View Full Version : Google Searches open up a new tab with another search company
Hi Guys,
Firstly I so help you can help me!
My computer has something nasty running on it and I cannot get rid of it!
It has taken me all day to get SpyBot to run, (had to rename the exe), after many machine crashes, memory dumps etc! However, it ran, and found some issues (16). I have fixed these and thought thank god!
However,
I still can not do any searches, and any link I click (In IE and firefox) takes me to another search!
The HJTInstall.exe would not run on my machine, as soon as I run it, it just dies. However, I have renames it, and as your instructions require, have pasted it here!
**************************************
amed Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:16:23, on 28/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Lexmark 4800 Series\lxdemon.exe
C:\Program Files\Lexmark 4800 Series\lxdeamon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\PROGRA~1\MICROS~3\Office12\OUTLOOK.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Kester Riley\Downloads\HiJackThis11.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/home.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=PRESARIO&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=PRESARIO&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.4.4.3:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = intranet;platypus;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [NeroCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WatcherHelper] "C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [lxdemon.exe] "C:\Program Files\Lexmark 4800 Series\lxdemon.exe"
O4 - HKLM\..\Run: [lxdeamon] "C:\Program Files\Lexmark 4800 Series\lxdeamon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apache2.2 - Apache Software Foundation - c:\xampp\apache\bin\apache.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - c:\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdeCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdeserv.exe
O23 - Service: lxde_device - - C:\Windows\system32\lxdecoms.exe
O23 - Service: mysql - Unknown owner - c:\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ProService for 8.3C (ProService8.3C) - Progress Software - C:\DLC\bin\ProSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - c:\xampp\service.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 10682 bytes
**************************************
So, I am sort of stuck! Any help would be appreciated!
Thanks
pskelley
2009-07-29, 15:17
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance) http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.
You must have read and followed the "Before you Post" instructions.
You first need to know that junk out here now can be hard to remove, please do not expect fast or easy. Please do not download and run any programs I do not request. If that works for you, we will start our removal like this.
1) Looks like you may be running a wireless router? Since both IE and Firefox are being directed, your router might be infected, see this:
http://blog.washingtonpost.com/securityfix/2008/06/malware_silently_alters_wirele_1.html
2) Let's start with MBAM and don't be afraid to rename the executable if it will not run. Try calling it kester.exe.
Download Malwarebytes' Anti-Malware to your Desktop
http://www.malwarebytes.org/
http://www.besttechie.net/mbam/mbam-setup.exe <<< download
* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
* Please post contents of that file & a new HJT log in your next reply.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Tutorial if needed:
http://thespykiller.co.uk/index.php/topic,5946.0.html
3) Post also an uninstall list: Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.
Image: http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg
Thanks...Phil
Hi Phil,
First of all thanks for your help.
1) It happens not just on a wireless router, but also happens on other hard wired networks.
2) I have ran the program as requested, it found nothing:
*****************************************
Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 6.0.6001 Service Pack 1
29/07/2009 18:38:18
mbam-log-2009-07-29 (18-38-18).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 335258
Time elapsed: 1 hour(s), 19 minute(s), 51 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
*****************************************
HJT FILE:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:41:53, on 29/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Lexmark 4800 Series\lxdemon.exe
C:\Program Files\Lexmark 4800 Series\lxdeamon.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\mobsync.exe
C:\Users\Kester Riley\Downloads\HiJackThis11.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/home.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=PRESARIO&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=PRESARIO&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.4.4.3:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = intranet;platypus;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [NeroCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WatcherHelper] "C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [lxdemon.exe] "C:\Program Files\Lexmark 4800 Series\lxdemon.exe"
O4 - HKLM\..\Run: [lxdeamon] "C:\Program Files\Lexmark 4800 Series\lxdeamon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apache2.2 - Apache Software Foundation - c:\xampp\apache\bin\apache.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - c:\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdeCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdeserv.exe
O23 - Service: lxde_device - - C:\Windows\system32\lxdecoms.exe
O23 - Service: mysql - Unknown owner - c:\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ProService for 8.3C (ProService8.3C) - Progress Software - C:\DLC\bin\ProSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - c:\xampp\service.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 10481 bytes
3: The results of the uninstall list
AceFTP 3 Freeware
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.6
Adobe Shockwave Player 11.5
Audacity 1.2.6
avast! Antivirus
CCScore
Choice Guard
Conexant HD Audio
DreamCoder for MySQL 4.3
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
ESU for Microsoft Vista
ffdshow [rev 610] [2006-12-01]
fflink
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Doc Viewer
HP DVD Play 3.2
HP Easy Setup - Frontend
HP Help and Support
HP Photosmart Essential 2.0
HP Quick Launch Buttons 6.20 B1
HP Update
HP User Guides 0057
HP Wireless Assistant
HPNetworkAssistant
ImTOO MP4 Video Converter
Java(TM) 6 Update 13
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
Lexmark 4800 Series
Malwarebytes' Anti-Malware
Memory-Map OS Edition Version 5
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook 2007
Microsoft Office Outlook 2007 Trial
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Visio Professional 2007 Trial
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.12)
MSVCRT
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 6.0
Nero
netbrdg
NVIDIA Drivers
Offshore Navigator Lite
OfotoXMI
OpenOffice.org 3.0
OutSync
picture-shark 1.0
PROGRESS 8.3C
QuickTime
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Microsoft Office Word 2007 (KB969604)
SFR
SHASTA
Sierra Wireless 3G Watcher
skin0001
SKINXSDK
Skype™ 3.6
SmartAudio
Spybot - Search & Destroy
staticcr
Sun xVM VirtualBox
Synaptics Pointing Device Driver
TextPad 5
tooltips
Ugrib RC1
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Visio 2007 Help (KB963666)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb971933)
Update for Outlook 2007 Junk Email Filter (kb971933)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VPRINTOL
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Player Firefox Plugin
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
WIRELESS
XAMPP 1.6.5
Manu thanks
pskelley
2009-07-29, 20:58
Uninstall list: I look for malware and security issues and will not know all of your programs, but you should.
Hackers are using out of date programs to infect folks more and more,
Here is a small free tool that lets you know when something needs an update if you are interested:
http://secunia.com/vulnerability_scanning/personal/ While PSI runs in the System Tray for realtime notifications, I personally prefer to turn it off in MSConfig and run it from All Programs when I want to do a check.
Adobe Flash Player 10 ActiveX <<< check this
Adobe recommends all users of Adobe Flash Player 10.0.12.36 and earlier versions upgrade to the newest version 10.0.22.87
http://www.adobe.com/support/security/bulletins/apsb09-01.html
Adobe Reader 8.1.6 <<< out of date and unsafe, see this:
http://news.cnet.com/8301-1009_3-10081618-83.html?tag=nl.e433
http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html
http://www.adobe.com/support/security/bulletins/apsb09-07.html
http://www.filehippo.com/download_adobe_reader/
(if you want a smaller program, look at this one)
Foxit Reader 3.0 for Windows (make sure to uncheck any toolbars)
http://www.foxitsoftware.com/pdf/rd_intro.php
Adobe Shockwave Player 11.5 <<< check this
Security Update available for Shockwave Player
http://www.adobe.com/support/security/bulletins/apsb09-08.html
Critical Adobe Shockwave flaw affects millions
http://blogs.zdnet.com/security/?p=3664
Java(TM) 6 Update 13
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6
all out of date and unsafe:
http://forums.spybot.info/showpost.php?p=12880&postcount=2
Be aware of this information so you can opt out of anything you do not want.
Microsoft Does MSN Toolbar Distribution Deal With Java:
http://searchengineland.com/microsoft-does-msn-toolbar-distribution-deal-with-java-15413.php
MBAM was not updated before it was run, should be at least:
You ran it with Database version: 2421
Todays database information is: Version 1.39 (Database 2527 7/29/2009)
I need to see the scan results from the newest database.
Could you tell me where you are being redirected to.
Thanks
I am sorry for wasting your time, last time around - I am sure I ticked the update box though!
Here it is agin, this time it found something:
Malwarebytes' Anti-Malware 1.39
Database version: 2527
Windows 6.0.6001 Service Pack 1
29/07/2009 22:24:53
mbam-log-2009-07-29 (22-24-53).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 337057
Time elapsed: 1 hour(s), 19 minute(s), 14 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Windows\System32\ESQULzcounter (Trojan.Agent) -> Delete on reboot.
*************************************
and the HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:32:00, on 29/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Lexmark 4800 Series\lxdemon.exe
C:\Program Files\Lexmark 4800 Series\lxdeamon.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Kester Riley\Downloads\HiJackThis11.exe
C:\Windows\system32\SearchProtocolHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/home.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=PRESARIO&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=PRESARIO&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.4.4.3:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = intranet;platypus;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [NeroCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WatcherHelper] "C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [lxdemon.exe] "C:\Program Files\Lexmark 4800 Series\lxdemon.exe"
O4 - HKLM\..\Run: [lxdeamon] "C:\Program Files\Lexmark 4800 Series\lxdeamon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apache2.2 - Apache Software Foundation - c:\xampp\apache\bin\apache.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - c:\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdeCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdeserv.exe
O23 - Service: lxde_device - - C:\Windows\system32\lxdecoms.exe
O23 - Service: mysql - Unknown owner - c:\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ProService for 8.3C (ProService8.3C) - Progress Software - C:\DLC\bin\ProSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - c:\xampp\service.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 10769 bytes
However, I am still getting redirected to random sites, I have just clicked the
same google result 4 times, and each time ended up on a different page!
I did a search for laptop, and I ended up here:
http://www.laptoppopular.com/search.html?q=laptop+pc&submit=Search
and here:
http://www.whatlaptop.co.uk/ (which was the right link)
and here:
http://www.greenpoweredsearch.com/results.php?cx=015219649733963973506%3Agte31et5za8&cof=FORID%3A10&q=laptop#1138
and here:
http://www.kdirectory.co.uk/results.asp?qry=laptop&rfid=luccl7_1200&cmp=1&bp=lap%20top
When the page loads it goes through many address at the bottom, mainly 3 letter website names eg: e59.co.uk and 7ie.co.uk before I land on another search page.
:thanks:
pskelley
2009-07-30, 00:51
Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first
The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Once installed, you should see a blue screen prompt that says:
The Recovery Console was successfully installed
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
http://www.bleepingcomputer.com/forums/topic114351.html
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
When the tool is finished, it will produce a report for you. Post that report and a new HJT log
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use
HI,
I am running Windows Vista, so am I right from the instructions that I need to have a Windows Vista DVD to run the recovery mode?
If I am right, I dont have a Windows Vista DVD, my hard disk is partioned to a C and D where D is from what I understand the recovery CD....
Or do I need to burn my self a DVD first?
Thanks
pskelley
2009-07-30, 13:26
No...see this information:
http://windowshelp.microsoft.com/Windows/en-US/Help/326b756b-1601-435e-99d0-1585439470351033.mspx
You will not get a prompt to install with Vista. Make sure you are running as Administrator, thanks for the question.
Phil
As requested:
COmbo fix Log:
ComboFix 09-07-29.04 - Kester Riley 30/07/2009 12:01.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.1982.947 [GMT 1:00]
Running from: c:\users\Kester Riley\Desktop\ComboFix11.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-1400344008-282924532-3032474698-500
c:\$recycle.bin\S-1-5-21-2281642347-4059487297-2727361250-500
c:\windows\Installer\2554a9.msi
c:\windows\Installer\26666.msi
c:\windows\System32\drivers\ESQULeftpepyiivpxnyciqwrxrxeudccwqpvs.sys
c:\windows\System32\ESQULbyxyuqtpplsopsebegyintdvwpfoixpp.dll
c:\windows\System32\ESQULowtbvxymfwpcjqmnnuonwerqdahlivtd.dll
c:\windows\system32\ESQULzcounter
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_ESQULserv.sys
-------\Service_ESQULserv.sys
((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-30 )))))))))))))))))))))))))))))))
.
2009-07-30 11:10 . 2009-07-30 11:16 -------- d-----w- c:\users\Kester Riley\AppData\Local\temp
2009-07-29 15:59 . 2009-07-29 15:59 -------- d-----w- c:\users\Kester Riley\AppData\Roaming\Malwarebytes
2009-07-29 15:58 . 2009-07-13 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-29 15:58 . 2009-07-29 15:58 -------- d-----w- c:\progra~2\Malwarebytes
2009-07-29 15:58 . 2009-07-29 15:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-29 15:58 . 2009-07-13 12:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-29 07:09 . 2009-07-29 07:09 -------- d-----w- c:\program files\MSXML 4.0
2009-07-28 18:16 . 2009-07-28 18:55 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-28 14:00 . 2009-07-28 16:02 -------- d-----w- c:\progra~2\Lavasoft
2009-07-28 13:07 . 2009-07-30 07:32 -------- d-----w- c:\users\Kester Riley\Tracing
2009-07-28 12:01 . 2009-07-28 12:55 -------- d-----w- c:\progra~2\NOS
2009-07-28 07:57 . 2009-07-28 19:38 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2009-07-25 21:17 . 2009-07-25 21:17 -------- d-----w- c:\progra~2\SITEguard
2009-07-25 20:55 . 2009-07-27 19:30 -------- d-----w- c:\progra~2\STOPzilla!
2009-07-25 14:33 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-07-25 14:33 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-07-25 14:33 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-07-25 14:33 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-07-25 14:33 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-07-25 14:32 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-07-25 14:32 . 2009-02-05 20:06 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-07-25 14:32 . 2009-07-25 14:32 -------- d-----w- c:\program files\Alwil Software
2009-07-23 16:38 . 2009-07-23 16:38 -------- d-----w- c:\users\Kester Riley\AppData\Roaming\GTek
2009-07-17 10:25 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-17 10:25 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-17 10:25 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-17 10:25 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-03 09:47 . 2009-07-03 09:47 -------- d-----w- c:\users\Kester Riley\AppData\Roaming\Virgin Broadband
2009-07-03 09:47 . 2009-07-03 09:47 -------- d-----w- c:\progra~2\Virgin Broadband
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-29 18:24 . 2009-02-16 19:04 98688 ----a-w- c:\progra~2\nvModes.dat
2009-07-28 08:39 . 2007-08-20 16:49 -------- d-----w- c:\progra~2\Symantec
2009-07-28 08:39 . 2007-08-20 16:49 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-28 08:37 . 2007-08-20 16:19 -------- d-----w- c:\program files\Hewlett-Packard
2009-07-28 07:12 . 2008-03-21 05:45 6944 ----a-w- c:\users\Kester Riley\AppData\Local\d3d9caps.dat
2009-07-27 15:45 . 2008-01-09 20:08 -------- d-----w- c:\users\Kester Riley\AppData\Roaming\SiteClasses
2009-07-25 16:24 . 2009-01-05 13:21 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-07-23 16:41 . 2007-08-20 16:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-23 16:37 . 2007-08-20 17:11 -------- d-----w- c:\program files\HP
2009-07-23 16:28 . 2008-01-04 19:21 -------- d-----w- c:\users\Kester Riley\AppData\Roaming\Hewlett-Packard
2009-07-21 21:52 . 2009-07-28 17:55 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-28 17:55 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-28 17:55 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-28 17:55 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-20 19:10 . 2008-11-19 21:02 1 ----a-w- c:\users\Kester Riley\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-07-20 18:00 . 2008-07-07 19:31 -------- d-----w- c:\progra~2\Lx_cats
2009-07-17 20:30 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-17 10:28 . 2007-08-20 17:07 -------- d-----w- c:\progra~2\Microsoft Help
2009-06-15 09:29 . 2009-06-15 09:29 -------- d-----w- c:\program files\Sun
2009-05-29 19:13 . 2009-05-29 19:13 79888 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2009-05-29 19:13 . 2009-06-15 09:30 41424 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2009-05-29 19:13 . 2009-06-15 09:32 100944 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2009-05-29 19:12 . 2009-05-29 19:12 133648 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll
2009-05-29 19:12 . 2009-05-29 19:12 87760 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2009-05-13 12:28 . 2008-01-04 19:27 128328 ----a-w- c:\users\Kester Riley\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-25 18:09 . 2008-08-31 19:13 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-04-24 176128]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdc.exe" [2007-01-24 563080]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"WatcherHelper"="c:\program files\Sierra Wireless Inc\3G Watcher\WaHelper.exe" [2008-01-30 120088]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"lxdemon.exe"="c:\program files\Lexmark 4800 Series\lxdemon.exe" [2007-06-11 455600]
"lxdeamon"="c:\program files\Lexmark 4800 Series\lxdeamon.exe" [2007-06-01 20480]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
c:\users\Kester Riley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-9-19 282624]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{03C26D14-05A8-49B1-A588-E5ACF3A25FF6}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3690E994-0B84-4058-B8BE-4BABF6688E96}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0E215C9F-0E55-4306-80CA-4E633A559843}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{21CBFF42-CFE5-49B6-AF08-D8E80B571945}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{A2674017-87DB-4383-927A-2BBB1927327E}"= UDP:990:LocalSubnet:LocalSubnet|IF={934E457C-235D-4E7A-BD9E-7AD90612F78A}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{09B2A0A1-53B7-4363-A542-B58949F67A97}"= UDP:5721:LocalSubnet:LocalSubnet|IF={934E457C-235D-4E7A-BD9E-7AD90612F78A}:@%systemroot%\WindowsMobile\wmdc.exe,-4002
"{E863ECB4-2CAA-47CD-99F0-95F24A85DE82}"= UDP:1034:LocalSubnet:LocalSubnet|IF={934E457C-235D-4E7A-BD9E-7AD90612F78A}:@%systemroot%\WindowsMobile\wmdc.exe,-4003
"{DF62B754-4805-4C7F-B4A9-F8008F174CA1}"= UDP:5678:LocalSubnet:LocalSubnet|IF={934E457C-235D-4E7A-BD9E-7AD90612F78A}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4004
"{55E5F286-5D27-4EBD-8CF1-65F8B5A71927}"= UDP:999:LocalSubnet:LocalSubnet|IF={934E457C-235D-4E7A-BD9E-7AD90612F78A}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4005
"{4D58F867-DCB3-46A2-A1A5-7CD883B215A8}"= UDP:26675:LocalSubnet:LocalSubnet|IF={934E457C-235D-4E7A-BD9E-7AD90612F78A}:@%systemroot%\WindowsMobile\wmdc.exe,-4006
"{4EC7A77D-11EB-4B27-AA37-BAAD0A8B338F}"= UDP:990:LocalSubnet:LocalSubnet|IF={934E457C-235D-4E7A-BD9E-7AD90612F78A}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdc.exe,-4001
"{F697AE74-3F83-4070-9A20-50A96710960B}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{0CDB77A1-C83C-41A1-9D52-CA67636D6074}"= UDP:5721:LocalSubnet:LocalSubnet|IF={FB9F2F8B-3207-4C0F-B4ED-CEB994BE229C}:@%systemroot%\WindowsMobile\wmdc.exe,-4002
"{16BA4C24-A880-4DC8-8F42-CDA937FE8F23}"= UDP:1034:LocalSubnet:LocalSubnet|IF={FB9F2F8B-3207-4C0F-B4ED-CEB994BE229C}:@%systemroot%\WindowsMobile\wmdc.exe,-4003
"{A840A7C0-ABE4-4A13-91D2-8820D1046B97}"= UDP:5678:LocalSubnet:LocalSubnet|IF={FB9F2F8B-3207-4C0F-B4ED-CEB994BE229C}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4004
"{21FAA121-7750-49E3-BC23-2214E60DC6D3}"= UDP:999:LocalSubnet:LocalSubnet|IF={FB9F2F8B-3207-4C0F-B4ED-CEB994BE229C}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4005
"{E5AEDE35-2980-451D-9A72-804510D8EAB8}"= UDP:26675:LocalSubnet:LocalSubnet|IF={FB9F2F8B-3207-4C0F-B4ED-CEB994BE229C}:@%systemroot%\WindowsMobile\wmdc.exe,-4006
"{A6846122-9827-47BB-8494-9652A3E57EDA}"= UDP:990:LocalSubnet:LocalSubnet|IF={FB9F2F8B-3207-4C0F-B4ED-CEB994BE229C}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdc.exe,-4001
"{7C8C2513-7373-4D2E-A55C-48AA562AEE52}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{A59A358C-7EB6-4FCC-A16B-FE57CBB272EA}"= Disabled:TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{5D86B44F-38AB-4B59-8D36-3D5BC9560B70}c:\\program files\\visicom media\\aceftp 3 freeware\\aceftp3free.exe"= UDP:c:\program files\visicom media\aceftp 3 freeware\aceftp3free.exe:AceFTP v3
"UDP Query User{A61D9CD0-389F-450D-AA1D-6DD0FAA42F9B}c:\\program files\\visicom media\\aceftp 3 freeware\\aceftp3free.exe"= TCP:c:\program files\visicom media\aceftp 3 freeware\aceftp3free.exe:AceFTP v3
"TCP Query User{B7F3A343-D321-4165-8B43-8EBE0300BED2}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{8C47BD17-EE1D-4CB8-8D22-60ECD87CEC62}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{946A3ED6-E0BA-4087-AC64-5F0B8C53640C}c:\\program files\\hp\\hp software update\\hpwucli.exe"= UDP:c:\program files\hp\hp software update\hpwucli.exe:HP Software Update Client
"UDP Query User{5238D586-F6B8-48B6-8A8E-2190274E381F}c:\\program files\\hp\\hp software update\\hpwucli.exe"= TCP:c:\program files\hp\hp software update\hpwucli.exe:HP Software Update Client
"{E523ED8E-92EE-40F4-82D3-AF605516E692}"= UDP:c:\program files\nusphere\phped\srv.exe:NuSphere PhpED SRV web server
"{212138BA-98B5-4D51-AFE8-73EC556BE951}"= TCP:c:\program files\nusphere\phped\srv.exe:NuSphere PhpED SRV web server
"{783FB946-2C8D-4751-AF4C-CCE8E4FF1ABE}"= UDP:c:\program files\nusphere\phped\debugger\DbgListener.exe:NuSphere PhpED Dbg Listener
"{F573D5E8-D9FB-4FB5-941D-6E0CF1CE803D}"= TCP:c:\program files\nusphere\phped\debugger\DbgListener.exe:NuSphere PhpED Dbg Listener
"{C2C53C11-961F-4A3D-9D79-4BDD5D442842}"= UDP:c:\program files\nusphere\phped\phped.exe:NuSphere PhpED Embedded browser
"{477BFCA6-A6A6-48B7-99CE-6C29E12BA7B7}"= TCP:c:\program files\nusphere\phped\phped.exe:NuSphere PhpED Embedded browser
"{83BF1566-94E8-42F6-9173-D69950A2A4EF}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{EB7BC9BA-3857-4B23-A3AC-B98AB1BEDDB0}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{6F4E0D07-6323-46D3-A78F-D1266A580FF0}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{07FE6895-86B2-4A01-BED6-03CF7FFC0900}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FA9F6C36-2CAC-4F83-9FE7-414AFA0D943B}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{C22D6E64-BAD4-4D76-BB26-19C49531C8DA}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{715FD173-16A5-4E54-8E3F-71E52DFB5BEB}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{0442D464-F821-4459-A176-E4DD912C1A78}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{9896B375-2121-4D0D-86EF-B8EBB5B1C359}"= UDP:c:\windows\System32\lxdecoms.exe:Lexmark Communications System
"{47858F16-CD6D-48DE-95C1-AF698B99BDD6}"= TCP:c:\windows\System32\lxdecoms.exe:Lexmark Communications System
"{491666E3-2A0A-47E9-89B6-9D3467EF938A}"= UDP:c:\program files\Lexmark 4800 Series\lxdeamon.exe:Lexmark Device Monitor
"{296C8BBF-8E12-40AF-886B-4602D0E84C99}"= TCP:c:\program files\Lexmark 4800 Series\lxdeamon.exe:Lexmark Device Monitor
"{4854181E-1ADD-48B1-BDC2-76DD93E9BDFE}"= UDP:c:\program files\Lexmark 4800 Series\frun.exe:Lexmark Productivity Studio
"{E058835F-9F9C-40F3-8B26-58D13DB9BB2E}"= TCP:c:\program files\Lexmark 4800 Series\frun.exe:Lexmark Productivity Studio
"{3251124C-BD85-4AFC-8485-9FCA035339A1}"= UDP:c:\program files\Lexmark 4800 Series\lxdemon.exe:Printer Device Monitor
"{9C872770-3546-4CDD-820E-2D8B5A90C7DC}"= TCP:c:\program files\Lexmark 4800 Series\lxdemon.exe:Printer Device Monitor
"{D328D1E3-08CD-42FD-B00A-68FD79617E57}"= UDP:c:\users\Kester Riley\AppData\Local\Temp\lxde\wireless\ENGLISH\lxdewpss.exe:
"{CA5C835C-5564-412E-96E7-E9609806E374}"= TCP:c:\users\Kester Riley\AppData\Local\Temp\lxde\wireless\ENGLISH\lxdewpss.exe:
"{7AE93AE2-B337-4683-AA7E-EC015F241FF0}"= UDP:c:\program files\Lexmark 4800 Series\Wireless\lxdewpss.exe:
"{DCD69A04-95C3-4199-8BFA-88AE8888AC78}"= TCP:c:\program files\Lexmark 4800 Series\Wireless\lxdewpss.exe:
"{FC06CEC6-BCD4-4602-8C50-DDDBAB454F73}"= UDP:5721:LocalSubnet:LocalSubnet|IF={8F1437F3-7B02-4C0E-87E7-32F67C0AD999}:@%systemroot%\WindowsMobile\wmdc.exe,-4002
"{2A2DB370-3DFA-4150-9A26-406932B1C7F4}"= UDP:1034:LocalSubnet:LocalSubnet|IF={8F1437F3-7B02-4C0E-87E7-32F67C0AD999}:@%systemroot%\WindowsMobile\wmdc.exe,-4003
"{04B652FD-645C-4EA9-B3F2-5EFC28E177C6}"= UDP:5678:LocalSubnet:LocalSubnet|IF={8F1437F3-7B02-4C0E-87E7-32F67C0AD999}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4004
"{AFDE39CF-A6E3-4518-9495-A3E2B05CDB5B}"= UDP:999:LocalSubnet:LocalSubnet|IF={8F1437F3-7B02-4C0E-87E7-32F67C0AD999}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4005
"{05A17030-4732-49F1-A2C8-2058740EB374}"= UDP:26675:LocalSubnet:LocalSubnet|IF={8F1437F3-7B02-4C0E-87E7-32F67C0AD999}:@%systemroot%\WindowsMobile\wmdc.exe,-4006
"{8437E2B9-A891-4B75-B744-A862325B51B0}"= UDP:990:LocalSubnet:LocalSubnet|IF={8F1437F3-7B02-4C0E-87E7-32F67C0AD999}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdc.exe,-4001
"{B9DDEB44-351E-4B18-87DB-B9C91E916F09}"= UDP:5721:LocalSubnet:LocalSubnet|IF={934E457C-235D-4E7A-BD9E-7AD90612F78A}:@%systemroot%\WindowsMobile\wmdc.exe,-4002
"{DE74A11E-594B-47CF-A229-BA7A8AAA6FF0}"= UDP:1034:LocalSubnet:LocalSubnet|IF={934E457C-235D-4E7A-BD9E-7AD90612F78A}:@%systemroot%\WindowsMobile\wmdc.exe,-4003
"{1781B6D5-1969-416D-8AC6-097CC28431EB}"= UDP:5678:LocalSubnet:LocalSubnet|IF={934E457C-235D-4E7A-BD9E-7AD90612F78A}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4004
"{014EA68F-D0C8-4CE4-8873-D5040DC27542}"= UDP:999:LocalSubnet:LocalSubnet|IF={934E457C-235D-4E7A-BD9E-7AD90612F78A}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4005
"{DA0A1F32-F6D7-4001-A7B4-D3DCD14D3A61}"= UDP:26675:LocalSubnet:LocalSubnet|IF={934E457C-235D-4E7A-BD9E-7AD90612F78A}:@%systemroot%\WindowsMobile\wmdc.exe,-4006
"{7951B201-2EAA-4E9B-8E90-3E8EED14E3C5}"= UDP:990:LocalSubnet:LocalSubnet|IF={934E457C-235D-4E7A-BD9E-7AD90612F78A}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdc.exe,-4001
"{F7EFFB11-9E84-4AB7-9EE8-0B60A07909F1}"= UDP:5721:LocalSubnet:LocalSubnet|IF={8F1437F3-7B02-4C0E-87E7-32F67C0AD999}:@%systemroot%\WindowsMobile\wmdc.exe,-4002
"{EAA917FD-6C5A-4AB7-9A09-5662EC1ABA6E}"= UDP:1034:LocalSubnet:LocalSubnet|IF={8F1437F3-7B02-4C0E-87E7-32F67C0AD999}:@%systemroot%\WindowsMobile\wmdc.exe,-4003
"{8F12A4F8-3194-487D-8CF4-B8FBC87844BC}"= UDP:5678:LocalSubnet:LocalSubnet|IF={8F1437F3-7B02-4C0E-87E7-32F67C0AD999}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4004
"{596A079F-4E8A-425B-83DC-07B56ADBF013}"= UDP:999:LocalSubnet:LocalSubnet|IF={8F1437F3-7B02-4C0E-87E7-32F67C0AD999}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4005
"{E229F32D-B667-41CD-8174-B331DE6890E6}"= UDP:26675:LocalSubnet:LocalSubnet|IF={8F1437F3-7B02-4C0E-87E7-32F67C0AD999}:@%systemroot%\WindowsMobile\wmdc.exe,-4006
"{C1A9B10D-A448-4F07-851A-279B023F07FB}"= UDP:990:LocalSubnet:LocalSubnet|IF={8F1437F3-7B02-4C0E-87E7-32F67C0AD999}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdc.exe,-4001
"{676413C3-83C8-4B83-A823-913B46EAA459}"= UDP:5721:LocalSubnet:LocalSubnet|IF={FB9F2F8B-3207-4C0F-B4ED-CEB994BE229C}:@%systemroot%\WindowsMobile\wmdc.exe,-4002
"{9E984D32-FC7F-415C-AFD3-D8E18BADD380}"= UDP:1034:LocalSubnet:LocalSubnet|IF={FB9F2F8B-3207-4C0F-B4ED-CEB994BE229C}:@%systemroot%\WindowsMobile\wmdc.exe,-4003
"{914553DB-F601-49BC-B420-E2B3806B69AE}"= UDP:5678:LocalSubnet:LocalSubnet|IF={FB9F2F8B-3207-4C0F-B4ED-CEB994BE229C}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4004
"{5CC63F3B-D22E-4039-A37A-E2E396E67EC5}"= UDP:999:LocalSubnet:LocalSubnet|IF={FB9F2F8B-3207-4C0F-B4ED-CEB994BE229C}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4005
"{5567FCFF-1D14-40F5-A50C-F08C0FE3A9D3}"= UDP:26675:LocalSubnet:LocalSubnet|IF={FB9F2F8B-3207-4C0F-B4ED-CEB994BE229C}:@%systemroot%\WindowsMobile\wmdc.exe,-4006
"{868441FC-618A-41C9-A054-8A3EECC322BC}"= UDP:990:LocalSubnet:LocalSubnet|IF={FB9F2F8B-3207-4C0F-B4ED-CEB994BE229C}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdc.exe,-4001
"{52998F92-F00D-4230-8CFD-47CDDB5697DB}"= UDP:c:\windows\System32\muzapp.exe:MUZ AOD APP player
"{97638213-6104-45D1-A7CA-8DA023C89AEF}"= TCP:c:\windows\System32\muzapp.exe:MUZ AOD APP player
"{B684F141-4BCA-4880-9460-A61DEB8C684E}"= UDP:c:\windows\System32\lxdecfg.exe:Printer Communication System
"{7718BCB5-08B0-405C-98C8-75AC084CACC4}"= TCP:c:\windows\System32\lxdecfg.exe:Printer Communication System
"TCP Query User{8C05D194-7925-4539-AE05-F45466947FFB}c:\\program files\\lexmark 4800 series\\lxdemon.exe"= UDP:c:\program files\lexmark 4800 series\lxdemon.exe:Printer Device Monitor
"UDP Query User{659F46E2-CAC7-4591-A25D-1524327921FB}c:\\program files\\lexmark 4800 series\\lxdemon.exe"= TCP:c:\program files\lexmark 4800 series\lxdemon.exe:Printer Device Monitor
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\Sierra Wireless Inc\\3G Watcher\\SwiApiMux.exe"= c:\program files\Sierra Wireless Inc\3G Watcher\SwiApiMux.exe:*:Enabled:SwiApiMux
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [25/07/2009 15:33 114768]
R1 VBoxDrv;VirtualBox Service;c:\windows\System32\drivers\VBoxDrv.sys [15/06/2009 10:32 100944]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\System32\drivers\VBoxUSBMon.sys [15/06/2009 10:30 41424]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\apache.exe [21/12/2007 03:00 17920]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [25/07/2009 15:33 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [25/07/2009 15:32 51792]
R2 lxde_device;lxde_device;c:\windows\system32\lxdecoms.exe -service --> c:\windows\system32\lxdecoms.exe -service [?]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [28/07/2009 19:16 1153368]
R3 swivsp;AC8xx Virtual Serial Port;c:\windows\System32\drivers\swivspnt.sys [26/03/2007 13:18 20352]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\System32\drivers\VBoxNetFlt.sys [29/05/2009 20:12 87760]
S2 lxdeCATSCustConnectService;lxdeCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxdeserv.exe [29/05/2007 14:06 99248]
S2 XAMPP;XAMPP Service;c:\xampp\service.exe [21/12/2007 03:01 60928]
S3 ProService8.3C;ProService for 8.3C;c:\dlc\bin\prosrvc.exe [29/11/2008 12:51 30720]
S3 SWNC8U12;Sierra Wireless MUX NDIS Driver (UMTS12);c:\windows\System32\drivers\swnc8u12.sys [21/09/2007 15:47 164480]
S3 swumx12;Sierra Wireless USB MUX Driver (UMTS12);c:\windows\System32\drivers\swumx12.sys [21/09/2007 15:48 140672]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\System32\drivers\VBoxNetAdp.sys [29/05/2009 20:13 79888]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{A057A204-BACC-4D26-8287-79A187E26987} - (no file)
HKLM-Run-AirCardEnabler - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/home.php
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=PRESARIO&pf=laptop
uInternet Settings,ProxyServer = 10.4.4.3:8080
uInternet Settings,ProxyOverride = intranet;platypus;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
FF - ProfilePath - c:\users\KESTER~1\AppData\Roaming\Mozilla\Firefox\Profiles\4muv3dst.default\
FF - prefs.js: network.proxy.http - 10.4.4.3
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-30 12:16
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b4
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\System32\wlanext.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\System32\lxdecoms.exe
c:\program files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
c:\xampp\mysql\bin\mysqld-nt.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2009-07-30 12:24 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-30 11:24
Pre-Run: 68,939,243,520 bytes free
Post-Run: 68,591,611,904 bytes free
322 --- E O F --- 2009-07-29 07:10
AND HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:27:45, on 30/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\Explorer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Users\Kester Riley\Downloads\HiJackThis11.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/home.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=PRESARIO&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.4.4.3:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = intranet;platypus;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [NeroCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WatcherHelper] "C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [lxdemon.exe] "C:\Program Files\Lexmark 4800 Series\lxdemon.exe"
O4 - HKLM\..\Run: [lxdeamon] "C:\Program Files\Lexmark 4800 Series\lxdeamon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apache2.2 - Apache Software Foundation - c:\xampp\apache\bin\apache.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - c:\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdeCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdeserv.exe
O23 - Service: lxde_device - - C:\Windows\system32\lxdecoms.exe
O23 - Service: mysql - Unknown owner - c:\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ProService for 8.3C (ProService8.3C) - Progress Software - C:\DLC\bin\ProSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - c:\xampp\service.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 9038 bytes
:thanks:
pskelley
2009-07-30, 14:39
combofix removed a nasty rootkit infection, let's see if we can now locate HJT safely.
C:\Users\Kester Riley\Downloads\HiJackThis11.exe <<< where it is now is not safe for storing backups when you remove stuff with HJT and logs to refer to. Please delete this copy and follow these instructions.
Download Trend Micro Hijack This™ to your Desktop
http://download.bleepingcomputer.com/hijackthis/HJTInstall.exe
Doubleclick the HJTInstall.exe to start it.
By default it will install HijackThis in the Program Files\Trendmicro folder and create a desktop shortcut.
HijackThis will open after install. Press the Scan button below.
This will start the scan and open a log. <<< close HJT until I ask for another HJT log.
Please post to let me know how the computer is running, any malware issues?
Thanks...Phil
Hi,
Thanks so far!
I have reinstalled HJT as required.
I have also tried doing searches in google (the same as yesterday), and I am no longer seeing the same issues!
.....
pskelley
2009-07-30, 16:31
Sounds good, let's do a little cleaning before we move to close.
Please download ATF Cleaner by Atribune
http://www.atribune.org/public-beta/ATF-Cleaner.exe
Save it to your Desktop. We will use this later.
Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ARIO&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
Close all programs but HJT and all browser windows, then click on "Fix Checked"
Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.
Since you initially had issues with Spybot S&D, please make sure the program is up to date and fully immunized, then scan the system.
http://www.safer-networking.org/en/
http://www.safer-networking.org/en/faq/index.html
http://www.safer-networking.org/en/tutorial/index.html
check for updates, run a scan, fix any problems then:
on the toolbar menu select mode and switch to advanced, on the left select tools, view report, make sure all the options are selected near the bottom except:
Uncheck[ ] do not report disabled or known legitimate Items,
uncheck[ ] Include a list of services in report.
Uncheck[ ] Include uninstall list in report.
Now select near top-- view report, Press export, and save the log on your Desktop, post the saved log in your next reply.
Thanks...Phil
Hi Phil,
Thanks for your reply, I have followed the instructions and here is the log from spybot:
--- Search result list ---
Adviva: Tracking cookie (Firefox: Kester Riley (default)) (Cookie, fixed)
Adviva: Tracking cookie (Firefox: Kester Riley (default)) (Cookie, fixed)
DoubleClick: Tracking cookie (Firefox: Kester Riley (default)) (Cookie, fixed)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 DRMLHZ.exe (1.6.0.12)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-01-26 SpybotSD2.exe (1.6.2.46)
2009-01-26 TeaTimer.exe (1.6.4.26)
2009-07-28 unins000.exe (51.49.0.0)
2009-07-31 unins001.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-05-19 Includes\Adware.sbi (*)
2009-07-28 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-05-19 Includes\Dialer.sbi (*)
2009-07-28 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2009-07-28 Includes\HijackersC.sbi (*)
2009-06-23 Includes\Keyloggers.sbi (*)
2009-07-28 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-07-14 Includes\Malware.sbi (*)
2009-07-28 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-07-28 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-07-28 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-04-07 Includes\Spyware.sbi (*)
2009-07-28 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks.uti
2009-07-22 Includes\Trojans.sbi (*)
2009-07-28 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Windows Vista (Build: 6001) Service Pack 1 (6.0.6001)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
--- Startup entries list ---
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
size: 39792
MD5: 392845E8D49B5F0E81AAC4D795000A8C
Located: HK_LM:Run, avast!
command: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
file: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
size: 81000
MD5: FC242DBD786557AC641726DC5C13F060
Located: HK_LM:Run, GrooveMonitor
command: "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
file: C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
size: 31072
MD5: 644795F6985C740F5E36E9336B837D0B
Located: HK_LM:Run, HP Health Check Scheduler
command: c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
file: c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
size: 75008
MD5: 523D786AB9BFC3C228B8C851D402F502
Located: HK_LM:Run, HP Software Update
command: C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
file: C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
size: 54840
MD5: 21293443961A4E2597453EE7A9347F22
Located: HK_LM:Run, hpWirelessAssistant
command: %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
file: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
size: 472776
MD5: AF849798ECA383184C88ED436CF3EFB2
Located: HK_LM:Run, lxdeamon
command: "C:\Program Files\Lexmark 4800 Series\lxdeamon.exe"
file: C:\Program Files\Lexmark 4800 Series\lxdeamon.exe
size: 20480
MD5: 9D8762E2802C4E34CFD41DBB3D934CAE
Located: HK_LM:Run, lxdemon.exe
command: "C:\Program Files\Lexmark 4800 Series\lxdemon.exe"
file: C:\Program Files\Lexmark 4800 Series\lxdemon.exe
size: 455600
MD5: F53DB15F76283D29065F339FA6DA089B
Located: HK_LM:Run, NeroCheck
command: C:\Windows\system32\NeroCheck.exe
file: C:\Windows\system32\NeroCheck.exe
size: 155648
MD5: 3E4C03CEFAD8DE135263236B61A49C90
Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
file: C:\Windows\system32\NvCpl.dll
size: 13556256
MD5: FEDDAB61F1C79D1A2AD7E7A9690B5B24
Located: HK_LM:Run, NvMediaCenter
command: RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
file: C:\Windows\system32\NvMcTray.dll
size: 92704
MD5: AB9391E6DF6DADCD5A237216F3CAC2B7
Located: HK_LM:Run, QlbCtrl
command: %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
file: C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
size: 159744
MD5: A04BE1DBBA0E554B2F33555CCBA5F969
Located: HK_LM:Run, QPService
command: "C:\Program Files\HP\QuickPlay\QPService.exe"
file: C:\Program Files\HP\QuickPlay\QPService.exe
size: 176128
MD5: 041AF1711BF3D6BFF12FD9D28F0AC303
Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre6\bin\jusched.exe"
file: C:\Program Files\Java\jre6\bin\jusched.exe
size: 148888
MD5: A2D390F1F2408B94EF34BFE3A00C29D3
Located: HK_LM:Run, SynTPEnh
command: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
file: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 1045800
MD5: 62B3C9786081ECAAB272A118408D2817
Located: HK_LM:Run, WatcherHelper
command: "C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe"
file: C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe
size: 120088
MD5: 19A40442DB92A11BDFAF946AFEED1B7D
Located: HK_LM:Run, WAWifiMessage
command: %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
file: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
size: 317128
MD5: F533507FE318B46629E84DF630A316F8
Located: HK_LM:Run, Windows Defender
command: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
file: C:\Program Files\Windows Defender\MSASCui.exe
size: 1008184
MD5: 0D392EDE3B97E0B3131B2F63EF1DB94E
Located: HK_LM:Run, Windows Mobile-based device management
command: %windir%\WindowsMobile\wmdc.exe
file: C:\Windows\WindowsMobile\wmdc.exe
size: 563080
MD5: D96CDA05732F68C5FDB3C547C939C98A
Located: HK_CU:Run, ehTray.exe
where: S-1-5-21-2281642347-4059487297-2727361250-1000...
command: C:\Windows\ehome\ehTray.exe
file: C:\Windows\ehome\ehTray.exe
size: 125952
MD5: BF08674925F151BD4537B89A493E3E0C
Located: HK_CU:Run, LightScribe Control Panel
where: S-1-5-21-2281642347-4059487297-2727361250-1000...
command: C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
file: C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
size: 484904
MD5: 9B6414517444980F2ECAD8FA5F66E162
Located: HK_CU:Run, Sidebar
where: S-1-5-21-2281642347-4059487297-2727361250-1000...
command: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
file: C:\Program Files\Windows Sidebar\sidebar.exe
size: 1233920
MD5: FD278E51A7D6F52D22FCE6C67E037AD6
Located: HK_CU:Run, WMPNSCFG
where: S-1-5-21-2281642347-4059487297-2727361250-1000...
command: C:\Program Files\Windows Media Player\WMPNSCFG.exe
file: C:\Program Files\Windows Media Player\WMPNSCFG.exe
size: 202240
MD5: 35937EAD711207544E219C2A19A78A7D
Located: Startup (common), Kodak EasyShare software.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
file: C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
size: 282624
MD5: FBB5B5B4D8C96624C7D57C5FB25F387D
Located: Startup (user), OneNote 2007 Screen Clipper and Launcher.lnk
where: C:\Users\Kester Riley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
file: C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
size: 98696
MD5: A6D772AA861E673636D48B6EB452ADE3
--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Adobe PDF Reader Link Helper
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 23/10/2006 00:08:42
Date (last access): 05/12/2008 11:30:48
Date (last write): 23/10/2006 00:08:42
Filesize: 62080
Attributes: archive
MD5: C11F6A1F61481E24BE3FDC06EA6F7D2A
CRC32: E388508F
Version: 8.0.0.456
{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 28/07/2009 19:16:32
Date (last access): 28/07/2009 19:16:32
Date (last write): 26/01/2009 15:31:02
Filesize: 1879896
Attributes: archive
MD5: 022C2F6DCCDFA0AD73024D254E62AFAC
CRC32: 5BA24007
Version: 1.6.2.14
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Groove GFS Browser Helper
Path: C:\Program Files\Microsoft Office\Office12\
Long name: GrooveShellExtensions.dll
Short name: GRA8E1~1.DLL
Date (created): 12/02/2009 15:19:32
Date (last access): 13/05/2009 12:50:04
Date (last write): 12/02/2009 15:19:32
Filesize: 2217848
Attributes: archive
MD5: A6B5A41C0ED007AB6C43CAD899E533D8
CRC32: BA078F79
Version: 12.0.6421.1000
{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live Sign-in Helper
Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 22/01/2009 15:41:30
Date (last access): 05/04/2009 17:22:42
Date (last write): 22/01/2009 15:41:30
Filesize: 408448
Attributes: archive
MD5: B7899C3E21B299D7A3C0DA96CAE340BD
CRC32: 288935F8
Version: 5.0.818.5
{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 11/01/2009 21:42:34
Date (last access): 09/03/2073 05:20:00
Date (last write): 09/03/2009 05:18:50
Filesize: 35840
Attributes: archive
MD5: 96A225C7F5346A9E81FC3DFA89A900C0
CRC32: BAD5D2EF
Version: 6.0.130.3
--- ActiveX list ---
{00000161-9980-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
Installer: C:\Windows\Downloaded Program Files\msaud.inf
Codebase: http://codecs.microsoft.com/codecs/i386/msaud.cab
{076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher)
DPF name:
CLSID name: F-Secure Online Scanner Launcher
Installer: C:\Windows\Downloaded Program Files\fslauncher.inf
Codebase: http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
Path: C:\Windows\DOWNLO~1\
Long name: fslauncher.dll
Short name: FSLAUN~1.DLL
Date (created): 10/07/2009 10:39:30
Date (last access): 10/07/2009 10:39:30
Date (last write): 10/07/2009 10:39:30
Filesize: 406640
Attributes: archive
MD5: AB1AD9988F8A48CB79CE19B68CB4B448
CRC32: 8E315B25
Version: 1.0.0.1
{33564D57-9980-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
Installer: C:\Windows\Downloaded Program Files\wmv9dmo.inf
Codebase: http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
description: Microsoft WMV Video Codec
classification: Legitimate
known filename: WMV9DMO.CAB
info link:
info source: Patrick M. Kolla
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_13
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 11/01/2009 21:42:34
Date (last access): 09/03/2073 05:20:00
Date (last write): 09/03/2009 05:18:50
Filesize: 94208
Attributes: archive
MD5: 1302DAB0E273CAC0D23E5674BAFE86CD
CRC32: 44AAE4B7
Version: 6.0.130.3
{BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner)
DPF name:
CLSID name: a-squared Scanner
Installer:
Codebase: http://ax.emsisoft.com/asquared.cab
Path: C:\Windows\DOWNLO~1\
Long name: asquared.ocx
Short name:
Date (created): 07/01/2009 09:16:02
Date (last access): 07/01/2009 09:16:02
Date (last write): 07/01/2009 09:16:02
Filesize: 1028728
Attributes: archive
MD5: 896BC6300D334ADA781D6823A0A863D0
CRC32: 08935EEF
Version: 4.0.0.11
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 11/01/2009 21:42:34
Date (last access): 09/03/2073 05:20:00
Date (last write): 09/03/2009 05:18:50
Filesize: 94208
Attributes: archive
MD5: 1302DAB0E273CAC0D23E5674BAFE86CD
CRC32: 44AAE4B7
Version: 6.0.130.3
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_07
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 11/01/2009 21:42:34
Date (last access): 09/03/2073 05:20:00
Date (last write): 09/03/2009 05:18:50
Filesize: 94208
Attributes: archive
MD5: 1302DAB0E273CAC0D23E5674BAFE86CD
CRC32: 44AAE4B7
Version: 6.0.130.3
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_13
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 11/01/2009 21:42:34
Date (last access): 09/03/2073 05:20:00
Date (last write): 09/03/2009 05:18:50
Filesize: 94208
Attributes: archive
MD5: 1302DAB0E273CAC0D23E5674BAFE86CD
CRC32: 44AAE4B7
Version: 6.0.130.3
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_13
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_13.dll
Short name: NPJPI1~1.DLL
Date (created): 09/03/2009 02:53:24
Date (last access): 09/03/2073 05:20:10
Date (last write): 09/03/2009 05:19:10
Filesize: 136600
Attributes: archive
MD5: 20188EB1790C5EB9057DDFE3EA138FC7
CRC32: 2EA1ACCF
Version: 6.0.130.3
{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\Windows\Downloaded Program Files\swflash.inf
Codebase: http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\Windows\system32\Macromed\Flash\
Long name: Flash10b.ocx
Short name:
Date (created): 03/02/2009 03:07:18
Date (last access): 28/07/2009 14:04:42
Date (last write): 03/02/2009 03:07:18
Filesize: 3866528
Attributes: readonly archive
MD5: 8AFC17155ED5AB60B7C52D7F553D579C
CRC32: 0FBC13F3
Version: 10.0.22.87
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} ()
DPF name:
CLSID name:
Installer: C:\Windows\Downloaded Program Files\gp.inf
Codebase: http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
--- Process list ---
PID: 2136 (1156) C:\Windows\system32\taskeng.exe
size: 169472
MD5: 5F109032CE46B7184ED9E50F9FE8489E
PID: 4128 (1132) C:\Windows\system32\Dwm.exe
size: 81920
MD5: 59903071D7ACE6A02093C47E9E38AF97
PID: 4196 (2732) C:\Windows\Explorer.EXE
size: 2927104
MD5: 4F554999D7D5F05DAAEBBA7B5BA1089D
PID: 4416 (4196) C:\Program Files\Windows Defender\MSASCui.exe
size: 1008184
MD5: 0D392EDE3B97E0B3131B2F63EF1DB94E
PID: 4424 (4196) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 1045800
MD5: 62B3C9786081ECAAB272A118408D2817
PID: 4432 (4196) C:\Program Files\HP\QuickPlay\QPService.exe
size: 176128
MD5: 041AF1711BF3D6BFF12FD9D28F0AC303
PID: 4444 (4196) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
size: 159744
MD5: A04BE1DBBA0E554B2F33555CCBA5F969
PID: 4460 (4196) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
size: 472776
MD5: AF849798ECA383184C88ED436CF3EFB2
PID: 4520 (4196) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
size: 317128
MD5: F533507FE318B46629E84DF630A316F8
PID: 4536 (4196) C:\Windows\WindowsMobile\wmdc.exe
size: 563080
MD5: D96CDA05732F68C5FDB3C547C939C98A
PID: 4604 (4196) C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe
size: 120088
MD5: 19A40442DB92A11BDFAF946AFEED1B7D
PID: 4652 (4196) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
size: 31072
MD5: 644795F6985C740F5E36E9336B837D0B
PID: 4700 (4196) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
size: 54840
MD5: 21293443961A4E2597453EE7A9347F22
PID: 4752 (4196) C:\Program Files\Lexmark 4800 Series\lxdemon.exe
size: 455600
MD5: F53DB15F76283D29065F339FA6DA089B
PID: 4760 (4196) C:\Program Files\Lexmark 4800 Series\lxdeamon.exe
size: 20480
MD5: 9D8762E2802C4E34CFD41DBB3D934CAE
PID: 4792 (4196) C:\Windows\System32\rundll32.exe
size: 44544
MD5: 4B555106290BD117334E9A08761C035A
PID: 4808 (4196) C:\Program Files\Java\jre6\bin\jusched.exe
size: 148888
MD5: A2D390F1F2408B94EF34BFE3A00C29D3
PID: 4832 (4196) C:\Program Files\Alwil Software\Avast4\ashDisp.exe
size: 81000
MD5: FC242DBD786557AC641726DC5C13F060
PID: 4856 (4196) C:\Program Files\Windows Sidebar\sidebar.exe
size: 1233920
MD5: FD278E51A7D6F52D22FCE6C67E037AD6
PID: 4888 (4196) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
size: 484904
MD5: 9B6414517444980F2ECAD8FA5F66E162
PID: 4900 (4196) C:\Windows\ehome\ehtray.exe
size: 125952
MD5: BF08674925F151BD4537B89A493E3E0C
PID: 4920 (4196) C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
size: 282624
MD5: FBB5B5B4D8C96624C7D57C5FB25F387D
PID: 5120 (4196) C:\Program Files\Windows Media Player\wmpnscfg.exe
size: 202240
MD5: 35937EAD711207544E219C2A19A78A7D
PID: 5232 ( 884) C:\Windows\system32\wbem\unsecapp.exe
size: 37888
MD5: 25873356E52849C3F5B3F1B02317E8C8
PID: 5284 ( 884) C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
size: 677576
MD5: 241B74792CC295DFDCB7940BBF52B226
PID: 5572 ( 884) C:\Windows\ehome\ehmsas.exe
size: 37376
MD5: 0F4195B9B348DE5CF9B822F81704B20E
PID: 2500 (4424) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
size: 95528
MD5: 1F373C5DB440D92839DDDF63F5BA2E8A
PID: 4228 ( 884) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
size: 3885408
MD5: 16C3811F3A5CD8EA7030A42A75892136
PID: 2540 ( 884) C:\Program Files\Windows Live\Contacts\wlcomm.exe
size: 27512
MD5: 654480EA67078C7B4C6C8BA871B07D5D
PID: 5472 (4196) C:\Program Files\Internet Explorer\iexplore.exe
size: 638216
MD5: C33BD196A0301F9B23D9A003D30ED8B0
PID: 4100 (5472) C:\Program Files\Internet Explorer\iexplore.exe
size: 638216
MD5: C33BD196A0301F9B23D9A003D30ED8B0
PID: 5596 (4196) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 2116 (4196) C:\Program Files\Mozilla Firefox\firefox.exe
size: 307704
MD5: F518C42B2EBBE4C7847914F9AE460AAB
PID: 0 ( 0) [System Process]
PID: 4 ( 0) System
PID: 444 ( 4) smss.exe
size: 64000
PID: 572 ( 560) csrss.exe
size: 6144
PID: 624 ( 560) wininit.exe
size: 96768
PID: 636 ( 616) csrss.exe
size: 6144
PID: 668 ( 624) services.exe
size: 279040
PID: 684 ( 624) lsass.exe
size: 9728
PID: 692 ( 624) lsm.exe
size: 229888
PID: 772 ( 616) winlogon.exe
size: 314880
PID: 884 ( 668) svchost.exe
size: 21504
PID: 936 ( 668) nvvsvc.exe
size: 203296
PID: 964 ( 668) svchost.exe
size: 21504
PID: 1028 ( 668) svchost.exe
size: 21504
PID: 1104 ( 668) svchost.exe
size: 21504
PID: 1132 ( 668) svchost.exe
size: 21504
PID: 1156 ( 668) svchost.exe
size: 21504
PID: 1268 (1104) audiodg.exe
size: 88064
PID: 1288 ( 668) svchost.exe
size: 21504
PID: 1308 ( 668) SLsvc.exe
size: 2623488
PID: 1356 ( 668) svchost.exe
size: 21504
PID: 1464 ( 936) rundll32.exe
size: 44544
PID: 1488 ( 668) svchost.exe
size: 21504
PID: 1684 ( 668) aswUpdSv.exe
PID: 1696 ( 668) ashServ.exe
PID: 1728 (1132) wlanext.exe
size: 74240
PID: 2032 ( 668) spoolsv.exe
size: 125952
PID: 192 ( 668) svchost.exe
size: 21504
PID: 824 ( 668) apache.exe
PID: 1424 ( 668) LSSrvc.exe
PID: 2060 ( 668) lxdecoms.exe
size: 598960
PID: 2088 ( 668) mdm.exe
PID: 2128 ( 668) mysqld-nt.exe
PID: 2164 ( 668) svchost.exe
size: 21504
PID: 2192 ( 668) svchost.exe
size: 21504
PID: 2228 ( 668) svchost.exe
size: 21504
PID: 2268 ( 668) SearchIndexer.exe
size: 439808
PID: 2408 ( 668) XAudio.exe
PID: 2452 ( 668) hpqwmiex.exe
PID: 2928 ( 824) apache.exe
PID: 4008 (1156) taskeng.exe
size: 169472
PID: 4044 ( 668) ashMaiSv.exe
PID: 4060 ( 668) ashWebSv.exe
PID: 2884 ( 668) HPHC_Service.exe
PID: 1352 ( 668) svchost.exe
size: 21504
PID: 2436 ( 668) wmpnetwk.exe
PID: 4488 ( 884) WmiPrvSE.exe
PID: 4972 ( 668) infocard.exe
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 31/07/2009 10:54:55
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.facebook.com/home.php
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\System32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.msn.com/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 3: MSAFD Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 4: MSAFD Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 5: MSAFD Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 6: RSVP TCPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 7: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 8: RSVP UDPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 9: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D943DB3B-EADD-4B4D-B4F7-382AE81B6EAA}] SEQPACKET 16
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D943DB3B-EADD-4B4D-B4F7-382AE81B6EAA}] DATAGRAM 16
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B0DA1FFD-95E0-4915-8451-E904A86DE8D5}] SEQPACKET 10
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B0DA1FFD-95E0-4915-8451-E904A86DE8D5}] DATAGRAM 10
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8F1437F3-7B02-4C0E-87E7-32F67C0AD999}] SEQPACKET 14
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8F1437F3-7B02-4C0E-87E7-32F67C0AD999}] DATAGRAM 14
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9A24FD13-1C44-4F9B-AB45-8D92B4D4FA67}] SEQPACKET 8
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9A24FD13-1C44-4F9B-AB45-8D92B4D4FA67}] DATAGRAM 8
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AA65329D-4D38-4527-932C-3EA03C74830B}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AA65329D-4D38-4527-932C-3EA03C74830B}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FB9F2F8B-3207-4C0F-B4ED-CEB994BE229C}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FB9F2F8B-3207-4C0F-B4ED-CEB994BE229C}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip_{934E457C-235D-4E7A-BD9E-7AD90612F78A}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 23: MSAFD NetBIOS [\Device\NetBT_Tcpip_{934E457C-235D-4E7A-BD9E-7AD90612F78A}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 24: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B8B617E6-3296-47DB-B5A3-2B09E9F1626C}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 25: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B8B617E6-3296-47DB-B5A3-2B09E9F1626C}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 26: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4AD141BF-FF6E-4B63-A7B6-7772A12AE978}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 27: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4AD141BF-FF6E-4B63-A7B6-7772A12AE978}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 28: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{F36C8D63-53E2-4623-84AF-0083BAAB4238}] SEQPACKET 13
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 29: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{F36C8D63-53E2-4623-84AF-0083BAAB4238}] DATAGRAM 13
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 30: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{3AF34C44-6F04-49A9-B8FC-E88530283A6D}] SEQPACKET 15
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 31: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{3AF34C44-6F04-49A9-B8FC-E88530283A6D}] DATAGRAM 15
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 32: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{D943DB3B-EADD-4B4D-B4F7-382AE81B6EAA}] SEQPACKET 17
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 33: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{D943DB3B-EADD-4B4D-B4F7-382AE81B6EAA}] DATAGRAM 17
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 34: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{D862D287-E06F-4B6B-8DE8-DCF6C2C3E98D}] SEQPACKET 12
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 35: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{D862D287-E06F-4B6B-8DE8-DCF6C2C3E98D}] DATAGRAM 12
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 36: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{B0DA1FFD-95E0-4915-8451-E904A86DE8D5}] SEQPACKET 11
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 37: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{B0DA1FFD-95E0-4915-8451-E904A86DE8D5}] DATAGRAM 11
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 38: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{9A24FD13-1C44-4F9B-AB45-8D92B4D4FA67}] SEQPACKET 9
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 39: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{9A24FD13-1C44-4F9B-AB45-8D92B4D4FA67}] DATAGRAM 9
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 40: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{AA65329D-4D38-4527-932C-3EA03C74830B}] SEQPACKET 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 41: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{AA65329D-4D38-4527-932C-3EA03C74830B}] DATAGRAM 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 42: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{B8B617E6-3296-47DB-B5A3-2B09E9F1626C}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 43: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{B8B617E6-3296-47DB-B5A3-2B09E9F1626C}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 44: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{4AD141BF-FF6E-4B63-A7B6-7772A12AE978}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 45: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{4AD141BF-FF6E-4B63-A7B6-7772A12AE978}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Namespace Provider 0: Network Location Awareness Legacy (NLAv1) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename:
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
Namespace Provider 1: E-mail Naming Shim Provider
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:
Namespace Provider 2: PNRP Cloud Namespace Provider
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:
Namespace Provider 3: PNRP Name Namespace Provider
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:
Namespace Provider 4: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename:
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 5: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
pskelley
2009-07-31, 16:07
Looks good, here is information about controlling the cookies. http://www.vista123.net/content/ie8-and-privacy
Some information that may help your computer run better.
http://www.netsquirrel.com/msconfig/msconfig_vista.html
Get maximum performance from Windows Vista
http://windowshelp.microsoft.com/windows/en-us/Help/596FB57F-CC9D-4AC5-A813-5C0830E9156A1033.mspx
Let's see if we can wrap up like this.
Remove combofix from the computer like this:
Click START then RUN
Now type or copy Combofix /u in the runbox and click OK.
Note the space between the X and the U, it needs to be there.
http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png
Windows Vista System Restore Guide
http://www.bleepingcomputer.com/tutorials/tutorial143.html
Update MBAM and scan to be sure we missed none of the junk, there is no need to post a clean scan result.
(MBAM is yours to keep if you wish, keep it updated and run it once a month or so)
Update Avast4 and scan the system, to be sure it is running right and scanning clean.
What's new in avast! version 4
http://www.avast.com/eng/whats_new_in_avast_v2.html
http://www.avast.com/eng/what-is-new-in-avast-4-8.html
If all is well at this point, let me know and I will close the topic.
All information may not apply to Vista:
Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml
http://www.malwarecomplaints.info/
Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.
How hard are your passwords to crack?
http://www.microsoft.com/protect/yourself/password/checker.mspx
http://users.telenet.be/bluepatchy/miekiemoes/Links.html
http://www.microsoft.com/windows/ie/community/columns/protection.mspx
Improve the safety of your browsing and e-mail activities
http://www.microsoft.com/protect/computer/advanced/browsing.mspx
Many thanks for your help!
I really appreciate it.
I have followed all your advice, and I will read those web links!
Thanks Again!