Virtumonde - shows up again and again

**twitchyeye** · 2009-03-15, 22:36

Virtumonde shows up when I run Search and Destroy. It says it cleans it but then appears again during reboot.

firefox, thunderbird, and explorer often won't run and computer requires re-boot daily.

your help is appreciated.

HJT file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:38:06 PM, on 3/15/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Vongo\VongoService.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Vongo\Tray.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Vongo Tray.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://login.facebook.com
O15 - Trusted Zone: http://www.facebook.com
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13330 bytes

**Shaba** · 2009-03-16, 07:31

Hi twitchyeye

Please post next spybot report

**twitchyeye** · 2009-03-16, 16:04

Shaba,
Here is my spybot output.
I didn't post it all. It was way too big. Let me know if you need all of it and how I can get it to you.

Thanks for helping me with this. Note that I have loaded the most recent version of Java since my original post.

--- Search result list ---
Virtumonde: [SBI $92386332] Library (File, nothing done)
C:\Windows\System32\zipfldr.dll

--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---

2008-01-28 blindman.exe (1.0.0.7)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-01-28 SDMain.exe (1.0.0.5)
2007-10-07 SDShred.exe (1.0.1.2)
2008-01-28 SDUpdate.exe (1.0.8.8)
2008-01-28 SDWinSec.exe (1.0.0.11)
2008-01-28 SpybotSD.exe (1.5.2.20)
2009-03-05 TeaTimer.exe (1.6.6.32)
2008-03-16 unins000.exe (51.49.0.0)
2008-01-28 Update.exe (1.4.0.6)
2008-10-22 advcheck.dll (1.6.2.13)
2007-04-02 aports.dll (2.1.0.0)
2007-11-17 DelZip179.dll (1.79.7.4)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-09-15 SDHelper.dll (1.6.2.14)
2008-10-22 Tools.dll (2.1.6.8)
2009-01-22 Includes\Adware.sbi (*)
2009-03-10 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-03-10 Includes\Dialer.sbi (*)
2009-03-10 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-02-10 Includes\Hijackers.sbi (*)
2009-03-03 Includes\HijackersC.sbi (*)
2009-03-10 Includes\Keyloggers.sbi (*)
2009-03-10 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-03-03 Includes\Malware.sbi (*)
2009-03-10 Includes\MalwareC.sbi (*)
2008-12-16 Includes\PUPS.sbi (*)
2009-03-09 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-02-10 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-01-28 Includes\Spyware.sbi (*)
2009-01-28 Includes\SpywareC.sbi (*)
2008-06-03 Includes\Tracks.uti
2009-03-10 Includes\Trojans.sbi (*)
2009-03-10 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2008-12-24 Plugins\TCPIPAddress.dll

--- System information ---
Windows Vista (Build: 6001) Service Pack 1 (6.0.6001)

--- Startup entries list ---
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
size: 39792
MD5: 8B9145D229D4E89D15ACB820D4A3A90F

Located: HK_LM:Run, AppleSyncNotifier
command: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
file: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
size: 111936
MD5: AE2706CA91E7398CFA2069B26D44F424

Located: HK_LM:Run, HP Health Check Scheduler
command: C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
file: C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
size: 50696
MD5: 06B28C3CFD5C995B82F5EF1E5A0A576C

Located: HK_LM:Run, HP Software Update
command: C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
file: C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
size: 54840
MD5: 21293443961A4E2597453EE7A9347F22

Located: HK_LM:Run, hpWirelessAssistant
command: %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
file: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
size: 472776
MD5: AF849798ECA383184C88ED436CF3EFB2

Located: HK_LM:Run, ISTray
command: "C:\Program Files\Spyware Doctor\pctsTray.exe"
file: C:\Program Files\Spyware Doctor\pctsTray.exe
size: 1173384
MD5: EA93088391AE6CBA7B9FD545DDED7DF6

Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 290088
MD5: E6A4E341E4304B34AA280D3E73818C90

Located: HK_LM:Run, Kernel and Hardware Abstraction Layer
command: KHALMNPR.EXE
file: C:\Windows\KHALMNPR.EXE
size: 76304
MD5: E6A9F68D26A094FB78B98180A40A29FC

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, NvMediaCenter
command: RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, NvSvc
command: RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, QlbCtrl
command: %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
file: C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
size: 159744
MD5: A04BE1DBBA0E554B2F33555CCBA5F969

Located: HK_LM:Run, QPService
command: "C:\Program Files\HP\QuickPlay\QPService.exe"
file: C:\Program Files\HP\QuickPlay\QPService.exe
size: 176128
MD5: F1544FC4D25FD26B0CF805BD913D4ECA

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 413696
MD5: 9C9B6807425CEF840C117654D8B033D1

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre6\bin\jusched.exe"
file: C:\Program Files\Java\jre6\bin\jusched.exe
size: 148888
MD5: 3237A58DC79C051004CD3A67C8FBC781

Located: HK_LM:Run, Symantec PIF AlertEng
command: "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
file: C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
size: 583048
MD5: DEB2A99C1AD9B9190C78E895AE60A745

Located: HK_LM:Run, SynTPEnh
command: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
file: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 827392
MD5: 450497C656D16B45EE9D121D64D3289F

Located: HK_LM:Run, WAWifiMessage
command: %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
file: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
size: 317128
MD5: F533507FE318B46629E84DF630A316F8

Located: HK_LM:Run, Windows Defender
command: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
file: C:\Program Files\Windows Defender\MSASCui.exe
size: 1008184
MD5: 0D392EDE3B97E0B3131B2F63EF1DB94E

Located: HK_CU:Run, ehTray.exe
where: S-1-5-21-1159342932-3121789355-2582362783-1000...
command: C:\Windows\ehome\ehTray.exe
file: C:\Windows\ehome\ehTray.exe
size: 125952
MD5: BF08674925F151BD4537B89A493E3E0C

Located: HK_CU:Run, HPAdvisor
where: S-1-5-21-1159342932-3121789355-2582362783-1000...
command: C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
file: C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
size: 1773568
MD5: A0E2B368F7A1C70845EEEE5F2855FD0E

Located: HK_CU:Run, Sidebar
where: S-1-5-21-1159342932-3121789355-2582362783-1000...
command: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
file: C:\Program Files\Windows Sidebar\sidebar.exe
size: 1233920
MD5: FD278E51A7D6F52D22FCE6C67E037AD6

Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-1159342932-3121789355-2582362783-1000...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887

Located: HK_CU:Run, WindowsWelcomeCenter
where: S-1-5-21-1159342932-3121789355-2582362783-1000...
command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:RunOnce, FlashPlayerUpdate
where: S-1-5-21-1159342932-3121789355-2582362783-1000...
command: C:\Windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
file: C:\Windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
size: 235936
MD5: 0AE72A6CF7DA6440320BCF7241CE9ED4

Located: Startup (common), Adobe Gamma Loader.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
file: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
size: 113664
MD5: C2FF17734176CD15221C10044EF0BA1A

Located: Startup (common), HP Digital Imaging Monitor.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
file: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
size: 210520
MD5: F14219FC767F1383526AB423F278A8E3

Located: Startup (common), Logitech SetPoint.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\Logitech\SetPoint\SetPoint.exe
file: C:\Program Files\Logitech\SetPoint\SetPoint.exe
size: 805392
MD5: D0948BE9B3547B9669195D7F84FC09F7

Located: Startup (common), Vongo Tray.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Windows\Installer\{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe
file: C:\Windows\Installer\{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe
size: 53248
MD5: 18D0D787A52859184A834D559525CBE2

Located: Startup (user), OneNote 2007 Screen Clipper and Launcher.lnk
where: C:\Users\Brent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
file: C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
size: 101440
MD5: 9D0EEBDA40D5C33BC63FB8BB984F7681

--- Browser helper object list ---
{053F9267-DC04-4294-A72C-58F732D338C0} (HP Print Clips)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: HP Print Clips
Path: C:\Program Files\Hewlett-Packard\Smart Web Printing\
Long name: hpswp_framework.dll
Short name: HPSWP_~3.DLL
Date (created): 3/2/2007 4:52:08 PM
Date (last access): 9/23/2007 3:15:14 PM
Date (last write): 3/2/2007 4:52:08 PM
Filesize: 177768
Attributes: readonly archive
MD5: A40456DE4EF7E318104955361C72AC9D
CRC32: 6F06AAE2
Version: 2.15.7.0

{6D53EC84-6AAE-4787-AEEE-F4628F01010C} (Symantec Intrusion Prevention)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Symantec Intrusion Prevention
CLSID name: Symantec Intrusion Prevention
Path: C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\
Long name: IPSBHO.dll
Short name:
Date (created): 3/6/2009 6:12:08 AM
Date (last access): 3/6/2009 6:12:08 AM
Date (last write): 2/27/2009 4:02:14 AM
Filesize: 107896
Attributes: readonly archive
MD5: 8FBB36058FF5FD998E5D6592B98819D0
CRC32: 88EB4BD5
Version: 9.0.3.10

{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 3/16/2009 7:08:30 AM
Date (last access): 3/16/2009 7:08:30 AM
Date (last write): 3/16/2009 7:08:30 AM
Filesize: 35840
Attributes: archive
MD5: 2CA866C48BD8781383F63229D4D94349
CRC32: B38362A9
Version: 6.0.120.4

--- ActiveX list ---
{406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia)
DPF name:
CLSID name: Snapfish Activia
Installer: C:\Windows\Downloaded Program Files\SnapfishActivia1000.inf
Codebase: http://www.costcophotocenter.com/CostcoActivia.cab
description:
classification: Legitimate
known filename: SnapfishActivia1000.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\Downloaded Program Files\
Long name: SnapfishActivia1000.ocx
Short name: SNAPFI~1.OCX
Date (created): 6/3/2005 1:24:32 PM
Date (last access): 6/3/2005 1:24:32 PM
Date (last write): 6/3/2005 1:24:32 PM
Filesize: 286720
Attributes: archive
MD5: F5C79C45F1ADF877DC3AFDFF3565AE7B
CRC32: F118547A
Version: 1.0.0.10

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_12
Installer:
Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 3/16/2009 7:08:30 AM
Date (last access): 3/16/2009 7:08:30 AM
Date (last write): 3/16/2009 7:08:30 AM
Filesize: 94208
Attributes: archive
MD5: 7A76116738B2D239220AFDB77F7A414D
CRC32: 08C68F82
Version: 6.0.120.4

{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0
Installer:
Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
description:
classification: Legitimate
known filename: npjpi160.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 3/16/2009 7:08:30 AM
Date (last access): 3/16/2009 7:08:30 AM
Date (last write): 3/16/2009 7:08:30 AM
Filesize: 94208
Attributes: archive
MD5: 7A76116738B2D239220AFDB77F7A414D
CRC32: 08C68F82
Version: 6.0.120.4

{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_03
Installer:
Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 3/16/2009 7:08:30 AM
Date (last access): 3/16/2009 7:08:30 AM
Date (last write): 3/16/2009 7:08:30 AM
Filesize: 94208
Attributes: archive
MD5: 7A76116738B2D239220AFDB77F7A414D
CRC32: 08C68F82
Version: 6.0.120.4

{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_12
Installer:
Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 3/16/2009 7:08:30 AM
Date (last access): 3/16/2009 7:08:30 AM
Date (last write): 3/16/2009 7:08:30 AM
Filesize: 94208
Attributes: archive
MD5: 7A76116738B2D239220AFDB77F7A414D
CRC32: 08C68F82
Version: 6.0.120.4

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_12
Installer:
Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_12.dll
Short name: NPJPI1~1.DLL
Date (created): 3/16/2009 7:08:32 AM
Date (last access): 3/16/2009 7:08:32 AM
Date (last write): 3/16/2009 7:08:32 AM
Filesize: 136600
Attributes: archive
MD5: BB1F300BABFAAFBC9DAABCBADE3347F0
CRC32: 000509E5
Version: 6.0.120.4

{E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class)
DPF name:
CLSID name: GpcContainer Class
Installer: C:\Windows\Downloaded Program Files\ieatgpc.inf
Codebase: https://boeing.webex.com/client/T23L...ex/ieatgpc.cab
description:
classification: Legitimate
known filename: ieatgpc.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\Downloaded Program Files\
Long name: ieatgpc.dll
Short name:
Date (created): 3/29/2007 9:08:56 AM
Date (last access): 3/29/2007 9:08:56 AM
Date (last write): 3/29/2007 9:08:56 AM
Filesize: 80973
Attributes: archive
MD5: D154C06B87FE36DB70868E2A92FEFA8D
CRC32: CFF4D0EC
Version: 2.1.0.0

--- Process list ---
PID: 3740 (1084) C:\Windows\system32\taskeng.exe
size: 169472
MD5: 5F109032CE46B7184ED9E50F9FE8489E
PID: 3856 (1072) C:\Windows\system32\Dwm.exe
size: 81920
MD5: 59903071D7ACE6A02093C47E9E38AF97
PID: 3864 (3816) C:\Windows\Explorer.EXE
size: 2927104
MD5: 4F554999D7D5F05DAAEBBA7B5BA1089D
PID: 3340 (3864) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 827392
MD5: 450497C656D16B45EE9D121D64D3289F
PID: 2720 (3864) C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
size: 54840
MD5: 21293443961A4E2597453EE7A9347F22
PID: 3904 (3864) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
size: 159744
MD5: A04BE1DBBA0E554B2F33555CCBA5F969
PID: 3032 (3864) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
size: 472776
MD5: AF849798ECA383184C88ED436CF3EFB2
PID: 2528 (3864) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
size: 317128
MD5: F533507FE318B46629E84DF630A316F8
PID: 3180 (3864) C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
size: 583048
MD5: DEB2A99C1AD9B9190C78E895AE60A745
PID: 964 (3276) C:\Windows\System32\rundll32.exe
size: 44544
MD5: 4B555106290BD117334E9A08761C035A
PID: 2172 (3864) C:\Program Files\Hp\QuickPlay\QPService.exe
size: 176128
MD5: F1544FC4D25FD26B0CF805BD913D4ECA
PID: 3220 (3864) C:\Program Files\iTunes\iTunesHelper.exe
size: 290088
MD5: E6A4E341E4304B34AA280D3E73818C90
PID: 1028 (3864) C:\Program Files\Spyware Doctor\pctsTray.exe
size: 1173384
MD5: EA93088391AE6CBA7B9FD545DDED7DF6
PID: 344 (3864) C:\Program Files\Windows Sidebar\sidebar.exe
size: 1233920
MD5: FD278E51A7D6F52D22FCE6C67E037AD6
PID: 1380 (3864) C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
size: 1773568
MD5: A0E2B368F7A1C70845EEEE5F2855FD0E
PID: 2836 (3864) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887
PID: 2540 (3864) C:\Windows\ehome\ehtray.exe
size: 125952
MD5: BF08674925F151BD4537B89A493E3E0C
PID: 2380 (3864) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
size: 210520
MD5: F14219FC767F1383526AB423F278A8E3
PID: 1220 (3864) C:\Program Files\Logitech\SetPoint\SetPoint.exe
size: 805392
MD5: D0948BE9B3547B9669195D7F84FC09F7
PID: 4192 ( 872) C:\Windows\ehome\ehmsas.exe
size: 37376
MD5: 0F4195B9B348DE5CF9B822F81704B20E
PID: 4328 ( 344) C:\Program Files\Windows Sidebar\sidebar.exe
size: 1233920
MD5: FD278E51A7D6F52D22FCE6C67E037AD6
PID: 4376 (4236) C:\Program Files\Vongo\Tray.exe
size: 73728
MD5: 660F5FC3FCE2E405D7C7CD30F992961F
PID: 4392 ( 872) C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
size: 677576
MD5: 241B74792CC295DFDCB7940BBF52B226
PID: 4964 (2380) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
size: 151552
MD5: FEDDD3579FEE51A9873D856DF3933C68
PID: 5060 (1220) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
size: 76304
MD5: 19E0D28FE38F55CA4C63F77D3657959A
PID: 3156 (3864) C:\Program Files\Windows Media Player\wmpnscfg.exe
size: 202240
MD5: 35937EAD711207544E219C2A19A78A7D
PID: 3140 (3184) C:\Program Files\Mozilla Firefox\firefox.exe
size: 307704
MD5: 762D1D11BB4E7C8D238D957E5AB60D0E
PID: 528 (3864) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5146448
MD5: 2ECA8CDEED7C82F879E766DA92A3561A
PID: 4024 (3140) C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
size: 341616
MD5: 80660C611B596FFE8AF4074B31AA6FB7
PID: 0 ( 0) [System Process]
PID: 4 ( 0) System
PID: 452 ( 4) smss.exe
size: 64000
PID: 584 ( 572) csrss.exe
size: 6144
PID: 628 ( 572) wininit.exe
size: 96768
PID: 644 ( 636) csrss.exe
size: 6144
PID: 680 ( 628) services.exe
size: 279040
PID: 696 ( 628) lsass.exe
size: 9728
PID: 704 ( 628) lsm.exe
size: 229888
PID: 796 ( 636) winlogon.exe
size: 314880
PID: 872 ( 680) svchost.exe
size: 21504
PID: 940 ( 680) svchost.exe
size: 21504
PID: 1040 ( 680) svchost.exe
size: 21504
PID: 1072 ( 680) svchost.exe
size: 21504
PID: 1084 ( 680) svchost.exe
size: 21504
PID: 1244 (1040) audiodg.exe
size: 88064
PID: 1280 ( 680) SLsvc.exe
size: 2623488
PID: 1316 ( 680) svchost.exe
size: 21504
PID: 1480 ( 680) svchost.exe
size: 21504
PID: 1668 ( 680) spoolsv.exe
size: 125952
PID: 1700 ( 680) svchost.exe
size: 21504
PID: 1988 ( 680) AppleMobileDeviceService.exe
PID: 2016 ( 680) mDNSResponder.exe
PID: 2040 ( 680) CLCapSvc.exe
PID: 460 ( 680) svchost.exe
size: 21504
PID: 500 ( 680) LSSrvc.exe
PID: 700 ( 680) PIFSvc.exe
PID: 1236 ( 680) svchost.exe
size: 21504
PID: 1428 ( 680) ccSvcHst.exe
PID: 1780 ( 680) svchost.exe
size: 21504
PID: 1860 ( 680) svchost.exe
size: 21504
PID: 1400 ( 680) pctsAuxs.exe
PID: 852 ( 680) pctsSvc.exe
PID: 2244 (1084) taskeng.exe
size: 169472
PID: 2364 ( 680) svchost.exe
size: 21504
PID: 2388 ( 680) VongoService.exe
PID: 2444 ( 680) svchost.exe
size: 21504
PID: 2468 ( 680) SearchIndexer.exe
size: 439808
PID: 2492 ( 680) XAudio.exe
PID: 2504 ( 680) hpqwmiex.exe
PID: 2620 ( 680) SDWinSec.exe
size: 810320
MD5: A0C00A6265949AC72AB51B711743CA6D
PID: 2712 (1072) WUDFHost.exe
size: 142336
PID: 3696 (1428) ccSvcHst.exe
PID: 2428 ( 680) svchost.exe
size: 21504
PID: 3664 ( 872) WmiPrvSE.exe
PID: 2668 ( 680) TFService.exe
PID: 3992 ( 872) WmiPrvSE.exe
PID: 5344 ( 680) iPodService.exe
PID: 5452 ( 680) PresentationFontCache.exe
PID: 5508 ( 680) HPHC_Service.exe
PID: 1020 ( 680) wmpnetwk.exe
PID: 4132 (5312) jusched.exe

--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 3/16/2009 7:56:08 AM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.tennistour.org/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://www.google.com/search?q=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896

--- Winsock Layered Service Provider list ---
Protocol 0: PCTOOLS over [MSAFD Tcpip [TCP/IP]]
GUID: {A225733F-19EF-4BC5-905F-523877F9A7F5}
Filename: C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll

Protocol 1: PCTOOLS over [MSAFD Tcpip [UDP/IP]]
GUID: {A225733F-19EF-4BC5-905F-523877F9A7F5}
Filename: C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll

Protocol 2: PCTOOLS over [MSAFD Tcpip [RAW/IP]]
GUID: {A225733F-19EF-4BC5-905F-523877F9A7F5}
Filename: C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll

Protocol 27: PCTOOLS CONTENT FILTER PROVIDER
GUID: {7F9EB0B5-7444-4497-AEEF-D0E2C76F9FAD}
Filename: C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll

Namespace Provider 1: E-mail Naming Shim Provider
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:

Namespace Provider 2: PNRP Cloud Namespace Provider
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

Namespace Provider 3: PNRP Name Namespace Provider
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

--- Uninstall list ---

--- System Services ---
Service (registry key): .NET CLR Data
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NET CLR Networking
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NET Data Provider for Oracle
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NET Data Provider for SqlServer
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NETFramework
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): 61883
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: 61883 Unit Device
Image path: system32\DRIVERS\61883.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): ACPI
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft ACPI Driver
Image path: system32\drivers\acpi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): adp94xx
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\adp94xx.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): adpahci
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\adpahci.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): adpu160m
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\adpu160m.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): adpu320
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\adpu320.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): adsi
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): AeLookupSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\aelupsvc.dll,-1
Description: @%SystemRoot%\system32\aelupsvc.dll,-2
Object name: localSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): AFD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Ancilliary Function Driver for Winsock
Description: Ancilliary Function Driver for Winsock
Image path: \SystemRoot\system32\drivers\afd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): agp440
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel AGP Bus Filter
Image path: \SystemRoot\system32\drivers\agp440.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): aic78xx
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\djsvs.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): ALG
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\Alg.exe,-112
Description: @%SystemRoot%\system32\Alg.exe,-113
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\alg.exe
Image size: 59392
Image MD5: A1545B731579895D8CC44FC0481C1192
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): aliide
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\aliide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 3

Service (registry key): amdagp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AMD AGP Bus Filter Driver
Image path: \SystemRoot\system32\drivers\amdagp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): amdide
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\amdide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 3

Service (registry key): AmdK7
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AMD K7 Processor Driver
Image path: \SystemRoot\system32\drivers\amdk7.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): AmdK8
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AMD K8 Processor Driver
Image path: system32\DRIVERS\amdk8.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Appinfo
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\appinfo.dll,-100
Description: @%systemroot%\system32\appinfo.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,ProfSvc

Service (registry key): Apple Mobile Device
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Apple Mobile Device
Description: Provides the interface to Apple mobile devices.
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
Image size: 132424
Image MD5: A8AA9D47F971570A5162B862B80F87E8
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: Tcpip

Service (registry key): arc
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\arc.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): arcsas
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\arcsas.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): AsyncMac
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: RAS Asynchronous Media Driver
Description: RAS Asynchronous Media Driver
Image path: system32\DRIVERS\asyncmac.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): atapi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IDE Channel
Image path: system32\drivers\atapi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): AudioEndpointBuilder
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\audiosrv.dll,-204
Description: @%SystemRoot%\System32\audiosrv.dll,-205
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: PlugPlay

Service (registry key): Audiosrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\audiosrv.dll,-200
Description: @%SystemRoot%\System32\audiosrv.dll,-201
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: AudioEndpointBuilder,RpcSs,MMCSS

Service (registry key): Avc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AVC Device
Image path: system32\DRIVERS\avc.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): BattC
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): BCM43XV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Broadcom Extensible 802.11 Network Adapter Driver
Image path: system32\DRIVERS\bcmwl6.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): BCM43XX
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Broadcom 802.11 Network Adapter Driver
Image path: system32\DRIVERS\bcmwl6.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Beep
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Beep
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): BFE
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\bfe.dll,-1001
Description: @%SystemRoot%\system32\bfe.dll,-1002
Object name: NT AUTHORITY\LocalService
Image path: %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): BHDrvx86
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Symantec Heuristics Driver
Image path: \SystemRoot\System32\Drivers\NAV\1005000.086\BHDrvx86.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Depends On services: SymEFA,FltMgr

Service (registry key): BITS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\qmgr.dll,-1000
Description: @%SystemRoot%\system32\qmgr.dll,-1001
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,EventSystem

Service (registry key): blbdrive
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\blbdrive.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): Bonjour Service
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Bonjour Service
Description: Bonjour allows applications like iTunes and Safari to advertise and discover services on the local network. Having Bonjour running enables you to connect to hardware devices like Apple TV and software services like iTunes sharing and AirTunes. If you disable Bonjour, any network service that explicitly depends on it will fail to start.
Object name: LocalSystem
Image path: "C:\Program Files\Bonjour\mDNSResponder.exe"
Image size: 238888
Image MD5: 9EFE4236F8670846B6E7C5B0EFF6E715
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: Tcpip

Service (registry key): bowser
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Bowser
Description: Implements the datagram receiver for the computer browser browser service.
Image path: system32\DRIVERS\bowser.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1

Service (registry key): BrFiltLo
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother USB Mass-Storage Lower Filter Driver
Image path: \SystemRoot\system32\drivers\brfiltlo.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): BrFiltUp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother USB Mass-Storage Upper Filter Driver
Image path: \SystemRoot\system32\drivers\brfiltup.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Browser
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\browser.dll,-100
Description: @%systemroot%\system32\browser.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,LanmanServer

Service (registry key): Brserid
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother MFC Serial Port Interface Driver (WDM)
Image path: \SystemRoot\system32\drivers\brserid.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): BrSerWdm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother WDM Serial driver
Image path: \SystemRoot\system32\drivers\brserwdm.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): BrUsbMdm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother MFC USB Fax Only Modem
Image path: \SystemRoot\system32\drivers\brusbmdm.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): BrUsbSer
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother MFC USB Serial WDM Driver
Image path: \SystemRoot\system32\drivers\brusbser.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): BTHMODEM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Bluetooth Serial Communications Driver
Image path: \SystemRoot\system32\drivers\bthmodem.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): ccHP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Symantec Hash Provider
Image path: \SystemRoot\System32\Drivers\NAV\1005000.086\ccHPx86.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Depends On services: SymEFA

Service (registry key): cdfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: CD/DVD File System Reader
Description: ISO9660/Joliet File System Reader for CD/DVDs. (Core) (All pieces)
Image path: system32\DRIVERS\cdfs.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 2
Error Control: 1
Depends On group: "SCSI CDROM Class"

Service (registry key): cdrom
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: CD-ROM Driver
Image path: system32\DRIVERS\cdrom.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): CertPropSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\certprop.dll,-11
Description: @%SystemRoot%\System32\certprop.dll,-12
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): circlass
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Consumer IR Devices
Image path: \SystemRoot\system32\drivers\circlass.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): CLCapSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: CyberLink Background Capture Service (CBCS)
Description: Provides background buffering, recording and burning functionality for CyberLink Capturing
Object name: LocalSystem
Image path: "C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe"
Image size: 270431
Image MD5: 16356E5A3D7BE77B2010BE72C36E944C
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1
Depends On services: RPCSS

Service (registry key): CLFS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Common Log (CLFS)
Description: Common Log (CLFS)
Image path: System32\CLFS.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): clr_optimization_v2.0.50727_32
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft .NET Framework NGEN v2.0.50727_X86
Description: Microsoft .NET Framework NGEN
Object name: LocalSystem
Image path: %systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
Image size: 69632
Image MD5: D87ACAED61E417BBA546CED5E7E36D9C
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 0

Service (registry key): CLSched
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: CyberLink Task Scheduler (CTS)
Description: Enables a user to configure and schedule a automated task for CyberLink Scheduling
Object name: LocalSystem
Image path: "C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe"
Image size: 118877
Image MD5: E97D797AF6C2E64BFC22EEB7FA58BB63
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1
Depends On services: RPCSS,CLCapSvc

Service (registry key): CmBatt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft ACPI Control Method Battery Driver
Image path: system32\DRIVERS\CmBatt.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): cmdide
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\cmdide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 3

Service (registry key): CnxtHdAudService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Conexant UAA Function Driver for High Definition Audio Service
Image path: system32\drivers\CHDRT32.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Com4Qlb
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Com4Qlb
Object name: LocalSystem
Image path: "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe"
Image size: 110592
Image MD5: A5AAA656403E5E7AFA9647CE73DBF944
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): Compbatt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Composite Battery Driver
Image path: system32\DRIVERS\compbatt.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): COMSysApp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @comres.dll,-947
Description: @comres.dll,-948
Object name: LocalSystem
Image path: %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Image size: 7168
Image MD5: BE01E566D1F569AAB32D0335613E1EEA
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RpcSs,EventSystem,SENS

Service (registry key): crcdisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Crcdisk Filter Driver
Image path: system32\drivers\crcdisk.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): Crusoe
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Transmeta Crusoe Processor Driver
Image path: \SystemRoot\system32\drivers\crusoe.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): crypt32
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): CryptSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\cryptsvc.dll,-1001
Description: @%SystemRoot%\system32\cryptsvc.dll,-1002
Object name: NT Authority\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k NetworkService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): DCLocator
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): DcomLaunch
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @oleres.dll,-5012
Description: @oleres.dll,-5013
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k DcomLaunch
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): DfsC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\drivers\dfsc.sys,-101
Description: @%systemroot%\system32\drivers\dfsc.sys,-102
Image path: System32\Drivers\dfsc.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1
Depends On services: Mup

Service (registry key): DFSR
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @dfsrres.dll,-101
Description: @dfsrres.dll,-102
Object name: LocalSystem
Image path: %SystemRoot%\system32\DFSR.exe
Image size: 2091520
Image MD5: FA3463F25F9CC9C3BCF1E7912FEFF099
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RpcSs,EventSystem

Service (registry key): Dhcp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\dhcpcsvc.dll,-100
Description: @%SystemRoot%\system32\dhcpcsvc.dll,-101
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: NSI,Tdx,Afd

Service (registry key): disk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Disk Driver
Image path: system32\drivers\disk.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): Dnscache
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\dnsapi.dll,-101
Description: @%SystemRoot%\System32\dnsapi.dll,-102
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k NetworkService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: Tdx

Service (registry key): dot3svc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\dot3svc.dll,-1102
Description: @%systemroot%\system32\dot3svc.dll,-1103
Object name: localSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,Ndisuio,Eaphost

Service (registry key): Dot4
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: MS IEEE-1284.4 Driver
Image path: system32\DRIVERS\Dot4.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Dot4Print
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Print Class Driver for IEEE-1284.4
Image path: system32\DRIVERS\Dot4Prt.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): dot4usb
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: MS Dot4USB Filter Dot4USB Filter
Image path: system32\DRIVERS\dot4usb.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): DPS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\dps.dll,-500
Description: @%systemroot%\system32\dps.dll,-501
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

****************removed the rest - too big to post.**** let me know and I can email it to you.

**Shaba** · 2009-03-16, 16:25

That is a false positive which is corrected in latest Spybot. Please update your Spybot to latest version and let me know if it still finds it.

**twitchyeye** · 2009-03-16, 17:41

I downloaded the newer version of spybot, although I had all the latest updates before.

I ran the new version scan and it showed up clean.

thanks for your assistance. I was in a bit of a panic trying to clean this up. It's good to know it was a false positive.

**Shaba** · 2009-03-16, 17:46

Great

Still some issues?

**twitchyeye** · 2009-03-20, 14:25

Shaba,
I wanted to give my PC some time to see the effects.

Here are the symptoms:
My email works for a while when I reboot then in the first hour it is unable to connect and times out.

Next, I am unable to run any applications from my desktop and my program menu.

Eventually the desktop freezes and I need to reboot.

I've run spyware doctor, Nortons, S&D and they come up empty.

Something's got a hold of my laptop and it's not showing up.

Could you provide additional assistance.

Thanks

**Shaba** · 2009-03-20, 18:26

Those are likely windows related issues.

I think it is best to redirect you to some windows forum if that is OK?

We can of course run some scans but I don't really think that those are malware related.

**twitchyeye** · 2009-03-21, 01:38

Sharma, do you recommend any forums for windows issues?

**Shaba** · 2009-03-21, 09:48

My nick is Shaba

I recommend this place.

Thread: Virtumonde - shows up again and again

Thread Tools

Display

Virtumonde - shows up again and again

still an issue

Posting Permissions