View Full Version : Malware help please
Hi,
I need some help with Malware please. I ran Spybot/Norton and it found
some trojans and program called backdoor.tidservlinf. But so far these have been unsuccessful in removing these.
My HJT log is:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:25:34 AM, on 29/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Norton Save and Restore\Agent\VProTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\PROGRA~1\Comodo\CBOClean\BOC426.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\CounterPath\X-Lite\x-lite.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office\1033\wfxmsrvr.exe
C:\PROGRA~1\MICROS~4\Office\1033\OLFMOD32.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HJT\Hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=64&bd=PRESARIO&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=64&bd=PRESARIO&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Norton Save and Restore 2.0] "C:\Program Files\Norton Save and Restore\Agent\VProTray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [BOC-426] C:\PROGRA~1\Comodo\CBOClean\BOC426.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [BtTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [SpybotDeletingA8380] command /c del "c:\resycled\boot.com"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6758] cmd /c del "c:\resycled\boot.com"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [eyeBeam SIP Client] "C:\Program Files\CounterPath\X-Lite\x-lite.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB886] command /c del "c:\resycled\boot.com"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1421] cmd /c del "c:\resycled\boot.com"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: JBidwatcher 2.0.lnk = C:\Program Files\CyberFOX Software\JBidwatcher2\JBidwatcher-2.0beta8.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Send by Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
O8 - Extra context menu item: Send via &Message... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - c:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1204603824953
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{B8043E28-6496-4BDD-8CFB-09E86FB61F9E}: NameServer = 192.168.1.1
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: HIPS Event Manager (UmxAgent) - Unknown owner - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe (file missing)
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - Unknown owner - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe (file missing)
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - Unknown owner - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe (file missing)
O23 - Service: HIPS Policy Manager (UmxPol) - Unknown owner - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe (file missing)
--
End of file - 14211 bytes
The Kapersky scanner is failing for some reason.
Thanks in advance for your help!
shelf life
2009-01-02, 02:16
hi,
we will get a download to scan for malware and go from there. Link and directions are below:
Please download Malwarebytes' Anti-Malware (MBAM) to your desktop:
http://www.malwarebytes.org/mbam.php
* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
*** Be sure that everything is checked, and click Remove Selected.***
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
please post the MBAM log in reply
Thanks in advance for your help. Here is the MBAM log.
Malwarebytes' Anti-Malware 1.31
Database version: 1592
Windows 5.1.2600 Service Pack 3
2/01/2009 3:09:02 PM
mbam-log-2009-01-02 (15-09-02).txt
Scan type: Full Scan (C:\|H:\|)
Objects scanned: 180450
Time elapsed: 52 minute(s), 25 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\videosoft (Trojan.DNSChanger) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\msqpdxmexlsfkq.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\drivers\msqpdxdvpuxoba.sys (Trojan.Agent) -> Quarantined and deleted successfully.
Regards
shelf life
2009-01-02, 16:21
hi,
ok thanks for the info. we will get one more download to use. Its called combofix. there is a guide to read first. Not a lot, loads of pictures. read through the guide and follow the combofix prompts. Post the combofix log in your reply.
the guide:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Hi,
I double clicked on Combo fix and then just realised I had't disabled my Anti-virus, Antispyware and Firewall programs.
I was about to close it when I got a message from BOClean.
01/03/2009 12:41:54: RSK-NIRCMD.SAA VARIANT STOPPED BY BOCLEAN!
Trojan horse was found in memory.
C:\32788R22FWJFW\NIRCMD.COM contained the trojan.
Active trojan horse WAS shut down. System safe.
Logged in user: Compaq_Administrator
Does this mean anything? Is this a conincidence?
Also I already had the Windows Recovery Console loaded so do I need to reload it?
Thanks in advance.
shelf life
2009-01-03, 03:21
hi,
go ahead and disable your AV and anti- malware and then run combofix. if the Ms recovery console is installed then no need to install it again.
ComboFix 09-01-01.02 - Compaq_Administrator 2009-01-03 13:32:56.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.536 [GMT 11:00]
Running from: c:\documents and settings\Compaq_Administrator\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated)
FW: Norton Internet Security *disabled*
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\install.exe
H:\Autorun.inf
H:\resycled
.
((((((((((((((((((((((((( Files Created from 2008-12-03 to 2009-01-03 )))))))))))))))))))))))))))))))
.
2009-01-02 15:42 . 2008-12-12 14:28 36,272 -ra------ c:\windows\system32\drivers\SymIM.sys
2009-01-01 16:34 . 2009-01-01 16:34 <DIR> dr------- c:\program files\Norton Support
2009-01-01 16:29 . 2009-01-01 16:29 124,464 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-01 16:29 . 2009-01-01 16:29 60,808 --a------ c:\windows\system32\S32EVNT1.DLL
2009-01-01 16:29 . 2009-01-01 16:29 10,635 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-01 16:29 . 2009-01-01 16:29 806 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2009-01-01 16:28 . 2009-01-02 21:42 <DIR> d-------- c:\windows\system32\drivers\NIS
2009-01-01 16:28 . 2009-01-01 16:28 <DIR> d-------- c:\program files\Windows Sidebar
2009-01-01 16:28 . 2009-01-01 16:28 <DIR> d-------- c:\program files\Norton Internet Security
2009-01-01 16:23 . 2009-01-01 16:23 <DIR> d-------- c:\windows\E80F62FF5D3C4A1984099721F2928206.TMP
2009-01-01 16:17 . 2009-01-01 16:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\PCSettings
2009-01-01 16:17 . 2009-01-01 16:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Norton
2009-01-01 16:16 . 2009-01-01 16:16 <DIR> d-------- c:\program files\NortonInstaller
2009-01-01 16:16 . 2009-01-01 16:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-01-01 15:45 . 2009-01-01 15:45 <DIR> d-------- c:\documents and settings\All Users\Symantec Temporary Files
2008-12-28 22:28 . 2008-12-28 22:28 <DIR> d-------- c:\windows\system32\ivtMobCache
2008-12-28 22:28 . 2008-12-28 22:28 204 --a------ c:\windows\BsMobileModel.ini
2008-12-28 01:47 . 2008-12-28 23:55 5,982 --a------ c:\windows\system32\LOCALSERVICE.INI
2008-12-28 01:47 . 2008-12-28 22:28 4,162 --a------ c:\windows\system32\SHORTCUT.INI
2008-12-28 01:47 . 2008-12-28 23:17 258 --a------ c:\windows\system32\REMOTEDEVICE.INI
2008-12-28 01:46 . 2008-12-28 23:39 107 --a------ c:\windows\system32\LOCALDEVICE.INI
2008-12-28 01:40 . 2008-12-28 01:40 0 --a------ c:\windows\system32\BSPRINT.INI
2008-12-28 01:38 . 2008-12-28 01:38 <DIR> d-------- c:\program files\IVT Corporation
2008-12-28 01:38 . 2008-12-28 23:55 32 --a------ c:\windows\0
2008-12-28 01:38 . 2008-12-28 01:38 0 --a------ c:\windows\system32\0
2008-12-22 17:51 . 2008-12-28 23:39 1,021 --a------ c:\windows\system32\bscs.ini
2008-12-22 17:46 . 2008-12-22 17:46 557,142 --a------ c:\windows\system32\Bscdlg.dll
2008-12-21 17:09 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2008-12-21 17:09 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\dllcache\mouhid.sys
2008-12-15 14:36 . 2008-12-15 14:36 405,589 --a------ c:\windows\system32\BsUI.dll
2008-12-15 14:36 . 2008-12-15 14:36 57,430 --a------ c:\windows\system32\btfunc.dll
2008-12-15 14:36 . 2008-12-15 14:36 18,432 --a------ c:\windows\system32\BsMonSvr.dll
2008-12-15 14:36 . 2008-12-15 14:36 9,728 --a------ c:\windows\system32\BsMonUI.dll
2008-12-15 14:35 . 2008-12-15 14:35 622,693 --a------ c:\windows\system32\BSShell.dll
2008-12-15 14:35 . 2008-12-15 14:35 278,647 --a------ c:\windows\system32\outlookAddin.dll
2008-12-15 14:35 . 2008-12-15 14:35 114,774 --a------ c:\windows\system32\versit.dll
2008-12-15 14:35 . 2008-12-15 14:35 53,248 --a------ c:\windows\system32\HtmPrintHelper.dll
2008-12-15 14:34 . 2008-12-15 14:34 151,642 --a------ c:\windows\system32\BsCommon.dll
2008-12-15 14:34 . 2008-12-15 14:34 114,788 --a------ c:\windows\system32\BsProfileFunc.dll
2008-12-15 14:34 . 2008-12-15 14:34 94,314 --a------ c:\windows\system32\BsHelpCSps.dll
2008-12-15 14:33 . 2008-12-15 14:33 553,075 --a------ c:\windows\system32\BlueSoleilCSps.dll
2008-12-15 14:32 . 2008-12-15 14:32 241,748 --a------ c:\windows\system32\BsSDK.dll
2008-12-15 14:32 . 2008-12-15 14:32 98,403 --a------ c:\windows\system32\Bs2Res.dll
2008-12-15 14:32 . 2008-12-15 14:32 28,766 --a------ c:\windows\system32\PlayerCtrl.dll
2008-12-15 14:31 . 2008-12-15 14:31 122,976 --a------ c:\windows\system32\BsMobileSDK.dll
2008-12-15 14:31 . 2008-12-15 14:31 28,760 --a------ c:\windows\system32\BsTrace.dll
2008-12-15 14:31 . 2008-12-15 14:31 28,672 --a------ c:\windows\system32\BsMobileCSps.dll
2008-12-15 13:29 . 2008-12-15 13:29 39,304 --a------ c:\windows\system32\drivers\btcusb.sys
2008-12-15 13:29 . 2008-12-15 13:29 15,368 --a------ c:\windows\system32\btinstall.dll
2008-12-14 10:12 . 2008-12-14 10:12 <DIR> d-------- c:\documents and settings\Compaq_Administrator\Application Data\InstallShield
2008-12-09 10:33 . 2008-12-09 10:33 <DIR> d-------- C:\DVDVolume
2008-12-08 09:50 . 2008-12-08 09:50 <DIR> d-------- C:\BREAKERMORANT
2008-12-07 12:44 . 2008-12-07 12:44 30,088 --a------ c:\windows\system32\drivers\btnetBus.sys
2008-12-07 12:44 . 2008-12-07 12:44 14,088 --a------ c:\windows\system32\drivers\btnetdrv.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-03 02:37 --------- d-----w c:\documents and settings\Compaq_Administrator\Application Data\Skype
2009-01-03 02:29 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-03 02:24 --------- d-----w c:\documents and settings\Compaq_Administrator\Application Data\HPAppData
2009-01-02 17:42 33,352 ----a-w c:\documents and settings\Compaq_Administrator\Application Data\wklnhst.dat
2009-01-02 13:05 --------- d-----w c:\documents and settings\Compaq_Administrator\Application Data\skypePM
2009-01-02 07:31 --------- d-----w c:\program files\SpywareBlaster
2009-01-01 12:15 --------- d-----w c:\documents and settings\Compaq_Administrator\Application Data\uTorrent
2009-01-01 05:33 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-01 05:29 --------- d-----w c:\program files\Symantec
2009-01-01 05:23 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-12-28 21:04 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-28 15:25 --------- d-----w c:\program files\HJT
2008-12-28 14:10 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-12-22 00:21 --------- d-----w c:\program files\Sony
2008-12-22 00:20 --------- d-----w c:\documents and settings\Compaq_Administrator\Application Data\Sony
2008-12-22 00:19 --------- d-----w c:\program files\DivX
2008-12-21 05:17 --------- d-----w c:\program files\Microsoft Money 2005
2008-12-13 23:13 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-13 06:40 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-03 08:52 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-03 08:52 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-11-30 10:17 --------- d-----w c:\documents and settings\Compaq_Administrator\Application Data\funkitron
2008-11-30 10:04 --------- d-----w c:\program files\Navman
2008-11-29 10:23 --------- d-----w c:\program files\CounterPath
2008-11-29 10:23 --------- d-----w c:\program files\Common Files\Intel
2008-11-25 04:23 33,800 ----a-w c:\windows\system32\drivers\blueletaudio.sys
2008-11-25 04:23 27,528 ----a-w c:\windows\system32\drivers\BlueletSCOAudio.sys
2008-11-25 01:57 --------- d-----w c:\program files\Skype
2008-11-25 01:57 --------- d-----w c:\program files\Common Files\Skype
2008-11-25 01:57 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-11-22 00:18 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-11-16 00:35 --------- d-----w c:\documents and settings\All Users\Application Data\HPSSUPPLY
2008-11-16 00:24 --------- d-----w c:\documents and settings\Compaq_Administrator\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-11-15 13:21 --------- d-----w c:\documents and settings\Compaq_Administrator\Application Data\HP
2008-11-15 13:17 --------- d-----w c:\documents and settings\All Users\Application Data\WEBREG
2008-11-15 13:07 --------- d-----w c:\program files\Yahoo!
2008-11-15 12:42 --------- d-----w c:\documents and settings\All Users\Application Data\HP
2008-11-15 12:41 --------- d-----w c:\documents and settings\All Users\Application Data\HP Product Assistant
2008-11-15 12:39 --------- d-----w c:\program files\Common Files\Hewlett-Packard
2008-11-15 12:31 --------- d-----w c:\documents and settings\All Users\Application Data\Hewlett-Packard
2008-11-11 13:55 --------- d-----w c:\program files\DVD Decrypter
2008-11-11 13:51 --------- d-----w c:\documents and settings\Compaq_Administrator\Application Data\Red Kawa
2008-11-11 13:50 --------- d-----w c:\program files\Red Kawa
2008-11-11 13:50 --------- d-----w c:\program files\AviSynth 2.5
2008-11-11 00:58 --------- d-----w c:\documents and settings\All Users\Application Data\Sony
2008-11-11 00:56 --------- d-----w c:\program files\Common Files\Sony Shared
2008-11-11 00:54 --------- d-----w c:\program files\QuickTime
2008-11-11 00:54 --------- d-----w c:\program files\Common Files\Apple
2008-11-11 00:53 --------- d-----w c:\program files\Apple Software Update
2008-11-11 00:51 --------- d-----w c:\documents and settings\All Users\Application Data\Sony Corporation
2008-11-11 00:48 --------- d-----w c:\documents and settings\Compaq_Administrator\Application Data\Sony Setup
2008-11-11 00:46 --------- d-----w c:\program files\Sony Setup
2008-11-10 23:16 --------- d-----w c:\documents and settings\Compaq_Administrator\Application Data\Datel
2008-11-07 23:45 --------- d-----w c:\documents and settings\Compaq_Administrator\Application Data\Otto
2008-11-07 23:45 --------- d-----w c:\documents and settings\All Users\Application Data\Otto
2008-11-05 12:18 --------- d-----w c:\documents and settings\Compaq_Administrator\Application Data\Yahoo!
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-22 04:30 81,920 ----a-w c:\windows\system32\BsVistaCommon.dll
2008-10-16 13:11 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 ----a-w c:\windows\system32\dllcache\ieudinit.exe
2008-10-16 03:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 03:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 03:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 03:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 03:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 03:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 03:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 03:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 03:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 03:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 03:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 03:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 03:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 03:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 03:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 03:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 03:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ----a-w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\dllcache\strmdll.dll
2007-08-17 03:37 96,136 ----a-w c:\documents and settings\Compaq_Administrator\Application Data\GDIPFONTCACHEV1.DAT
2007-01-20 06:30 3,489,660 ----a-w c:\program files\ie-ads.reg
2007-01-20 06:30 3,244,870 ----a-w c:\program files\ie-ads-uninst.reg
2006-10-22 15:30 175,531 ----a-w c:\program files\ReadMe.txt
2005-02-12 13:00 10,373 ----a-w c:\program files\install.bat
2004-07-31 02:00 8,055 ----a-w c:\program files\LICENSE.TXT
2003-09-28 08:00 3,264 ----a-w c:\program files\PleaseRead.txt
1999-03-21 15:00 99,840 ----a-w c:\program files\Common Files\IRAABOUT.DLL
1999-03-21 15:00 70,144 ----a-w c:\program files\Common Files\IRAMDMTR.DLL
1999-03-21 15:00 48,640 ----a-w c:\program files\Common Files\IRALPTTR.DLL
1999-03-21 15:00 31,744 ----a-w c:\program files\Common Files\IRAWEBTR.DLL
1999-03-21 15:00 186,368 ----a-w c:\program files\Common Files\IRAREG.DLL
1999-03-21 15:00 17,920 ----a-w c:\program files\Common Files\IRASRIAL.DLL
1992-01-06 16:47 18,321 ----a-w c:\program files\COPYING
2007-06-17 22:46 22 --sha-w c:\windows\SMINST\HPCD.sys
2008-06-11 02:15 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008061120080612\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 68856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320]
"eyeBeam SIP Client"="c:\program files\CounterPath\X-Lite\x-lite.exe" [2008-04-22 22237184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-28 8466432]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-12 185896]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"Norton Save and Restore 2.0"="c:\program files\Norton Save and Restore\Agent\VProTray.exe" [2008-05-07 2037088]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"BOC-426"="c:\progra~1\Comodo\CBOClean\BOC426.exe" [2008-04-10 351480]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2008-12-22 278528]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2007-11-28 583048]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-22 c:\windows\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2007-08-28 c:\windows\system32\nwiz.exe]
"ftutil2"="ftutil2.dll" [2004-06-07 c:\windows\system32\ftutil2.dll]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 c:\windows\arpwrmsg.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 c:\windows\system32\narrator.exe]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
JBidwatcher 2.0.lnk - c:\program files\CyberFOX Software\JBidwatcher2\JBidwatcher-2.0beta8.exe [2008-10-03 3299212]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-03-22 65588]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office\\1033\\WFXMSRVR.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\CounterPath\\X-Lite\\x-lite.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\Drivers\BtHidBus.sys [2008-07-31 20616]
R0 SymEFA;Symantec Extended File Attributes;\SystemRoot\\SystemRoot\System32\Drivers\NIS\1002000.007\SYMEFA.SYS []
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\Drivers\NIS\1002000.007\BHDrvx86.sys [2009-01-02 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\Drivers\NIS\1002000.007\ccHPx86.sys [2009-01-02 362544]
R1 IDSxpx86;IDSxpx86;\??\c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20081220.001\IDSxpx86.sys [2009-01-02 274808]
R2 BOCore;BOCore;c:\program files\Comodo\CBOClean\BOCORE.exe [2008-06-11 73464]
R2 Norton Internet Security;Norton Internet Security;"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.2.0.7\diMaster.dll" /prefetch:1 []
R2 Norton Save and Restore;Norton Save and Restore;c:\program files\Norton Save and Restore\Agent\VProSvc.exe [2007-02-13 3425632]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2008-12-07 30088]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-01-01 99376]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2008-07-02 26248]
R3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\DRIVERS\wn5301.sys [2006-08-14 468768]
S2 UmxAgent;HIPS Event Manager;"c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe" []
S2 UmxCfg;HIPS Configuration Interpreter;"c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe" []
S2 UmxPol;HIPS Policy Manager;"c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe" []
S3 DM9USB;DM9601 USB To Fast Ethernet Adapter;c:\windows\system32\DRIVERS\dm9usb.sys [2008-01-06 54272]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e8b2d24-dd31-11dc-ba03-0009f3020e8d}]
\Shell\AutoRun\command - K:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder
2008-12-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2008-12-27 c:\windows\Tasks\WebReg HP Photosmart C4340 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2007-10-14 20:40]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-PCDrProfiler - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=64&bd=PRESARIO&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=64&bd=PRESARIO&pf=desktop
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Send by Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
IE: Send via &Message... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
Trusted Zone: online.westpac.com.au
TCP: {B8043E28-6496-4BDD-8CFB-09E86FB61F9E} = 192.168.1.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.2.0.7\CoIEPlg.dll
.
.
------- File Associations -------
.
txtfile=c:\windows\NOTEPAD.EXE %1
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-03 13:37:59
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.2.0.7\diMaster.dll\" /prefetch:1"
.
Completion time: 2009-01-03 13:39:28
ComboFix-quarantined-files.txt 2009-01-03 02:39:14
ComboFix2.txt 2008-06-09 13:26:30
Pre-Run: 108,927,537,152 bytes free
Post-Run: 109,730,951,168 bytes free
317 --- E O F --- 2008-12-17 21:32:34
Thanks!
shelf life
2009-01-03, 15:19
hi,
combofix log looks ok. Looks like MBAM removed a nasty one.
you can remove combofix like this;
start>run and type in combofix /u
click ok or enter
Note: there is a space after the x and before the /
keep MBAM and always check for updates before scanning, The paid version offers auto updates and real time protection. Worth the money.
since its been a while rescan and post one more hjt log.
Thanks very much computer is running much better!
New HJT log is:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:38:22 AM, on 4/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Norton Save and Restore\Agent\VProTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\Comodo\CBOClean\BOC426.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CounterPath\X-Lite\x-lite.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office\1033\wfxmsrvr.exe
C:\PROGRA~1\MICROS~4\Office\1033\OLFMOD32.EXE
C:\Program Files\HJT\Hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=64&bd=PRESARIO&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=64&bd=PRESARIO&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.2.0.7\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Norton Save and Restore 2.0] "C:\Program Files\Norton Save and Restore\Agent\VProTray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BOC-426] C:\PROGRA~1\Comodo\CBOClean\BOC426.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [eyeBeam SIP Client] "C:\Program Files\CounterPath\X-Lite\x-lite.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: JBidwatcher 2.0.lnk = C:\Program Files\CyberFOX Software\JBidwatcher2\JBidwatcher-2.0beta8.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - c:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1204603824953
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{B8043E28-6496-4BDD-8CFB-09E86FB61F9E}: NameServer = 192.168.1.1
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: HIPS Event Manager (UmxAgent) - Unknown owner - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe (file missing)
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - Unknown owner - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe (file missing)
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - Unknown owner - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe (file missing)
O23 - Service: HIPS Policy Manager (UmxPol) - Unknown owner - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe (file missing)
--
End of file - 13185 bytes
shelf life
2009-01-04, 02:55
hi,
looks ok to me. two things you can do. Java and system restore:
java:
Vulnerabilities in versions of Sun Java may be responsible for some malware installs via your browser.
It is important to keep Sun Java up to date and also to remove older versions.
* 1. Uninstall old versions of Sun Java via Add/Remove Programs.
* 2. Click the Remove or Change/Remove button
* 3. Reboot your PC if prompted.
to check if you have the latest version of Java and to download the latest version:
http://www.java.com/en/download/help/testvm.xml?ff3
system restore, the how and why:
One of the features of Windows ME,XP and Vista is the System Restore option, however if malware infects a computer it is possible that the malware could be backed up in the System Restore folder. Therefore, clearing the restore points is a good idea after malware is removed.
To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.
(winXP)
1. Turn off System Restore. (deletes old possibly infected restore points)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Reboot.
3. Turn ON System Restore.(new restore points on a clean system)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK, then reboot
if all is good, some info for you:
Reducing Your Risk To Malware:
The Short Version:
1) Keep your OS (http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us),(Windows) browser (IE, FireFox) and other Software (http://secunia.com/vulnerability_scanning/online/) up to date to "patch" vulnerabilities. Always install Service Packs.
2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons.You may be installing more than you think.
3) Install and keep them all updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless.
4) Refrain from clicking on links or attachments you receive via E-Mail, IM, Chat Rooms or Social Sites, no matter how tempting or legitimate the message.
5) Don't click on ads/pop ups or offers from websites requesting that you need to install software to your computer.
6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website?
7) Set up and use limited accounts for everyday use, rather than administrator accounts. Limited accounts (http://www.microsoft.com/protect/computer/advanced/useraccount.mspx) can help prevent *malware from installing.*
8) Install a third party software firewall.
9) Consider using an alternate browser and E-mail client. Internet Explorer and OutLook Express are popular targets for malicious code because they are widely used. See also: Hardening or Securing Internet Explorer. (http://www.microsoft.com/downloads/details.aspx?FamilyID=6AA4C1DA-6021-468E-A8CF-AF4AFE4C84B2&displaylang=en)
10) If your habits include: warez, cracks etc or you install files via p2p networks then you are much more likely to encounter malicious code. Do you trust the source? Do you really need another potential malware source?
A longer version in link below.
Happy Safe Surfing.
Thanks I've done everything you suggested. Just one more question. I uninstalled all old versions of Sun Java via Add/Remove Programs but Secunia says I still have old versions of Java. Is there an eay way to remove these that you know of?
Thanks again!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!:bigthumb:
shelf life
2009-01-04, 16:24
hi,
ok. your welcome. good your updating, protects you from possible software vulnerabilites.
for the java still being detected by Secunia see if this helps:
http://secunia.com/community/forum/thread/show/632/java_will_not_update
or this;
http://secunia.com/community/forum/thread/show/776/removing_old_java_versions