Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91734 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Computer Running Slow - Hard Drive Chugging Away


  • This topic is locked This topic is locked
23 replies to this topic

#1 NormanR

NormanR

    Authentic Member

  • Authentic Member
  • PipPip
  • 166 posts

Posted 24 May 2008 - 08:27 AM

Hi There,

I received the following advice from one of the team members in response to posting details relating to a problem I have. The advice given is as follows:

Looking at the pcpitstop results you posted you have a number of issues that could be slowing the computer down.
Many unneeded startup items, a highly fragmented drive, too many antivirus software programs running at the same time also some device drivers that need updating.
All of those things can be fixed in due course.

The most disturbing thing is the RegistryCleanFix2008 you have installed, this has been linked to a Trojan called MonaRonaDona.
This infection is pure social engineering and try to get you to purchase unneeded software for a non-existent problem.
I would highly recommend getting a opinion from the Malware experts on this forum on how to remove this Trojan if you have it.
I am almost certain they will have you remove one of your antivirus apps from the start. You have one too many.
I would recommend losing either Avg or Spywaredoctor.


My original posting relating to the above problem was as follows:

My computer is running slow much of the time. I have run several antispyware programmes but nothing shows up. Also my hard drive seems to be working and chugging away a lot of the time, even when I'm not using any applications. Also, Task Manager isn't working (it opens but when I try to close any programme with it, nothing happens) and I wonder if there's any connection to the previously mentioned problem. I'm using Windows Vista Home Premium. Thanks for any help you are able to give.

I will appreciate any help. Thanks.

Norman

Edited by NormanR, 24 May 2008 - 08:29 AM.

    Advertisements

Register to Remove


#2 gringo_pr

gringo_pr

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 423 posts

Posted 09 June 2008 - 03:49 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens.

Please do not run any other tool untill instructed to do so!
Please reply to this thread, do not start another!
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.

Sorry about the delay in responding :( The forums have been very busy

If you still need help, Scan with HijackThis, and copy/paste" a the log file into this thread.

:install hijackthis:

  • Download HJTInstall.exe to your Desktop.
  • Doubleclick HJTInstall.exe to install it.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Copy/Paste the log to your next reply please.


    Don't use the Analyse This button, its findings are dangerous if misinterpreted.
    Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required
    .

Also please make an uninstall list and post that as well

Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in your next reply.


Gringo


#3 NormanR

NormanR

    Authentic Member

  • Authentic Member
  • PipPip
  • 166 posts

Posted 10 June 2008 - 01:45 AM

Hi Gringo,

Thank you so much for your response. Listed below is the HijackThis log file followed by the uninstall list. I look forward to hear from you.

Regards,
Norman

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:40:07, on 10/06/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Common Files\aol\1184266834\ee\aolsoftware.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Kontiki\KService.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\ehome\ehRecvr.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\AOL 9.0 VRb\waol.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\AOL 9.0 VRb\shellmon.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iii.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [PCMM2007RT] "C:\Program Files\PC MightyMax 2007\pcmm2007.exe" /R
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1184266834\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [DT Task] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.truprint....rintActivia.cab
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel® Viiv™ Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 13001 bytes

and now the uninstall list.

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
32 Bit HP CIO Components Installer
Ad-Aware 2007
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Apple Software Update
ATI Uninstaller
AVG 7.5
BBC iPlayer Download Manager
CutePDF Writer 2.7
Enhanced Multimedia Keyboard Solution
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Hardware Diagnostic Tools
HijackThis 2.0.2
HP Customer Participation Program 8.0
HP Driver Diagnostics
HP Easy Setup - Core
HP Easy Setup - Frontend
HP Imaging Device Functions 8.0
HP My Display
HP OCR Software 8.0
HP On-Screen Caps/Num/Scroll Lock Indicator
HP Photosmart Essential
HP Picasso Media Center Add-In
HP Update
HPSSupply
ICQ6
Intel® Matrix Storage Manager
Intel® Viiv™ Software
iTunes
Java™ 6 Update 3
Java™ 6 Update 5
MainConcept for Software Encoder
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSVC80_x86
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
NCH Toolbox Uninstall
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia PC Suite
ParetoLogic Data Recovery
PC Connectivity Solution
Pop-Up Stopper Free Edition
Privacy Guardian 4.1
Python 2.4.3
QuickTime
RealPlayer
Realtek High Definition Audio Driver
RegistryCleanFix2008
Revo Uninstaller 1.50
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
RTC Client API v1.2
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Excel 2007 (KB946974)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Office 2007 (KB947801)
Security Update for Visio 2007 (KB947590)
Spyware Doctor 5.5
Spyware Sweeper Pro
SpywareBlaster 4.0
Universal Document Converter
Update for Office 2007 (KB946691)
Windows Driver Package - Nokia Modem (03/05/2008 3.7)
Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)
Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2)
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
Windows Live Messenger
Windows Live Sign-in Assistant
WinPatrol 2007

#4 gringo_pr

gringo_pr

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 423 posts

Posted 10 June 2008 - 04:48 PM

Hello NormanR

Sorry for taking so long to get to you.

First, you have alot of security programs running at the same time, this uses alot of resources as they all try to do the same thing. I am going to have you keep one of them that hase real time protection and uninstall the rest then I will have you download a very good stand alone scanner to scan with if you feel something has gotten by.

:uninstall some programs:

  • Click on Start > Control Panel.
  • Double click on Programs and Features.
  • Select these programs

    • Ad-Aware 2007
      Java™ 6 Update 3
      RegistryCleanFix2008
      Spyware Doctor 5.5
      Spyware Sweeper Pro
      SpywareBlaster 4.0
    and click on Uninstall to uninstall it.
  • Close the Control Panel window.

I am having you keep winpatrol which is a very goog real time scanner with some very good features

Now this is the stand alone scanner I want you to download

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

:OTMoveIt2:

  • Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
C:\Program Files\PC MightyMax 2007
  • Return to OTMoveIt2, right click in the "Paste Standard List of Files/Folders to Move" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2


    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


I would like to dig a little more into your system


: Download and Run DSS :

Download Deckard's System Scanner (DSS) to your Desktop. You must be logged onto an account with administrator privileges.
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<- this one will be minimized.
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt in your reply.

:information and logs:

In your next post I need the following

1.log from MBAM
2.log from otmoveit2
3.both logs from DSS
[/list]
Gringo


#5 NormanR

NormanR

    Authentic Member

  • Authentic Member
  • PipPip
  • 166 posts

Posted 11 June 2008 - 04:32 AM

Hi Gringo,

Thanks for your response, no need to apologise for any delay - I thought it was fast! I have followed your instructions and removed the programs you listed. I downloaded and installed Malwarebytes then ran it but encountered a problem. Whist running it my computer shut down unexpectedly and then restarted. I started again and the same thing occurred. I then restarted in Safe Mode, ran Malwarebytes and this time it finished the scan. It detected a number of infections and I though that if I were to run it again after the infections were removed it might finish the scan in Normal Windows Mode. Unfortunately after about 11 minutes into the scan my computer shut down again. Lots of listings appeared on the screen before it restarted - too fast for me to read and note but one thing I managed to read was INVALID_KERNEL_HANDLE. I don't know if the message is of any help. The MBAM log that follows was from when the scan was done whilst in Safe Mode so I don't know whether or not it is of use. No other programme affect my computer in this way.

I'm haven't run OTMoveIt2 or DSS as I will await to hear from you whether I should still do so given the above problem as I don't know whether the results of these depend on what was found whilst scanning in Malwarebyte.

Thanks again for your help so far and I will await to hear from you.

Regards,
Norman

MBAM Log follows whilst run in safe mode.


Malwarebytes' Anti-Malware 1.17
Database version: 846

10:47:08 11/06/2008
mbam-log-6-11-2008 (10-47-08).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Objects scanned: 154665
Time elapsed: 23 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 7
Files Infected: 14

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\MPMFC1 (Rogue.SearchAndDestroy) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\SpywareSweeperProMFC (Rogue.SpywaresweeperPro) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Spyware Sweeper Pro (Rogue.Spyware.Sweeper) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Sweeper Pro\Uninstall (Rogue.Spyware.Sweeper) -> Quarantined and deleted successfully.
C:\Windows\Spyware Sweeper Pro (Rogue.SpywaresweeperPro) -> Quarantined and deleted successfully.
C:\Users\Norman R\AppData\Roaming\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Users\Norman R\AppData\Roaming\AdwareAlert\Log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Users\Norman R\AppData\Roaming\AdwareAlert\Settings (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Users\Norman R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spyware Sweeper Pro (Rogue.Spyware.Sweeper) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Spyware Sweeper Pro\Spyware Sweeper Pro.exe (Rogue.Spyware.Sweeper) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Sweeper Pro\Uninstall\IRIMG1.JPG (Rogue.Spyware.Sweeper) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Sweeper Pro\Uninstall\IRIMG2.JPG (Rogue.Spyware.Sweeper) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Sweeper Pro\Uninstall\IRIMG3.JPG (Rogue.Spyware.Sweeper) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Sweeper Pro\Uninstall\uninstall.dat (Rogue.Spyware.Sweeper) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Sweeper Pro\Uninstall\uninstall.xml (Rogue.Spyware.Sweeper) -> Quarantined and deleted successfully.
C:\Users\Norman R\AppData\Roaming\AdwareAlert\rs.dat (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Users\Norman R\AppData\Roaming\AdwareAlert\Log\2008 Jan 29 - 04_44_30 PM_253.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Users\Norman R\AppData\Roaming\AdwareAlert\Log\2008 Jan 29 - 04_44_44 PM_772.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Users\Norman R\AppData\Roaming\AdwareAlert\Settings\ScanResults.pie (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Users\Norman R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spyware Sweeper Pro\Spyware Sweeper Pro.lnk (Rogue.Spyware.Sweeper) -> Quarantined and deleted successfully.
C:\Users\Norman R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spyware Sweeper Pro\Uninstall Spyware Sweeper Pro.lnk (Rogue.Spyware.Sweeper) -> Quarantined and deleted successfully.
C:\Windows\Spyware Sweeper Pro Setup Log.txt (Rogue.SpywaresweeperPro) -> Quarantined and deleted successfully.
C:\Users\Norman R\Desktop\Spyware Sweeper Pro.lnk (Rogue.SpywaresweeperPro) -> Quarantined and deleted successfully.

#6 gringo_pr

gringo_pr

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 423 posts

Posted 11 June 2008 - 01:36 PM

right click on malwarebyts and run as administrator and contenue with the rest of the instructions even if malwarebytes don't work Gringo

#7 NormanR

NormanR

    Authentic Member

  • Authentic Member
  • PipPip
  • 166 posts

Posted 11 June 2008 - 02:25 PM

Hi Gringo, I have run Malwarebytes as Administrator but the shutdown persists. I will now continue with the rest of your instructions. Thanks, Norman

#8 NormanR

NormanR

    Authentic Member

  • Authentic Member
  • PipPip
  • 166 posts

Posted 11 June 2008 - 02:27 PM

Gringo, Here is the result from OTMoveIt2: C:\Program Files\PC MightyMax 2007\undo moved successfully. C:\Program Files\PC MightyMax 2007 moved successfully. OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06112008_212450 Thanks again, Norman

#9 NormanR

NormanR

    Authentic Member

  • Authentic Member
  • PipPip
  • 166 posts

Posted 11 June 2008 - 02:46 PM

Gringo,

Have now run DSS and here are the log files as instructed.

I will await to hear further.

Norman.

MAIN TEXT


Deckard's System Scanner v20071014.68
Run by Norman R on 2008-06-11 21:31:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
26: 2008-06-11 08:09:54 UTC - RP542 - Removed Java™ 6 Update 5
25: 2008-06-11 08:07:59 UTC - RP541 - Removed Ad-Aware 2007
24: 2008-06-07 22:41:13 UTC - RP540 - Scheduled Checkpoint
23: 2008-06-06 07:21:40 UTC - RP539 - Windows Update
22: 2008-06-04 09:03:01 UTC - RP536 - Windows Update


-- First Restore Point --
1: 2008-05-07 09:04:35 UTC - RP515 - Windows Update


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Norman R.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:39:10, on 11/06/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\aol\1184266834\ee\aolsoftware.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\hp\kbd\kbd.exe
C:\Users\Norman R\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Norman R.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iii.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [PCMM2007RT] "C:\Program Files\PC MightyMax 2007\pcmm2007.exe" /R
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1184266834\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [DT Task] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.truprint....rintActivia.cab
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel® Viiv™ Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 9788 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - C:\Windows\System32\rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
.js - JSFile - shell\open\command - C:\Windows\System32\WScript.exe "%1" %*
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*
.vbs - VBSFile - shell\open\command - "C:\Windows\System32\WScript.exe" "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 DQLWinService - "c:\program files\common files\intel\inteldh\nms\adpplugins\dqlwinservice.exe" <Not Verified; ; DQLWinSe Application>
R2 DTSRVC (Portrait Displays Display Tune Service) - c:\program files\portrait displays\hp my display\dtsrvc.exe
R3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

S2 CLTNetCnService (Symantec Lic NetConnect service) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)
S2 IntelDHSvcConf (Intel DH Service) - "c:\program files\intel\inteldh\intel media server\tools\inteldhsvcconf.exe" <Not Verified; Intel® Corporation; Intel® Viiv™ Software>
S3 AlertService (Intel® Alert Service) - "c:\program files\intel\inteldh\ccu\alertservice.exe" <Not Verified; Intel® Corporation; Intel® Viiv™ Software>
S3 ISSM (Intel® Software Services Manager) - "c:\program files\intel\inteldh\intel media server\media server\bin\issm.exe" <Not Verified; Intel® Corporation; Intel® Viiv™ Software>
S3 M1 Server (Intel® Viiv™ Media Server) - c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe
S3 MCLServiceATL (Intel® Application Tracker) - "c:\program files\intel\inteldh\intel media server\shells\mclserviceatl.exe" <Not Verified; Intel® Corporation; Intel® Viiv™ Software>
S3 Remote UI Service (Intel® Remoting Service) - "c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe" <Not Verified; Intel® Corporation; Intel® Viiv™ Software>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-11 18:00:00 448 --a------ C:\Windows\Tasks\ParetoLogic Registration.job
2008-06-11 17:48:28 424 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{6F43FA6D-4F51-4E44-AD77-C674C924CA6F}.job
2008-05-26 00:33:06 422 --a------ C:\Windows\Tasks\ParetoLogic Update Version2.job


-- Files created between 2008-05-11 and 2008-06-11 -----------------------------

2008-06-11 21:17:34 0 --a------ C:\curjmpsv
2008-06-11 13:26:08 0 --a------ C:\usojmpsv
2008-06-11 10:01:05 0 --a------ C:\mxijmpsv
2008-06-11 09:41:24 0 d-------- C:\Users\All Users\Malwarebytes
2008-06-11 09:41:24 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-10 08:39:33 0 d-------- C:\Program Files\Trend Micro
2008-05-26 00:07:54 0 d-------- C:\Program Files\ICQ6
2008-05-18 14:06:33 6600 -----n--- C:\Windows\hpomdl18.dat


-- Find3M Report ---------------------------------------------------------------

2008-06-11 09:41:25 0 d-------- C:\Users\Norman R\AppData\Roaming\Malwarebytes
2008-06-11 09:16:15 0 d-------- C:\Program Files\SpywareBlaster
2008-06-11 09:12:35 0 d-------- C:\Program Files\Java
2008-06-11 09:08:58 0 d-------- C:\Program Files\Common Files
2008-06-03 11:29:59 0 d-------- C:\Users\Norman R\AppData\Roaming\AVG7
2008-06-02 23:43:10 0 d-------- C:\Program Files\AOL 9.0 VRb
2008-05-26 00:14:18 0 d-------- C:\Users\Norman R\AppData\Roaming\ICQ
2008-05-26 00:10:10 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-21 12:00:00 0 d-------- C:\Users\Norman R\AppData\Roaming\Snapfish
2008-05-18 15:32:28 0 d-------- C:\Users\Norman R\AppData\Roaming\Nokia
2008-05-18 15:32:28 1232 --a------ C:\Users\Norman R\AppData\Roaming\NMM-MetaData.db
2008-05-18 13:40:09 130797 -----n--- C:\Windows\hpoins18.dat
2008-05-15 08:46:54 0 d-------- C:\Program Files\Windows Mail
2008-04-18 18:01:26 0 d-------- C:\Program Files\Common Files\PCSuite
2008-04-18 18:01:26 0 d-------- C:\Program Files\Common Files\Nokia
2008-04-18 18:01:25 0 d-------- C:\Program Files\Nokia
2008-04-18 17:59:03 0 d-------- C:\Program Files\PC Connectivity Solution
2008-04-15 20:15:58 100 --a------ C:\Windows\system32\prsgrc.dll
2008-04-15 20:15:58 340 --a------ C:\Windows\system32\hijddqg.dll
2008-03-25 13:49:26 144 --a------ C:\Users\Norman R\AppData\Roaming\wklnhst.dat
2008-03-14 17:38:05 1024 --a------ C:\Windows\system32\jkd2bn0.dll
2008-03-14 17:38:03 72 --a------ C:\Windows\system32\ssprs.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [12/07/2007 23:20]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [28/09/2006 14:42]
"KBD"="C:\HP\KBD\KbdStub.EXE" [08/12/2006 16:16]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [20/11/2006 12:34]
"RtHDVCpl"="RtHDVCpl.exe" [18/01/2007 15:46 C:\Windows\RtHDVCpl.exe]
"CCUTRAYICON"="FactoryMode" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [15/04/2008 15:58]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [19/04/2007 18:11]
"UDC Integration"="" []
"PCMM2007RT"="C:\Program Files\PC MightyMax 2007\pcmm2007.exe" []
"HostManager"="C:\Program Files\Common Files\AOL\1184266834\ee\AOLSoftware.exe" [14/11/2006 15:01]
"DT Task"="C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 23:16]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [27/01/2008 06:38]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [10/12/2006 22:52]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [26/09/2007 15:42]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 02:11]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [10/01/2008 08:24]
"StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [10/11/2006 20:35]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 13:35]
"PopUpStopperFreeEdition"="C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe" [17/03/2005 12:10]
"RegistryCleanFixMFC"="" []
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [28/03/2008 11:20]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [26/03/2008 18:41]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 13:36]
"Uniblue RegistryBooster 2"="c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [02/01/2007 22:40:10]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 11/07/2007 22:41 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {E505DA68-3442-5D45-2BD4-1AF0B6312E53} /qb

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-06-11 21:41:48 ------------

EXTRA TEXT

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: English

CPU 0: Intel® Core™2 CPU 6700 @ 2.66GHz
Percentage of Memory in Use: 36%
Physical Memory (total/avail): 2045.87 MiB / 1299.16 MiB
Pagefile Memory (total/avail): 4306.53 MiB / 3166.82 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1916.41 MiB

C: is Fixed (NTFS) - 459.03 GiB total, 365.06 GiB free.
D: is Fixed (NTFS) - 6.73 GiB total, 0.68 GiB free.
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Fixed (NTFS) - 465.75 GiB total, 401.67 GiB free.

\\.\PHYSICALDRIVE0 - ST3500630AS - 465.76 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 459.03 GiB - C:
\PARTITION1 - Installable File System - 6.73 GiB - D:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 -

\\.\PHYSICALDRIVE5 - ST350063 0AS USB Device - 465.76 GiB - 1 partition
\PARTITION0 - Extended w/Extended Int 13 - 465.75 GiB - J:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: AVG 7.5.524 v7.5.524 (Grisoft)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
AS: SpywareBot v ()

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Norman R\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=NORMANR-PC
ComSpec=C:\Windows\system32\cmd.exe
DEFAULT_CA_NR=CA8
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Norman R
LOCALAPPDATA=C:\Users\Norman R\AppData\Local
LOGONSERVER=\\NORMANR-PC
NUMBER_OF_PROCESSORS=2
OnlineServices=Online Services
OS=Windows_NT
Path=C:\Program Files\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\hp\bin\Python;c:\Program Files\ATI Technologies\ATI.ACE\Core-Static;c:\Program Files\Common Files\Roxio Shared\DLLShared;c:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PCBRAND=Pavilion
PLATFORM=HPD
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
RoxioCentral=c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\NORMAN~1\AppData\Local\Temp
TMP=C:\Users\NORMAN~1\AppData\Local\Temp
USERDOMAIN=NormanR-PC
USERNAME=Norman R
USERPROFILE=C:\Users\Norman R
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

IUSR_NMPR (new local, net ready)
Norman R (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
32 Bit HP CIO Components Installer --> MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\UninstFl.exe -q
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Mobile Device Support --> MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI Uninstaller --> C:\Program Files\ATI\CIM\Bin\Atisetup.exe -uninstall all
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
BBC iPlayer Download Manager --> MsiExec.exe /I {D466F3D9-510C-4729-B7D4-2E70490E4CDF}
CutePDF Writer 2.7 --> C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe /uninstall
Enhanced Multimedia Keyboard Solution --> C:\HP\KBD\Install.exe /u
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Hardware Diagnostic Tools --> C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Customer Participation Program 8.0 --> C:\Program Files\Hewlett-Packard\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Driver Diagnostics --> MsiExec.exe /I{ED3F469E-D9EC-4DF1-968F-5812CE2F30F8}
HP Easy Setup - Core --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}\setup.exe" -l0x9
HP Easy Setup - Frontend --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
HP Imaging Device Functions 8.0 --> C:\Program Files\Hewlett-Packard\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP My Display --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84288B51-B162-47FB-A74E-25C6D67E44BB}\setup.exe" -l0x9 -removeonly
HP OCR Software 8.0 --> C:\Program Files\Hewlett-Packard\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP On-Screen Caps/Num/Scroll Lock Indicator --> C:\Windows\system32\OsdRemove.exe
HP Photosmart Essential --> MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Picasso Media Center Add-In --> MsiExec.exe /I{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HPSSupply --> MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}
ICQ6 --> "C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
Intel® Matrix Storage Manager --> C:\Windows\System32\Imsmudlg.exe
Intel® Viiv™ Software --> MsiExec.exe /X{6E7BF6EC-C3E7-43A7-8A03-0D204E3EC01B} /qb!
iTunes --> MsiExec.exe /I{B045B608-4A47-4C77-9EAD-06C394503306}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
MainConcept for Software Encoder --> c:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{E7A02A01-C75A-4490-A168-5CA709A3D862}
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs --> MsiExec.exe /X{90120000-00B2-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
MSVC80_x86 --> MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
NCH Toolbox Uninstall --> C:\Program Files\NCH Swift Sound\ToolBox\uninst.exe
Nokia Connectivity Cable Driver --> MsiExec.exe /X{4F1DCA42-2030-437C-A94E-736692A499C1}
Nokia PC Suite --> C:\ProgramData\Installations\{0FC76B71-2534-4354-B255-3468578E3F47}\Nokia_PC_Suite_rel_6_86_9_0_eng.exe
Nokia PC Suite --> MsiExec.exe /I{0FC76B71-2534-4354-B255-3468578E3F47}
ParetoLogic Data Recovery --> MsiExec.exe /I{15D8D315-BB4C-4867-BCD7-2B829EF0F38B}
PC Connectivity Solution --> MsiExec.exe /I{AC599724-5755-48C1-ABE7-ABB857652930}
Pop-Up Stopper Free Edition --> C:\PROGRA~1\PANICW~1\POP-UP~1\UNWISE.EXE C:\PROGRA~1\PANICW~1\POP-UP~1\INSTALL.LOG
Privacy Guardian 4.1 --> "C:\Program Files\Privacy Guardian\unins000.exe"
Python 2.4.3 --> MsiExec.exe /I{75E71ADD-042C-4F30-BFAC-A9EC42351313}
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Revo Uninstaller 1.50 --> C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
Roxio Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Roxio Creator Audio --> MsiExec.exe /X{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9 --> MsiExec.exe /X{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy --> MsiExec.exe /X{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data --> MsiExec.exe /X{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator EasyArchive --> MsiExec.exe /X{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Creator Tools --> MsiExec.exe /X{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3 --> MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9 --> MsiExec.exe /X{938B1CD7-7C60-491E-AA90-1F1888168240}
RTC Client API v1.2 --> MsiExec.exe /X{44CDBD1B-89FB-4E02-8319-2A4C550F664A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Visio 2007 (KB947590) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Universal Document Converter --> "C:\Program Files\Universal Document Converter\unins000.exe"
Update for Office 2007 (KB946691) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Windows Driver Package - Nokia Modem (03/05/2008 3.7) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokia_bluetooth.inf_ce5ad925\nokia_bluetooth.inf
Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_674398ba\nokbtmdm.inf
Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_7837a5db\nokbtmdm.inf
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
WinPatrol 2007 --> C:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0


-- Application Event Log -------------------------------------------------------

Event Record #/Type39815 / Success
Event Submitted/Written: 06/11/2008 09:19:45 PM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type39814 / Success
Event Submitted/Written: 06/11/2008 09:19:40 PM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type39810 / Success
Event Submitted/Written: 06/11/2008 09:19:32 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.

Event Record #/Type39798 / Error
Event Submitted/Written: 06/11/2008 08:22:10 PM
Event ID/Source: 1002 / Application Hang
Event Description:
The program waol.exe version 9.5.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 310
Start Time: 01c8cbf5d979bfc0
Termination Time: 14

Event Record #/Type39782 / Success
Event Submitted/Written: 06/11/2008 06:09:51 PM
Event ID/Source: 5617 / WinMgmt
Event Description:




-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type147202 / Error
Event Submitted/Written: 06/11/2008 09:20:45 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
i8042prt

Event Record #/Type147165 / Error
Event Submitted/Written: 06/11/2008 09:20:45 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
AVG Network redirector%%2

Event Record #/Type147159 / Error
Event Submitted/Written: 06/11/2008 09:20:45 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Parallel port driver%%1058

Event Record #/Type147106 / Error
Event Submitted/Written: 06/11/2008 09:19:17 PM
Event ID/Source: 6008 / EventLog
Event Description:
The previous system shutdown at 21:17:30 on 11/06/2008 was unexpected.

Event Record #/Type147105 / Warning
Event Submitted/Written: 06/11/2008 09:19:04 PM
Event ID/Source: 4 / E100B
Event Description:
Adapter Intel® PRO/100 VE Network Connection: Adapter Link Down



-- End of Deckard's System Scanner: finished at 2008-06-11 21:41:48 ------------

#10 gringo_pr

gringo_pr

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 423 posts

Posted 12 June 2008 - 10:21 AM

Hello Norman

:Fix file associations with DSS:

Make sure DSS.exe is on your Desktop
Next press Start->Run,
copy/paste the following command into the box and press OK:

"%userprofile%\desktop\dss.exe" /daft


Press OK to the disclaimer(s) and then press Scan
Place checkmarks in all the boxes that appear and press Fix
Then close Deckard's System Scanner


:run combofix:

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
This allows us to more easily help you should your computer have a problem after an attempted removal of malware.
It is a simple procedure that will only take a few moments of your time.


Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.
Please continue as follows:

  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the report in your next post:

C:\ComboFix.txt
[/list] :information and logs:

In your next post I need the following

1.log from combofix
2.new log from hijackthis (right click and run as admin)
[/list]
Gringo

    Advertisements

Register to Remove


#11 NormanR

NormanR

    Authentic Member

  • Authentic Member
  • PipPip
  • 166 posts

Posted 13 June 2008 - 03:18 AM

Hi Gringo,

I have run Combofix and another HijackThis (fix not activated as per your previous instructions). I didn't install the Recovery Console as this was for Windows XP and I have Vista. Instructions for Vista users pointed out that Vista users can use their windows CD to boot up into the recovery envronment but as my computer came pre-installed with Vista, no discs were supplied. I have made 2 recovery discs from my own system but am not sure whether these are the same thing. Anyway, I assume the XP Recovery Console would not be of use to me. The two log files follow. As ever, thanks agin for your efforts in helping me so far.

Reagrds,
Norman


COMBOFIX LOG FILE FOLLOWS:


ComboFix 08-06-11.3 - Norman R 2008-06-13 9:45:48.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1300 [GMT 1:00]
Running from: C:\Users\Norman R\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\Fonts\CALIBRIB.TTF
C:\Windows\system32\hijddqg.dll
C:\Windows\system32\kmd.exe
C:\Windows\system32\prsgrc.dll
C:\Windows\system32\ssprs.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-13 to 2008-06-13 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-13 08:47 --------- d-----w C:\ProgramData\Kontiki
2008-06-12 10:30 --------- d-----w C:\ProgramData\avg7
2008-06-12 05:57 --------- d-----w C:\Program Files\Windows Mail
2008-06-11 20:13 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-06-11 08:41 --------- d-----w C:\Users\Norman R\AppData\Roaming\Malwarebytes
2008-06-11 08:41 --------- d-----w C:\ProgramData\Malwarebytes
2008-06-11 08:16 --------- d-----w C:\Program Files\SpywareBlaster
2008-06-11 08:14 --------- d---a-w C:\ProgramData\TEMP
2008-06-11 08:12 --------- d-----w C:\Program Files\Java
2008-06-10 18:02 34,296 ----a-w C:\Windows\system32\drivers\mbamcatchme.sys
2008-06-10 18:02 15,864 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-06-10 07:39 --------- d-----w C:\Program Files\Trend Micro
2008-06-03 10:29 --------- d-----w C:\Users\Norman R\AppData\Roaming\AVG7
2008-06-02 22:43 --------- d-----w C:\Program Files\AOL 9.0 VRb
2008-05-25 23:14 --------- d-----w C:\Users\Norman R\AppData\Roaming\ICQ
2008-05-25 23:14 --------- d-----w C:\Program Files\ICQ6
2008-05-25 23:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-21 11:00 --------- d-----w C:\Users\Norman R\AppData\Roaming\Snapfish
2008-05-18 14:32 --------- d-----w C:\Users\Norman R\AppData\Roaming\Nokia
2008-05-15 07:46 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-10 03:30 14,848 ----a-w C:\Windows\System32\wshrm.dll
2008-05-10 01:21 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys
2008-04-26 08:02 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-04-25 04:23 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-04-25 04:23 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-04-25 04:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-04-25 04:22 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-04-24 11:59 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-04-18 17:01 --------- d-----w C:\Program Files\Nokia
2008-04-18 17:01 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-04-18 17:01 --------- d-----w C:\Program Files\Common Files\Nokia
2008-04-18 16:59 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-04-18 15:16 --------- d-----w C:\ProgramData\Installations
2008-03-25 12:49 144 ----a-w C:\Users\Norman R\AppData\Roaming\wklnhst.dat
2007-08-29 13:17 174 --sha-w C:\Program Files\desktop.ini
2007-07-24 11:49 22 --sha-w C:\Windows\SMINST\HPCD.sys
2008-01-23 15:17 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\index.dat
2008-01-23 15:17 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008012320080124\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 08:24 1232896]
"StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 20:35 90112]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"PopUpStopperFreeEdition"="C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe" [2005-03-17 12:10 536576]
"RegistryCleanFixMFC"="" []
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-03-28 11:20 1079296]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 18:41 1232896]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
"Uniblue RegistryBooster 2"="c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 14:42 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 16:16 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2006-11-20 12:34 155648]
"RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 15:46 4349952 C:\Windows\RtHDVCpl.exe]
"CCUTRAYICON"="FactoryMode" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 15:58 579584]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-04-19 18:11 151552]
"UDC Integration"="" []
"PCMM2007RT"="C:\Program Files\PC MightyMax 2007\pcmm2007.exe" [ ]
"HostManager"="C:\Program Files\Common Files\AOL\1184266834\ee\AOLSoftware.exe" [2006-11-14 15:01 50736]
"DT Task"="C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2008-01-27 06:38 316728]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2006-12-10 22:52 49152]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 15:42 267064]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-25 09:36 219136]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 18:41 1232896]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-01-02 22:40:10 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2007-07-11 22:41 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3B09520B-FA54-4771-9A01-BDF98BFB6416}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{D23DA5BB-5F60-45BC-928C-B95DFDEB7A31}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{E5048E57-5F89-42DD-BA95-F618027BB48F}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv™ Media Server
"{89FFAFFF-58C9-4129-8FAE-31A11D6B3138}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv™ Media Server
"{99F1E42F-55CC-4290-96DA-13D75686D193}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service
"{9157B256-C05E-4012-9B3D-1963EF2AE4D8}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service
"{F1DA17ED-705E-4A3B-BA2E-4433FFAABFFF}"= TCP:9442:127.0.0.1:Intel® Viiv™ Media Server Discovery
"{503068BF-BAFB-4F73-A187-85452576AD36}"= TCP:1900:LocalSubnet:LocalSubnet:Intel® Viiv™ Media Server UPnP Discovery
"{EEA3A6EB-DCF2-4D95-8788-8228F34F6404}"= UDP:C:\Program Files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialler
"{3A8491DE-FCB0-4297-AB5C-711BFC8DD324}"= TCP:C:\Program Files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialler
"{DD54329B-CE72-4A34-81E0-FBD3F978D90F}"= UDP:C:\Program Files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Services
"{ED266B62-CE6A-47CE-9258-94EA64616559}"= TCP:C:\Program Files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Services
"{ACAE232C-EFA2-47EA-92CE-22FE66BC005D}"= UDP:C:\Program Files\AOL 9.0 VRa\waol.exe:AOL
"{49F4E9A8-ED33-4C9F-B760-69646958A3E1}"= TCP:C:\Program Files\AOL 9.0 VRa\waol.exe:AOL
"{854B58D1-4F80-4D5B-8336-9D1ADD41B6FE}"= UDP:C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{756C6D44-F78A-4E0F-9281-995C4DC38EFF}"= TCP:C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{909ECF78-5DEC-43DF-B21A-2902FE1AE82D}"= UDP:C:\Program Files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{A06571CE-4581-453C-802B-01073EEB1F15}"= TCP:C:\Program Files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{8C9F00C6-31BB-478C-A3C7-62313C8F33D2}"= UDP:C:\Program Files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{AFC16B33-5E91-4B22-969F-FCB540E066CF}"= TCP:C:\Program Files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{AF2FC41C-F118-4B82-A8CE-A6A2E052B3A9}"= Disabled:UDP:C:\Users\Norman R\AppData\Local\Temp\7zSB720.tmp\setup\HPZnui01.exe:hpznui01.exe
"{65CEBAF4-7534-4C5F-952F-9DE8F292D944}"= Disabled:TCP:C:\Users\Norman R\AppData\Local\Temp\7zSB720.tmp\setup\HPZnui01.exe:hpznui01.exe
"{B0F708AD-58D5-44F4-83B4-466196D573C7}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{01C029BD-CF16-49BD-AD4F-E23DC092E654}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{9869C3A4-D96B-49A8-8F12-FA3397FF228E}"= UDP:C:\Program Files\AOL 9.0 VRb\waol.exe:AOL
"{2C472BEF-E0C0-4224-BF31-59806A304F16}"= TCP:C:\Program Files\AOL 9.0 VRb\waol.exe:AOL
"{4D52DE74-0A03-4703-8159-2008F0A44706}"= UDP:C:\hp\support\HPSysInfo.exe:HP Pavilion support information
"{5A9F2286-54D5-477F-A988-A4C7AF57B566}"= TCP:C:\hp\support\HPSysInfo.exe:HP Pavilion support information
"{D1AEF37D-80D3-44DD-B07B-B2AE02512E09}"= Disabled:UDP:C:\Users\Norman R\AppData\Local\Temp\7zS35A5.tmp\setup\HPZnui01.exe:hpznui01.exe
"{0DEB4BB9-1FB8-4933-A73D-7F6B094931BE}"= Disabled:TCP:C:\Users\Norman R\AppData\Local\Temp\7zS35A5.tmp\setup\HPZnui01.exe:hpznui01.exe
"{F8D045FF-E4E6-480A-89BD-863752F58B96}"= Disabled:UDP:C:\Users\Norman R\AppData\Local\Temp\7zS4EDA.tmp\setup\HPZnui01.exe:hpznui01.exe
"{DCE3B8AD-B4FB-4808-9643-C8DCFCC92863}"= Disabled:TCP:C:\Users\Norman R\AppData\Local\Temp\7zS4EDA.tmp\setup\HPZnui01.exe:hpznui01.exe
"{C3F9434C-39D0-4011-8F6F-B9ACCAA8E878}"= Disabled:UDP:C:\Users\Norman R\AppData\Local\Temp\7zS5688.tmp\setup\HPZnui01.exe:hpznui01.exe
"{90D8D64B-9F45-4918-A6DC-9043B6C064B6}"= Disabled:TCP:C:\Users\Norman R\AppData\Local\Temp\7zS5688.tmp\setup\HPZnui01.exe:hpznui01.exe
"{2CC9CC6F-02AC-47CC-80DE-50382EF9CB72}"= Disabled:UDP:C:\Users\Norman R\AppData\Local\Temp\7zSDC88.tmp\setup\HPZnui01.exe:hpznui01.exe
"{A9B11C3A-9CC0-4C26-A31F-3E15842D1315}"= Disabled:TCP:C:\Users\Norman R\AppData\Local\Temp\7zSDC88.tmp\setup\HPZnui01.exe:hpznui01.exe
"{560CF44F-A3C0-4E92-86FC-0F3C33C1AC0C}"= Disabled:UDP:C:\Users\Norman R\AppData\Local\Temp\7zS38BB.tmp\setup\HPZnui01.exe:hpznui01.exe
"{9F76C193-0598-453E-BBBD-CF7BB14EECFF}"= Disabled:TCP:C:\Users\Norman R\AppData\Local\Temp\7zS38BB.tmp\setup\HPZnui01.exe:hpznui01.exe
"{CA22ECC1-69B0-4ECE-A4D1-D848F1A9C295}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{BD75C0DB-4346-4918-B174-294CE5C6FC33}"= Disabled:UDP:C:\Users\Norman R\AppData\Local\Temp\7zS22DB.tmp\setup\HPZnui01.exe:hpznui01.exe
"{6E4EA83B-3B15-4915-A03B-17111C0DD290}"= Disabled:TCP:C:\Users\Norman R\AppData\Local\Temp\7zS22DB.tmp\setup\HPZnui01.exe:hpznui01.exe
"{2EFD9E85-1FB9-42BA-813C-DDD987F27E92}"= Disabled:UDP:C:\Users\Norman R\AppData\Local\Temp\7zSC764.tmp\setup\HPZnui01.exe:hpznui01.exe
"{204821FC-075D-4669-BE5A-BC44C6B8B695}"= Disabled:TCP:C:\Users\Norman R\AppData\Local\Temp\7zSC764.tmp\setup\HPZnui01.exe:hpznui01.exe
"TCP Query User{A38ABFF0-3BFE-4EB5-9675-8EB0342E0FFC}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{0885D946-AC93-451E-AD08-5D2D125E30DE}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{B859D2C9-7CB2-47E7-90BE-ED5FF28860C0}C:\\program files\\winmx\\winmx.exe"= UDP:C:\program files\winmx\winmx.exe:WinMX Application
"UDP Query User{208C0DA1-64DB-4807-9AC3-B77919436D24}C:\\program files\\winmx\\winmx.exe"= TCP:C:\program files\winmx\winmx.exe:WinMX Application
"{25DC6786-6EFF-4BEE-9217-308F515F2387}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{C7480C92-BA60-4ED1-A459-6A6373C26EBD}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{43B295A8-37BD-4F20-BECD-DB443253501A}"= Disabled:UDP:C:\Users\Norman R\AppData\Local\Temp\7zSEC06.tmp\setup\HPZnui01.exe:hpznui01.exe
"{C916A634-1019-438C-965F-C3A52CEC20BF}"= Disabled:TCP:C:\Users\Norman R\AppData\Local\Temp\7zSEC06.tmp\setup\HPZnui01.exe:hpznui01.exe
"{44C64A1C-F759-4469-8E07-5B95575880BC}"= UDP:C:\Program Files\RapidSolution\Tunebite\TunebiteHelper.exe:TunebiteHelper
"{AB4EAEE1-62FB-494F-8F57-1CE641D8BC31}"= TCP:C:\Program Files\RapidSolution\Tunebite\TunebiteHelper.exe:TunebiteHelper
"{3055D081-45A7-4966-B173-3807817620BA}"= UDP:C:\Program Files\Kontiki\KService.exe:Delivery Manager Service
"{DCDF5654-5311-424D-AAD0-1D3E15CF31FA}"= TCP:C:\Program Files\Kontiki\KService.exe:Delivery Manager Service
"{34CED6D0-8135-449A-87AD-6DE219E131D6}"= UDP:C:\Program Files\Common Files\aol\1184266834\ee\aolsoftware.exe:AOL Shared Components
"{B7FEDD06-D641-412B-BAC0-0036A390ACDE}"= TCP:C:\Program Files\Common Files\aol\1184266834\ee\aolsoftware.exe:AOL Shared Components
"{230D0A7E-D9D7-4445-8813-9DBE053F5052}"= Disabled:UDP:C:\Users\Norman R\AppData\Local\Temp\7zSA929.tmp\setup\HPZnui01.exe:hpznui01.exe
"{3FC417CA-0EC5-440F-80A1-01A77B9CE917}"= Disabled:TCP:C:\Users\Norman R\AppData\Local\Temp\7zSA929.tmp\setup\HPZnui01.exe:hpznui01.exe
"{2A0437BA-5AC1-4A81-B04A-A37FDCB4C558}"= Disabled:UDP:C:\Users\Norman R\AppData\Local\Temp\7zSF778.tmp\setup\HPZnui01.exe:hpznui01.exe
"{A3467230-5966-4E4E-975C-0A7A7B0C5835}"= Disabled:TCP:C:\Users\Norman R\AppData\Local\Temp\7zSF778.tmp\setup\HPZnui01.exe:hpznui01.exe
"{3F69FD2C-A797-4B5E-8564-6FDF26F47B3E}"= Disabled:UDP:C:\Users\Norman R\AppData\Local\Temp\7zSF4D9.tmp\setup\HPZnui01.exe:hpznui01.exe
"{EA6B8A20-822F-4ED2-8FED-50A88A52684D}"= Disabled:TCP:C:\Users\Norman R\AppData\Local\Temp\7zSF4D9.tmp\setup\HPZnui01.exe:hpznui01.exe
"{302622BD-E0C7-462C-83C6-C20C59A0E886}"= Disabled:UDP:C:\Users\Norman R\AppData\Local\Temp\7zS9EBF.tmp\setup\HPZnui01.exe:hpznui01.exe
"{677696C6-6543-42BB-B1A0-61FA53FC12C1}"= Disabled:TCP:C:\Users\Norman R\AppData\Local\Temp\7zS9EBF.tmp\setup\HPZnui01.exe:hpznui01.exe
"{ACEAB55F-DCCA-436D-912A-74FAE946DD2E}"= Disabled:UDP:C:\Users\Norman R\AppData\Local\Temp\7zS647D.tmp\setup\HPZnui01.exe:hpznui01.exe
"{A7E3020F-4168-4C12-8B80-F379AC3C4424}"= Disabled:TCP:C:\Users\Norman R\AppData\Local\Temp\7zS647D.tmp\setup\HPZnui01.exe:hpznui01.exe
"{5E17CD76-E800-46A3-8C40-52098E622127}"= Disabled:UDP:C:\Users\Norman R\AppData\Local\Temp\7zS675.tmp\setup\HPZnui01.exe:hpznui01.exe
"{DC627617-541E-41E7-A290-627DC052A622}"= Disabled:TCP:C:\Users\Norman R\AppData\Local\Temp\7zS675.tmp\setup\HPZnui01.exe:hpznui01.exe
"{F95BD173-20D5-47CA-B0F2-CAA85EC32B3D}"= Disabled:UDP:C:\Users\Norman R\AppData\Local\Temp\7zSB53F.tmp\setup\HPZnui01.exe:hpznui01.exe
"{1CF469D1-18CB-4F6D-88E9-2A20B4D7A45B}"= Disabled:TCP:C:\Users\Norman R\AppData\Local\Temp\7zSB53F.tmp\setup\HPZnui01.exe:hpznui01.exe
"{E399C26A-7E6D-458D-94FF-217D91347FA5}"= Disabled:UDP:C:\Users\Norman R\AppData\Local\Temp\7zS4CF6.tmp\setup\HPZnui01.exe:hpznui01.exe
"{5973E6BB-CC1D-4542-821B-079DF87C3221}"= Disabled:TCP:C:\Users\Norman R\AppData\Local\Temp\7zS4CF6.tmp\setup\HPZnui01.exe:hpznui01.exe
"{A8F37807-32FB-47A2-8E06-24ADFE611109}"= Disabled:UDP:C:\Users\Norman R\AppData\Local\Temp\7zS5D5B.tmp\setup\HPZnui01.exe:hpznui01.exe
"{F63C3F17-AC4F-409F-A665-7D02B7D42624}"= Disabled:TCP:C:\Users\Norman R\AppData\Local\Temp\7zS5D5B.tmp\setup\HPZnui01.exe:hpznui01.exe
"{4380F95C-A452-461F-8357-080B1C0A922D}"= Disabled:UDP:C:\Users\Norman R\AppData\Local\Temp\7zSAB6B.tmp\setup\HPZnui01.exe:hpznui01.exe
"{356A5B03-2D6D-42E4-A684-31B1BA7E0973}"= Disabled:TCP:C:\Users\Norman R\AppData\Local\Temp\7zSAB6B.tmp\setup\HPZnui01.exe:hpznui01.exe
"{61DBF9F4-8606-41B7-839F-E49E074CC435}"= Disabled:UDP:C:\Users\Norman R\AppData\Local\Temp\7zS8009.tmp\setup\HPZnui01.exe:hpznui01.exe
"{4667215E-0770-4CD7-955B-288C78727F28}"= Disabled:TCP:C:\Users\Norman R\AppData\Local\Temp\7zS8009.tmp\setup\HPZnui01.exe:hpznui01.exe
"{4A222CE1-4DEF-404E-B1EB-EA4EA076618D}"= Disabled:UDP:C:\Users\Norman R\AppData\Local\Temp\7zS232D.tmp\setup\HPZnui01.exe:hpznui01.exe
"{921F4EB0-AF28-497F-898F-246C57D638BB}"= Disabled:TCP:C:\Users\Norman R\AppData\Local\Temp\7zS232D.tmp\setup\HPZnui01.exe:hpznui01.exe
"{0BA5A324-95A5-4244-9B80-D0C024591668}"= Disabled:UDP:C:\Users\Norman R\AppData\Local\Temp\7zSD1D0.tmp\setup\HPZnui01.exe:hpznui01.exe
"{1ECCA5CA-252D-4DCA-83A1-4089BFBE1D4C}"= Disabled:TCP:C:\Users\Norman R\AppData\Local\Temp\7zSD1D0.tmp\setup\HPZnui01.exe:hpznui01.exe
"TCP Query User{598A3EB6-C620-4B23-B284-E86220E8075E}C:\\program files\\webmediaplayer\\webmediaplayer.exe"= UDP:C:\program files\webmediaplayer\webmediaplayer.exe:WebMediaPlayer
"UDP Query User{D3F41F8A-4930-4938-A785-C099710C67F2}C:\\program files\\webmediaplayer\\webmediaplayer.exe"= TCP:C:\program files\webmediaplayer\webmediaplayer.exe:WebMediaPlayer
"{1CE4525C-3103-4D60-8C3B-F4EBBDE69F8C}"= Disabled:UDP:C:\Users\Norman R\AppData\Local\Temp\7zSFDE0.tmp\setup\HPZnui01.exe:hpznui01.exe
"{85B421AD-8BFB-4DCC-909F-D91B6781988F}"= Disabled:TCP:C:\Users\Norman R\AppData\Local\Temp\7zSFDE0.tmp\setup\HPZnui01.exe:hpznui01.exe
"{76500A3C-834F-4A40-B40D-6CB81B54A8C0}"= Disabled:UDP:C:\Users\Norman R\AppData\Local\Temp\7zSC685.tmp\setup\HPZnui01.exe:hpznui01.exe
"{CEECEE82-477E-4A12-AFED-AC3360DA34A9}"= Disabled:TCP:C:\Users\Norman R\AppData\Local\Temp\7zSC685.tmp\setup\HPZnui01.exe:hpznui01.exe
"{0F91C401-BD76-4028-B78D-7F90DE4DC555}"= Disabled:UDP:C:\Users\Norman R\AppData\Local\Temp\7zS2FAE.tmp\setup\HPZnui01.exe:hpznui01.exe
"{B970BAE5-146E-4613-B4F7-78F44A26C50A}"= Disabled:TCP:C:\Users\Norman R\AppData\Local\Temp\7zS2FAE.tmp\setup\HPZnui01.exe:hpznui01.exe
"{8A95F836-1E69-40D0-83A2-9A76B96A7DD9}"= Disabled:UDP:C:\Users\Norman R\AppData\Local\Temp\7zSEC15.tmp\setup\HPZnui01.exe:hpznui01.exe
"{92AA75EB-E6C9-4873-AF65-0D2588D9EF31}"= Disabled:TCP:C:\Users\Norman R\AppData\Local\Temp\7zSEC15.tmp\setup\HPZnui01.exe:hpznui01.exe
"{24C01455-4277-41E3-ABEA-CE6F88AE9AFF}"= Disabled:UDP:C:\Users\Norman R\AppData\Local\Temp\7zSFD34.tmp\setup\HPZnui01.exe:hpznui01.exe
"{3BC59773-61E7-4EAF-A5F7-BE8390E3267D}"= Disabled:TCP:C:\Users\Norman R\AppData\Local\Temp\7zSFD34.tmp\setup\HPZnui01.exe:hpznui01.exe
"{3B5A991D-82F7-4832-9BA1-A80C00808715}"= Disabled:UDP:C:\Users\Norman R\AppData\Local\Temp\7zS96B7.tmp\setup\HPZnui01.exe:hpznui01.exe
"{48B2D96F-1414-4A36-8A86-7A675103207D}"= Disabled:TCP:C:\Users\Norman R\AppData\Local\Temp\7zS96B7.tmp\setup\HPZnui01.exe:hpznui01.exe
"{A8B4A322-AE11-476D-B19E-6FFAFE22F177}"= Disabled:UDP:C:\Users\Norman R\AppData\Local\Temp\7zSDE.tmp\setup\HPZnui01.exe:hpznui01.exe
"{62873E1A-9705-446D-8134-CB9B67416884}"= Disabled:TCP:C:\Users\Norman R\AppData\Local\Temp\7zSDE.tmp\setup\HPZnui01.exe:hpznui01.exe
"{6FAAAA26-5C1F-46C7-8065-8E57EAC07860}"= Disabled:UDP:C:\Users\Norman R\AppData\Local\Temp\7zSEE25.tmp\setup\HPZnui01.exe:hpznui01.exe
"{A7C412B8-33AD-4B4C-9A83-19744977E3E8}"= Disabled:TCP:C:\Users\Norman R\AppData\Local\Temp\7zSEE25.tmp\setup\HPZnui01.exe:hpznui01.exe
"{6206BCD2-AB6C-439A-BBA5-CC9434C0E6A0}"= Disabled:UDP:C:\Users\Norman R\AppData\Local\Temp\7zS7BB4.tmp\setup\HPZnui01.exe:hpznui01.exe
"{80E7DE18-33C2-4893-AC59-D6B113CA87CD}"= Disabled:TCP:C:\Users\Norman R\AppData\Local\Temp\7zS7BB4.tmp\setup\HPZnui01.exe:hpznui01.exe
"{60115766-49DB-4DEA-9E98-0F4ABC2C0914}"= Disabled:UDP:C:\Users\Norman R\AppData\Local\Temp\7zS5C81.tmp\setup\HPZnui01.exe:hpznui01.exe
"{C271D408-AFB3-4D08-8A83-A35172A92D4D}"= Disabled:TCP:C:\Users\Norman R\AppData\Local\Temp\7zS5C81.tmp\setup\HPZnui01.exe:hpznui01.exe
"{991AD762-BEE8-436A-AC3A-0FD45AD89E81}"= Disabled:UDP:C:\Users\Norman R\AppData\Local\Temp\7zS11DB.tmp\setup\HPZnui01.exe:hpznui01.exe
"{37C9F9F9-F73D-4F59-A9B0-C0E160CA02DE}"= Disabled:TCP:C:\Users\Norman R\AppData\Local\Temp\7zS11DB.tmp\setup\HPZnui01.exe:hpznui01.exe
"{46A3CA2C-918C-4096-9E18-6CDFC3E3D5F5}"= Disabled:UDP:C:\Users\Norman R\AppData\Local\Temp\7zS849A.tmp\setup\HPZnui01.exe:hpznui01.exe
"{8850A159-2B02-4542-B25A-4FC83EFDF6D4}"= Disabled:TCP:C:\Users\Norman R\AppData\Local\Temp\7zS849A.tmp\setup\HPZnui01.exe:hpznui01.exe
"TCP Query User{152AB271-0B13-49B8-8D0E-506F75404016}C:\\program files\\aol 9.0 vrb\\waol.exe"= UDP:C:\program files\aol 9.0 vrb\waol.exe:AOL Software
"UDP Query User{8190CB05-B56F-43BB-A87C-F55459A3B658}C:\\program files\\aol 9.0 vrb\\waol.exe"= TCP:C:\program files\aol 9.0 vrb\waol.exe:AOL Software
"{C99445CD-7AEF-4CF4-9B2B-0F0E855B85C3}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{DEDFB592-877C-4DDF-93E9-2FA9A571998C}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{C2A51C95-A961-42EA-B81D-2E5B67DDF167}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{BEFE6646-D09F-4E56-8A36-4DB41D30F7A9}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{92545DF5-0C87-4DF1-8412-AEAF1EA07687}"= Disabled:UDP:C:\Users\Norman R\AppData\Local\Temp\7zSBBFE.tmp\setup\HPZnui01.exe:hpznui01.exe
"{22BB2017-1CC8-4CCF-98E1-EA8FB7A37C45}"= Disabled:TCP:C:\Users\Norman R\AppData\Local\Temp\7zSBBFE.tmp\setup\HPZnui01.exe:hpznui01.exe
"{E9B17F28-3D27-49CC-B6B5-F61FD56A2288}"= Disabled:UDP:C:\Users\Norman R\AppData\Local\Temp\7zS253F.tmp\setup\HPZnui01.exe:hpznui01.exe
"{CF428487-2EED-472E-A13E-3EC0C9182CF2}"= Disabled:TCP:C:\Users\Norman R\AppData\Local\Temp\7zS253F.tmp\setup\HPZnui01.exe:hpznui01.exe
"{8EF91343-6F1E-41E1-94C0-4B5AD78A409C}"= Disabled:UDP:C:\Users\Norman R\AppData\Local\Temp\7zS4B32.tmp\setup\HPZnui01.exe:hpznui01.exe
"{8A6FA1FB-4AD7-4729-B753-7E6590845968}"= Disabled:TCP:C:\Users\Norman R\AppData\Local\Temp\7zS4B32.tmp\setup\HPZnui01.exe:hpznui01.exe
"TCP Query User{A5839948-91B5-4E3D-8227-B5E52C76C3D1}C:\\program files\\icq6\\icq.exe"= UDP:C:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{87BA1154-61E7-43BC-9DC0-F31B9D6C60EA}C:\\program files\\icq6\\icq.exe"= TCP:C:\program files\icq6\icq.exe:ICQ Library

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R2 DQLWinService;DQLWinService;"C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [2006-09-03 18:32]
R3 3xHybrid;ASUSTek SAA713x PCI Card;C:\Windows\system32\DRIVERS\3xHybrid.sys [2006-12-28 01:11]
R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-03-14 14:25]
R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-01-08 13:16]
S2 IntelDHSvcConf;Intel DH Service;"C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe" [2006-05-10 17:13]
S3 MBAMCatchMe;MBAMCatchMe;C:\Windows\system32\drivers\mbamcatchme.sys [2008-06-10 19:02]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\Windows\system32\DRIVERS\s115bus.sys [2007-04-23 15:54]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 15:54]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s115mdm.sys [2007-04-23 15:54]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 15:54]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s115obex.sys [2007-04-23 15:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {E505DA68-3442-5D45-2BD4-1AF0B6312E53} /qb
.
Contents of the 'Scheduled Tasks' folder
"2008-06-11 17:00:00 C:\Windows\Tasks\ParetoLogic Registration.job"
- C:\Windows\system32\rundll32.exe@
"2008-05-25 23:33:06 C:\Windows\Tasks\ParetoLogic Update Version2.job"
- C:\Program Files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe
"2008-06-12 19:54:21 C:\Windows\Tasks\User_Feed_Synchronization-{6F43FA6D-4F51-4E44-AD77-C674C924CA6F}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-13 09:48:01
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-13 9:48:45
ComboFix-quarantined-files.txt 2008-06-13 08:48:42
ComboFix2.txt 2008-02-17 14:57:46
ComboFix3.txt 2008-02-17 12:41:24

The system cannot find message text for message number 0x2379 in the message file for Application.
The system cannot find message text for message number 0x2379 in the message file for Application.

278 --- E O F --- 2008-06-12 05:52:33


HIJACK THIS LOG FILE


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:01:34, on 13/06/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\aol\1184266834\ee\aolsoftware.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\notepad.exe
C:\Windows\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iii.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [PCMM2007RT] "C:\Program Files\PC MightyMax 2007\pcmm2007.exe" /R
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1184266834\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [DT Task] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.truprint....rintActivia.cab
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel® Viiv™ Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 9637 bytes

#12 gringo_pr

gringo_pr

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 423 posts

Posted 13 June 2008 - 06:18 AM

Hello norman

things are looking pretty good.

(fix not activated as per your previous instructions)

.Don't understand what you mean by this?

:Disable Winpatrol temporarily:

  • Right click on the Scotty Dog near the clock and select Options.... A window will open.
  • Select the Options tab.
  • Uncheck (untick) this box: Automatically run Winpatrol when computer starts.
  • Close the Winpatrol window.
  • Right click on the Scotty Dog again and select Exit Program.

Please remember to reactivate the program after the fix.

:Remove bad HijackThis entries:
  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
      O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
      O4 - HKLM\..\Run: [PCMM2007RT] "C:\Program Files\PC MightyMax 2007\pcmm2007.exe" /R
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

please try to run Malwarebytes again if it still don't work give me as much information as you can as to the errors it displays and continue with the next step

run Kaspersky scan

  • Right click on your favourite web browser (Internet Explorer, Firefox, etc) and select Run As Administrator to run it.

    Go to Kaspersky website and perform an online antivirus scan.

    • Read through the requirements and privacy statement and click on Accept button.
    • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    • When the downloads have finished, click on Settings.
    • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

:information and logs:

In your next post I need the following

1.new log from hijackthis
2.log from kaspersky
3.log from malwarebytes(if it worked if not let me have as much info as possible)
[/list]
Gringo


#13 NormanR

NormanR

    Authentic Member

  • Authentic Member
  • PipPip
  • 166 posts

Posted 13 June 2008 - 06:41 AM

Hi Gringo, When I said '(fix not activated as per your previous instructions)', this meant that after I ran Hijackthis I didn't select the 'FIX' button to delete the items in the lsit as you had previously told me not to do so. I will now proceed with your latest instructions. Regards Norman.

#14 NormanR

NormanR

    Authentic Member

  • Authentic Member
  • PipPip
  • 166 posts

Posted 13 June 2008 - 10:17 AM

Hi Gringo,

As requested here are the logs. Please note the HijackThis log was the last thing I did. The Malwarebyte shut my computer down once more without any error messages but I have attached a photo of my screen just after the shutdown, I don't know whether this is of any help. I've also enclosed a copy of the Quick Scan from Malwarebytes and again, I don't know if this is of any help.

As always, many thanks.

Regards,
Norman

KASPERSKY SCAN


KASPERSKY ONLINE SCANNER 7 REPORT
Friday, June 13, 2008
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit (build 6000)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, June 13, 2008 13:07:26
Records in database: 859827
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics:
Files scanned: 113812
Threat name: 2
Infected objects: 4
Suspicious objects: 0
Duration of the scan: 02:18:14


File name / Threat name / Threats count
C:\QooBox\Quarantine\C\Users\Norman R\AppData\Local\geyyfrz.exe.vir Infected: Trojan.Win32.Obfuscated.aqn 1
J:\Installed Downloaded Software\RegistryCleaner2008.exe Infected: not-a-virus:FraudTool.Win32.RegCleanFix.c 1
J:\NORMANR-PC\Backup Set 2007-10-08 130453\Backup Files 2008-02-22 180006\Backup files 1.zip Infected: Trojan.Win32.Obfuscated.aqn 1
J:\NORMANR-PC\Backup Set 2008-04-19 115556\Backup Files 2008-04-19 115556\Backup files 9.zip Infected: Trojan.Win32.Obfuscated.aqn 1

The selected area was scanned.


MALWAREBYTES LOG - if of any use as was just Quick Scan


KASPERSKY ONLINE SCANNER 7 REPORT
Friday, June 13, 2008
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit (build 6000)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, June 13, 2008 13:07:26
Records in database: 859827
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics:
Files scanned: 113812
Threat name: 2
Infected objects: 4
Suspicious objects: 0
Duration of the scan: 02:18:14


File name / Threat name / Threats count
C:\QooBox\Quarantine\C\Users\Norman R\AppData\Local\geyyfrz.exe.vir Infected: Trojan.Win32.Obfuscated.aqn 1
J:\Installed Downloaded Software\RegistryCleaner2008.exe Infected: not-a-virus:FraudTool.Win32.RegCleanFix.c 1
J:\NORMANR-PC\Backup Set 2007-10-08 130453\Backup Files 2008-02-22 180006\Backup files 1.zip Infected: Trojan.Win32.Obfuscated.aqn 1
J:\NORMANR-PC\Backup Set 2008-04-19 115556\Backup Files 2008-04-19 115556\Backup files 9.zip Infected: Trojan.Win32.Obfuscated.aqn 1

The selected area was scanned.


HIJACKTHIS LOG


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:08:59, on 13/06/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\aol\1184266834\ee\aolsoftware.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\ehome\ehshell.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\ehome\ehExtHost.exe
C:\Windows\ehome\ehExtHost.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\AOL 9.0 VRb\waol.exe
C:\Program Files\AOL 9.0 VRb\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iii.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1184266834\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [DT Task] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.truprint....rintActivia.cab
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\HP My Display\DTSRVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel® Viiv™ Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 9641 bytes

#15 gringo_pr

gringo_pr

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 423 posts

Posted 13 June 2008 - 12:26 PM

Hello norman


1. first thing you gave me the log from kaspersky twice. If you can please let me have the log from malwarebyts.

2. How is the computer doing now Is it any better or the same?

3. the kaspersky scan showed only three problems. I need you to delete these three files

J:\Installed Downloaded Software\RegistryCleaner2008.exe<---this file
J:\NORMANR-PC\Backup Set 2007-10-08 130453<-----this folder
J:\NORMANR-PC\Backup Set 2008-04-19 115556<-----this folder

:information and logs:

In your next post I need the following

1.let me have the log from malwarebytes
2.let me know how the computer is doing now
[/list]
Gringo

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users