjectDelayLoad: [PostBootReminder] C:\WINDOWS\system32\shell32.dll (8462336 304cff53c9c9beb03607abe94a8fc781)
O4 - HKLM\..\ShellServiceObjectDelayLoad: [CDBurn] C:\WINDOWS\system32\SHELL32.dll (8462336 304cff53c9c9beb03607abe94a8fc781)
O4 - HKLM\..\ShellServiceObjectDelayLoad: [WebCheck] C:\WINDOWS\system32\webcheck.dll (236544 cc8915db4e33e8fb29ca0d2dbf75306e)
O4 - HKLM\..\ShellServiceObjectDelayLoad: [SysTray] C:\WINDOWS\system32\stobject.dll (121856 50512fc9b7878e3c2c147bc17326a7db)


O16 - DPF: {6e32070a-766d-4ee6-879c-dc1fa91d2fc3} (MUWebControl Class)- http://www.update.microsoft.com/microsoftu...b?1286167286390 - C:\WINDOWS\Downloaded Program Files\muweb.inf (295 168775061869e42cfdd941d1efb012cf)
O16 - DPF: {8ad9c840-044e-11d1-b3e9-00805f499d93} (Java Plug-in)- http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (184423 f01726f7ca8538fdd4663c9db8feaedc)
O16 - DPF: {cafeefac-0015-0000-0006-abcdeffedcba} (Java Plug-in)- http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (184423 f01726f7ca8538fdd4663c9db8feaedc)
O16 - DPF: {cafeefac-ffff-ffff-ffff-abcdeffedcba} (Java Plug-in 1.5.0_06)- http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll (69746 d2cf6bb5e9020e6707b62575f8083954)

020 - HKLM\..\Notify: [crypt32chain] C:\WINDOWS\system32\crypt32.dll (599040 bdaaf79dd63f194434d31a74b9bb8b77)
020 - HKLM\..\Notify: [cryptnet] C:\WINDOWS\system32\cryptnet.dll (64512 c14350fc0d47d806699c4f907fc6785b)
020 - HKLM\..\Notify: [cscdll] C:\WINDOWS\system32\cscdll.dll (101888 515a7fae2070c2b0242b2353443e2f11)
020 - HKLM\..\Notify: [dimsntfy] C:\WINDOWS\System32\dimsntfy.dll (19456 e2092f0a1d7abc243f9c2362483d150d)
020 - HKLM\..\Notify: [ScCertProp] C:\WINDOWS\system32\wlnotify.dll (92672 2cc34e8bb667eef78899546e12649196)
020 - HKLM\..\Notify: [Schedule] C:\WINDOWS\system32\wlnotify.dll (92672 2cc34e8bb667eef78899546e12649196)
020 - HKLM\..\Notify: [sclgntfy] C:\WINDOWS\system32\sclgntfy.dll (20480 63ff9068e5bda0bc9ecd38fbbb216e24)
020 - HKLM\..\Notify: [SensLogn] C:\WINDOWS\system32\WlNotify.dll (92672 2cc34e8bb667eef78899546e12649196)
020 - HKLM\..\Notify: [termsrv] C:\WINDOWS\system32\wlnotify.dll (92672 2cc34e8bb667eef78899546e12649196)
020 - HKLM\..\Notify: [wlballoon] C:\WINDOWS\system32\wlnotify.dll (92672 2cc34e8bb667eef78899546e12649196)



Logfile of X-RayPc Build 39029 (Installed 1286161154)
Scan saved at 10/4/2010 3:03:57 AM

Registry Settings:
IE Start Page (User) : http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE Start Page (Global) : http://go.microsoft.com/fwlink/?LinkId=69157
IE Blank Page : C:\WINDOWS\system32\blank.htm
IE Default Page : http://go.microsoft.com/fwlink/?LinkId=69157
IE Search Page (User) : http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE Search Page (Global) : http://go.microsoft.com/fwlink/?LinkId=54896
IE Default Search : http://go.microsoft.com/fwlink/?LinkId=69157
HOSTS Directory : %SystemRoot%\System32\drivers\etc

C:\WINDOWS\system32\services.exe (110592 65df52f5b8b6e9bbd183505225c37315)
C:\WINDOWS\system32\lsass.exe (13312 bf2466b3e18e970d8a976fb95fc1ca85)
C:\WINDOWS\system32\nvsvc32.exe (155752 a2322c6207ebb0761a6c8cc9003ebacf)
C:\WINDOWS\system32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
C:\WINDOWS\System32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
C:\WINDOWS\system32\spoolsv.exe (58880 60784f891563fb1b767f70117fc2428f)
C:\WINDOWS\system32\CTsvcCDA.EXE (44032 3c8b6609712f4ff78e521f6dcfc4032b)
C:\WINDOWS\eHome\ehRecvr.exe (237568 d039a0c347632622934906bd59a4e1ea)
C:\WINDOWS\eHome\ehSched.exe (102912 a53243709439ac2a4c216b817f8d7411)
C:\WINDOWS\ehome\ehtray.exe (67584 7e48b4958c131e9643ddcd2e7ca3fe9f)
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (151552 3765535734daeb53e783e239e5d6475b)
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (90112 b122be74e283a2bc7febc180bfd2efd5)
C:\Program Files\Common Files\LightScribe\LSSrvc.exe (49152 5d4b38a8d8525356798f5e560c3a3090)
C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe (57344 93d27c8d2902c8f88e9b70fc20998976)
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (49152 c62d19bfbddf9ca47e01545a4b196158)
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe (90112 9e1992c27ecf7f08c154dcacf32f1aab)
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe (49152 821f73b833c4daebc33c1a9a4b16bb5a)
C:\WINDOWS\system32\RUNDLL32.EXE (33280 037b1e7798960e0420003d05bb577ee6)
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe (36903 cbcda25b76b570a8252644594edf3be9)
C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe (126392 8e643fd5f38fa9a2eda27268a1e9499f)
C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe (126392 8e643fd5f38fa9a2eda27268a1e9499f)
C:\WINDOWS\eHome\ehmsas.exe (46592 03a905fba1d62317087db5c21c0f8f62)
C:\WINDOWS\system32\dllhost.exe (5120 0a9ba6af531afe7fa5e4fb973852d863)
C:\WINDOWS\system32\wuauclt.exe (53472 62bb79160f86cd962f312c68c6239bfd)
C:\WINDOWS\explorer.exe (1033728 12896823fb95bfb3dc9b46bcaedc9923)
c:\windows\system\hpsysdrv.exe (52736 06a1ecb63df139ec639e084d4ab3c9d7)
C:\Program Files\DISC\DISCover.exe (1073152 074bdcd9685b7f9be26738af5a128c34)
C:\Program Files\DISC\DiscUpdMgr.exe (65536 62c8b30d352aa3f8ed0fcf238da66de4)
C:\Program Files\DISC\DiscStreamHub.exe (57344 c1c37fe08cf9465d162f9e60a24e5d44)
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Temporary Directory 1 for devinx.zip\x-raypc.exe (348928 df5ba440e4384adcd1a0bf653da84387)

Service: ALG C:\WINDOWS\System32\alg.exe (44544 8c515081584a38aa007909cd02020b3d)
Service: AudioSrv C:\WINDOWS\System32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: BITS C:\WINDOWS\system32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: Browser C:\WINDOWS\system32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: COMSysApp C:\WINDOWS\system32\dllhost.exe (5120 0a9ba6af531afe7fa5e4fb973852d863)
Service: Creative Service for CDROM Access C:\WINDOWS\system32\CTsvcCDA.EXE (44032 3c8b6609712f4ff78e521f6dcfc4032b)
Service: CryptSvc C:\WINDOWS\system32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: DcomLaunch C:\WINDOWS\system32\svchost -k DcomLaunch
Service: Dhcp C:\WINDOWS\system32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: dmserver C:\WINDOWS\System32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: Dnscache C:\WINDOWS\system32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: ehRecvr C:\WINDOWS\eHome\ehRecvr.exe (237568 d039a0c347632622934906bd59a4e1ea)
Service: ehSched C:\WINDOWS\eHome\ehSched.exe (102912 a53243709439ac2a4c216b817f8d7411)
Service: ERSvc C:\WINDOWS\System32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: Eventlog C:\WINDOWS\system32\services.exe (110592 65df52f5b8b6e9bbd183505225c37315)
Service: EventSystem C:\WINDOWS\system32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: FastUserSwitchingCompatibility C:\WINDOWS\System32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: helpsvc C:\WINDOWS\System32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (90112 b122be74e283a2bc7febc180bfd2efd5)
Service: lanmanserver C:\WINDOWS\system32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: lanmanworkstation C:\WINDOWS\system32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe (49152 5d4b38a8d8525356798f5e560c3a3090)
Service: LmHosts C:\WINDOWS\system32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe (99328 df0a511f38f16016bf658fca0090cb87)
Service: N360 C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe (126392 8e643fd5f38fa9a2eda27268a1e9499f)
Service: Netman C:\WINDOWS\System32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: Nla C:\WINDOWS\system32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: NVSvc C:\WINDOWS\system32\nvsvc32.exe (155752 a2322c6207ebb0761a6c8cc9003ebacf)
Service: PlugPlay C:\WINDOWS\system32\services.exe (110592 65df52f5b8b6e9bbd183505225c37315)
Service: PolicyAgent C:\WINDOWS\system32\lsass.exe (13312 bf2466b3e18e970d8a976fb95fc1ca85)
Service: ProtectedStorage C:\WINDOWS\system32\lsass.exe (13312 bf2466b3e18e970d8a976fb95fc1ca85)
Service: RasMan C:\WINDOWS\system32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: RemoteRegistry C:\WINDOWS\system32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: RpcSs C:\WINDOWS\system32\svchost -k rpcss
Service: SamSs C:\WINDOWS\system32\lsass.exe (13312 bf2466b3e18e970d8a976fb95fc1ca85)
Service: Schedule C:\WINDOWS\System32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: seclogon C:\WINDOWS\System32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: SENS C:\WINDOWS\system32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: SharedAccess C:\WINDOWS\System32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: ShellHWDetection C:\WINDOWS\System32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: Spooler C:\WINDOWS\system32\spoolsv.exe (58880 60784f891563fb1b767f70117fc2428f)
Service: srservice C:\WINDOWS\system32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: SSDPSRV C:\WINDOWS\system32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: TapiSrv C:\WINDOWS\System32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: TermService C:\WINDOWS\System32\svchost -k DComLaunch
Service: Themes C:\WINDOWS\System32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: TrkWks C:\WINDOWS\system32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: W32Time C:\WINDOWS\System32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: WebClient C:\WINDOWS\system32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: winmgmt C:\WINDOWS\system32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: wscsvc C:\WINDOWS\System32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: wuauserv C:\WINDOWS\system32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)
Service: WZCSVC C:\WINDOWS\System32\svchost.exe (14336 27c6d03bcdb8cfeb96b716f3d8be3e18)

O2 - BHO: (Yahoo! Toolbar Helper) - {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (438848 47c526e479521908aacbc247fac2c491)
O2 - BHO: (AcroIEHlprObj Class) - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (63136 b61d5d651ecc6055c29bf826ca7b1141)
O2 - BHO: (Symantec NCO BHO) - {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\coIEPlg.dll (394608 9c75d4a47baba32707110c6242e9761c)
O2 - BHO: (Symantec Intrusion Prevention) - {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\IPSBHO.DLL (79224 e60f55692de0df4f393a2a18c7fb9662)
O2 - BHO: (SSVHelper Class) - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (184423 f01726f7ca8538fdd4663c9db8feaedc)
O2 - BHO: (hpWebHelper Class) - {aaae832a-5fff-4661-9c8f-369692d1dcb9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (208896 bebdf2293f53049569285b9b2fa7ec68)

O3 - Toolbar: Yahoo! Toolbar {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (438848 47c526e479521908aacbc247fac2c491)
O3 - Toolbar: Norton Toolbar {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\coIEPlg.dll (394608 9c75d4a47baba32707110c6242e9761c)

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (67584 7e48b4958c131e9643ddcd2e7ca3fe9f)
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (151552 3765535734daeb53e783e239e5d6475b)
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE (45056 db20fce248d269e1c396e70a91e587c8)
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe (57344 93d27c8d2902c8f88e9b70fc20998976)
O4 - HKLM\..\Run: [AudioDrvEmulator] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (49152 c62d19bfbddf9ca47e01545a4b196158)
O4 - HKLM\..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (16384 926153887ed53c268249691d5bbfb9ad)
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE (90112 c419df63e0121d72411285780c2fc6cc)
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe (90112 9e1992c27ecf7f08c154dcacf32f1aab)
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE (237568 f3eaea279f09a7779c18793c87640794)
O4 - HKLM\..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (249856 a789b145f17fa5c2326907f4872fe173)
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe (49152 821f73b833c4daebc33c1a9a4b16bb5a)
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe (1753192 64a9832cd323b49d9efd0cc58cfdee4f)
O4 - HKLM\..\Run: [NvMediaCenter] C:\WINDOWS\system32\NvMcTray.dll (110696 848f20153185a85ab09a4fbced4e7cc7)
O4 - HKLM\..\Run: [NvCplDaemon] C:\WINDOWS\system32\NvCpl.dll (13923432 58a517026e5c8674a70b9b6650691efe)
O4 - HKLM\..\ShellServiceObjectDelayLoad: [PostBootReminder] C:\WINDOWS\system32\shell32.dll (8462336 304cff53c9c9beb03607abe94a8fc781)
O4 - HKLM\..\ShellServiceObjectDelayLoad: [CDBurn] C:\WINDOWS\system32\SHELL32.dll (8462336 304cff53c9c9beb03607abe94a8fc781)
O4 - HKLM\..\ShellServiceObjectDelayLoad: [WebCheck] C:\WINDOWS\system32\webcheck.dll (236544 cc8915db4e33e8fb29ca0d2dbf75306e)
O4 - HKLM\..\ShellServiceObjectDelayLoad: [SysTray] C:\WINDOWS\system32\stobject.dll (121856 50512fc9b7878e3c2c147bc17326a7db)


O16 - DPF: {6e32070a-766d-4ee6-879c-dc1fa91d2fc3} (MUWebControl Class)- http://www.update.microsoft.com/microsoftu...b?1286167286390 - C:\WINDOWS\Downloaded Program Files\muweb.inf (295 168775061869e42cfdd941d1efb012cf)
O16 - DPF: {8ad9c840-044e-11d1-b3e9-00805f499d93} (Java Plug-in)- http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (184423 f01726f7ca8538fdd4663c9db8feaedc)
O16 - DPF: {cafeefac-0015-0000-0006-abcdeffedcba} (Java Plug-in)- http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (184423 f01726f7ca8538fdd4663c9db8feaedc)
O16 - DPF: {cafeefac-ffff-ffff-ffff-abcdeffedcba} (Java Plug-in 1.5.0_06)- http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll (69746 d2cf6bb5e9020e6707b62575f8083954)

020 - HKLM\..\Notify: [crypt32chain] C:\WINDOWS\system32\crypt32.dll (599040 bdaaf79dd63f194434d31a74b9bb8b77)
020 - HKLM\..\Notify: [cryptnet] C:\WINDOWS\system32\cryptnet.dll (64512 c14350fc0d47d806699c4f907fc6785b)
020 - HKLM\..\Notify: [cscdll] C:\WINDOWS\system32\cscdll.dll (101888 515a7fae2070c2b0242b2353443e2f11)
020 - HKLM\..\Notify: [dimsntfy] C:\WINDOWS\System32\dimsntfy.dll (19456 e2092f0a1d7abc243f9c2362483d150d)
020 - HKLM\..\Notify: [ScCertProp] C:\WINDOWS\system32\wlnotify.dll (92672 2cc34e8bb667eef78899546e12649196)
020 - HKLM\..\Notify: [Schedule] C:\WINDOWS\system32\wlnotify.dll (92672 2cc34e8bb667eef78899546e12649196)
020 - HKLM\..\Notify: [sclgntfy] C:\WINDOWS\system32\sclgntfy.dll (20480 63ff9068e5bda0bc9ecd38fbbb216e24)
020 - HKLM\..\Notify: [SensLogn] C:\WINDOWS\system32\WlNotify.dll (92672 2cc34e8bb667eef78899546e12649196)
020 - HKLM\..\Notify: [termsrv] C:\WINDOWS\system32\wlnotify.dll (92672 2cc34e8bb667eef78899546e12649196)
020 - HKLM\..\Notify: [wlballoon] C:\WINDOWS\system32\wlnotify.dll (92672 2cc34e8bb667eef78899546e12649196)

Also here is a copy of my original post.

Hello
My name is Devin. Thank you for reading my post. About a month ago I started getting redirected while using my browser (Internet Explorer 8), My OS is windows xp media center edition. Well thinking I knew what I was doing I started trying to attack it through various ways. However it won the battle. It got to the point where it has ran me back all the way to where my recovery cd's our worthless. I did end up finding this web site which basically has got me back in control of my pc and I am able to download and browse with somewhat control however the rootkit just turns whatever I do back into its control. I do have quite a few restore points now which is good. But you can only create 1 set of dicovery cd's and so that is not an option. I am going to get with hp tech support and order a copie of my os so that I can reformat to original settings if I have to.
To be fair to whoever it may concern that may try and help me with this I am going to be forthright in what I have done to this point. I did run combofix without help. I did not remove anything or try to fix anything with it though. I have a scan log of it on my desktop. I ran hijack this and did the same, did not try to fix anything. I have that log as well. The only thing I ran on my pc where I fixed something was a program called cleanup. And like a dummy I clicked fix and I deleted some kind of 32 exe file. Dont remember what it was called (duh) like I said i'm a dummy. My pc runs a little weird sometimes now but for the most part it works. I have spybot on my pc and at this point it finds nothing anymore. I also have Norton security suite (worthless) which I get for free through comcast. All it catches is tracking cookies.
I have done all the prep that has been asked of me before I asked for help here. However I ran gmer and it complety ran its scan. I did what was asked before I hit scan however when the scan finished, the window closed and did not give me a chance to save to desktop. Whatever malicious thing I have on this pc just does what it wants. All my pictures which is all I really cared about are gone. I can get most of them back through friends and family so not a big deal. All the data I dont really care about. I'm basically a gamer and that's what I get on the pc for anyway.
I'm tired of this thing,whatever it is.
As for a clue of what it was that started all this. I got a popup that came up. It looked just like windows internet security, it started this fake scan and said I was infected with this and that. I didn't click ok or cancel when the pop-up box said ok or cancel , but like the dummy I am I clicked on the little x at the top right corner thinking I was smart ..lol...well I wasn't and I think that's how I got it. I dont know the exact name of what the pop up was but the url that comes up in my address bar is http:/126.77.77.1 or something close to that . I had it saved in favorites but I have had to reformat so many times it is now gone and at this point I barely even use my browser I just get on to play my game or come here because whatever I do to try and combat this the thing, it just removes what I did. I don't even think the windows updates or norton or hp updates ever really get updated.
I did have a so called friend who removes things like this for a living come over and check my girlfriends computer for stuff. Her pc got it 1st. The same pop-up I got.He ran the same things you asked me to run (gmer) (rkill) He said he would fix it, back-up her data and reformat her pc because he said that it would take to long to try and remove it from her pc. He said it would be easier to back-up her data and reformat. She uses window vista. He said he would do this but than wanted to charge me. I am out of work (like a lot of people) I am just strapped for cash and can not afford to pay to have it removed.
He did tell me that he thinks that our private network is infected. My girlfriends pc is connected to the modem and I am wireless through a router. So with all that being said.
I really am in a situation here where if I was back to work I would just pay to have this fixed. I am definately a person who would be very appreciative of someone who would help and when back to work would definately donate to this site for the help it has given me. If someone out there would like to help me remove this crap from my pc I would so much appreciate it. If not ty for the time and for reading my post.
Devin (dvo1)

Merged posts. ~ OB

Attached Files


Edited by Orange Blossom, 15 October 2010 - 10:27 AM.


BC AdBot (Login to Remove)

 


#2 dvo1

dvo1
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 21 October 2010 - 05:05 PM

well it has been over a week now and no one wants to help or is too busy and I just cant wait anylonger...go ahead and remove this post administrator...and ty for the help

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:58 PM

Posted 21 October 2010 - 10:17 PM

Topic closed. Please send me (or any other Moderator) a Personal Message (PM) if you would like the topic re-opened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users