Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Hijack This log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Hijack This log

Unread postby boardman54212 » April 1st, 2010, 8:39 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:32:11 PM, on 4/1/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18444)
Boot mode: Normal

Running processes:
C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\5-button wireless optical notebook mouse\StartAutorun.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\5-button wireless optical notebook mouse\KMConfig.exe
C:\Users\Andy\.COMMgr\complmgr.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Andy\AppData\Local\Temp\mplay32xe.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\5-button wireless optical notebook mouse\KMProcess.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Users\Andy\AppData\Local\Temp\login.exe
C:\Users\Andy\AppData\Local\Temp\df3ekpz80n.exe
C:\Users\Andy\AppData\Local\Temp\nvsvc32.exe
C:\Users\Andy\AppData\Local\Temp\csrss.exe
C:\Users\Andy\AppData\Local\Temp\mdm.exe
C:\Users\Andy\AppData\Local\Temp\win.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Andy\AppData\Local\ave.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [KMConfig] "C:\Program Files\5-button wireless optical notebook mouse\StartAutorun.exe" KMConfig.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [userinit] C:\Users\Andy\AppData\Roaming\sdra64.exe
O4 - HKCU\..\Run: [rohopiniwo] Rundll32.exe "C:\ProgramData\tiworita\tiworita.dll",s
O4 - HKCU\..\Run: [mplay32xe.exe] C:\Users\Andy\AppData\Local\Temp\mplay32xe.exe
O4 - HKCU\..\Run: [COM+ Manager] "C:\Users\Andy\.COMMgr\complmgr.exe"
O4 - HKCU\..\Run: [hf8wefhuaihf8ewfydiujhfdsfdf] C:\Users\Andy\AppData\Local\Temp\df3ekpz80n.exe
O4 - HKCU\..\Run: [hsf87efjhdsf87f3jfsdi7fhsujfd] C:\Users\Andy\AppData\Local\Temp\login.exe
O4 - HKCU\..\Run: [hikedoris] Rundll32.exe "c:\progra~2\rofakuve\rofakuve.dll",a
O4 - HKCU\..\Run: [Your Protection] "C:\Users\Andy\AppData\Roaming\Your Protection\urpprot.exe" -noscan
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
boardman54212
Active Member
 
Posts: 11
Joined: April 1st, 2010, 8:37 pm
Advertisement
Register to Remove

Re: Hijack This log

Unread postby Airscape » April 2nd, 2010, 1:06 pm

Hello and welcome to the forum.
My name is Airscape and I'll be helping you with your malware issues.
HijackThis logs can take time to analyze. Please be patient with me.

Take note of following before we begin:
  • Post to this thread only and please stick to it until you are given an All Clean. Absence of symptoms does not mean that your computer is clean.
  • The instructions I give are for This computer only and should not be used on any other pc.
  • Do NOT run any tools/scans unless I instruct you to.
  • Try not to install/uninstall any programs while we work. This will add extra time researching your logs.
  • If you have found assistance elsewhere and no longer require our help, please say so, and this topic will be closed.
  • If you have any problems, please stop and ask before proceeding with any fixes.

Note: As I'm in training at MRU everything I post must be checked by an expert first. So there may be a slight delay in between posts.

Note: As you are using Windows Vista you must Right-Click on all tools and select "Run as Administrator".

No reply within 3 days will result in your topic being closed. If you need more time, please let me know.
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: Hijack This log

Unread postby Airscape » April 2nd, 2010, 3:15 pm

Hi boardman54212,

I'm afraid I have some bad news.

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

I will be happy to clean this machine but I can't guarantee that it will be secure afterwards.

Should you have any questions, please feel free to ask.

Please let us know what you have decided to do in your next post.
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: Hijack This log

Unread postby boardman54212 » April 2nd, 2010, 6:58 pm

thank you for your time and help and i am willing to do anything you tell me to get rid of the virus
boardman54212
Active Member
 
Posts: 11
Joined: April 1st, 2010, 8:37 pm

Re: Hijack This log

Unread postby Airscape » April 3rd, 2010, 1:15 pm

thank you for your time and help and i am willing to do anything you tell me to get rid of the virus

OK but bare in mind there's no guarantee the pc will be fully secure after cleaning. The only way to ensure the computer can ever be trusted again is to reformat.

Do you do any online banking on the pc? Do you understand the above?

Please take time to read the following:
What are Remote Access Trojans and why are they dangerous
How do I respond to a possible identity theft and how do I prevent it
When should I re-format and reinstall my OS
Where to backup your files
How to backup your files in Windows XP/Vista
Restoring your backups


If you want to reformat but don't know how, please say so in your next reply, and I will be happy to provide the info and give recommendations for the future.

If you still want to try and clean the machine, please say so in your next post.

Thanks.
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: Hijack This log

Unread postby boardman54212 » April 3rd, 2010, 3:55 pm

i do not do any banking on this pc. and i am willing to reformat. does that consist of losing any documents saved on the pc? jsut curious so i could save important ones on a flask drive or something. i do not know how to reformat. and i am also willing to try and clean the pc. thank you for helping.
boardman54212
Active Member
 
Posts: 11
Joined: April 1st, 2010, 8:37 pm

Re: Hijack This log

Unread postby Airscape » April 4th, 2010, 1:48 pm

I need to know exactly what you want my advice about. Do you require assistance with how to backup files/folders then perform a reformat and reinstallation of the Windows operating system. Or for myself to attempt a malware removal clean up?
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: Hijack This log

Unread postby boardman54212 » April 4th, 2010, 7:58 pm

Malware removal please
boardman54212
Active Member
 
Posts: 11
Joined: April 1st, 2010, 8:37 pm

Re: Hijack This log

Unread postby Airscape » April 5th, 2010, 1:41 pm

Hi, please do the following.


Download/Run Rkill
Please download Rkill from Here, Here,Here, or Here and save to the desktop.
  • Double click on Rkill.
  • A command window will open then disappear upon completion, this is normal.
  • Please leave Rkill on the Desktop until otherwise advised.
  • A log will be produced at C:\rkill.txt. Please post it in your next reply.

Note: If your security software warns about Rkill, please ignore and allow the download to continue.

---------------

Download/Run RSIT
  • Please download RSIT by random/random from here and save it to your desktop.
  • Right-click on RSIT.exe and select Run as Admin to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open.
  • Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)


Disable Norton -> Start Norton Internet Security. In the left pane, click Status & Settings. Click Security. Click "Turn off".

Download GMER Rootkit Scanner from here and save to your desktop.
  • Disconnect from the internet and temporarilly disable the computer's security programs. See Here for a full list.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If using Window Vista... Right-click on the file and select Run as Admin
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

    Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. UNCHECK the following:
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in reply
  • Connect back up to the internet and reenable Norton and or any other programs you disabled.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.

---------

Please post back with the following:
C:\rkill.txt.
RSIT logs. (log.txt and info.txt)
Gmer log.
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: Hijack This log

Unread postby boardman54212 » April 5th, 2010, 6:38 pm

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Andy on 04/05/2010 at 15:12:06.


Processes terminated by Rkill or while it was running:


C:\Users\Andy\AppData\Local\Temp\mplay32xe.exe
C:\Users\Andy\.COMMgr\complmgr.exe
C:\Users\Andy\AppData\Local\Temp\df3ekpz80n.exe
C:\Users\Andy\AppData\Local\Temp\taskmgr.exe
C:\Users\Andy\AppData\Local\Temp\login.exe
C:\Users\Andy\AppData\Local\Temp\cmd.exe
C:\Users\Andy\AppData\Local\Temp\spoolsv.exe
C:\Users\Andy\AppData\Local\Temp\debug.exe
C:\Users\Andy\AppData\Local\Temp\winlogon.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Users\Andy\Downloads\rkill.exe


Rkill completed on 04/05/2010 at 15:12:30.

info.txt logfile of random's system information tool 1.06 2010-04-05 15:14:54

======Uninstall list======

-->"C:\Program Files\HP Games\Agatha Christie - Death on the Nile\Uninstall.exe"
-->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Big City Adventures San Francisco\Uninstall.exe"
-->"C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Build-a-lot 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash Hometown Hero\Uninstall.exe"
-->"C:\Program Files\HP Games\Dream Chronicles 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Family Feud 3\Uninstall.exe"
-->"C:\Program Files\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files\HP Games\Jewel Quest Solitaire 2\Uninstall.exe"
-->"C:\Program Files\HP Games\JoJo's Fashion Show\Uninstall.exe"
-->"C:\Program Files\HP Games\Luxor 3\Uninstall.exe"
-->"C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
-->"C:\Program Files\HP Games\Mystery P.I. - The Vegas Heist\Uninstall.exe"
-->"C:\Program Files\HP Games\Peggle\Uninstall.exe"
-->"C:\Program Files\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files\HP Games\Poker Superstars III\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Pool\Uninstall.exe"
-->"C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\SPORE Creature Creator Trial Edition\Uninstall.exe"
-->"C:\Program Files\HP Games\The Hidden Object Game Show\Uninstall.exe"
-->"C:\Program Files\HP Games\The Price is Right\Uninstall.exe"
-->"C:\Program Files\HP Games\Tradewinds Legends\Uninstall.exe"
-->"C:\Program Files\HP Games\Virtual Villagers - A New Home\Uninstall.exe"
-->"C:\Program Files\HP Games\Virtual Villagers - The Secret City\Uninstall.exe"
-->"C:\Program Files\HP Games\Wedding Dash\Uninstall.exe"
-->"C:\Program Files\HP Games\Wheel of Fortune 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
-->C:\Program Files\Conexant\SmartAudio\SETUP.EXE -U -ISmartAudio -SM=SMAUDIO.EXE,1801
5-button wireless optical notebook mouse-->C:\Program Files\InstallShield Installation Information\{52D1A44C-0E6F-4256-B343-BAAB462BCBDD}\setup.exe -runfromtemp -l0x0409
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
ActiveCheck component for HP Active Support Library-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Shockwave Player-->MsiExec.exe /X{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}
AIM 6-->C:\Program Files\AIM6\uninst.exe
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Atheros Driver Installation Program-->C:\Program Files\InstallShield Installation Information\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}\setup.exe -runfromtemp -l0x0009
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO_HDA\UIU32a.exe -U -IWAHerza.INF
CyberLink DVD Suite-->"C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" /z-uninstall
CyberLink DVD Suite-->"C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" /z-uninstall
CyberLink YouCam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
CyberLink YouCam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
ESU for Microsoft Vista-->MsiExec.exe /I{3877C901-7B90-4727-A639-B6ED2DD59D43}
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_HERMOSA_HSF\UIU32m.exe -U -IHPQHERzm.inf
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Active Support Library-->"C:\Program Files\InstallShield Installation Information\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}\setup.exe" -runfromtemp -l0x0409 -removeonly
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57A5AEC1-97FC-474D-92C4-908FCC2253D4}\setup.exe" -l0x9 -removeonly
HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP DVD Play 3.7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP Help and Support-->MsiExec.exe /I{0054A0F6-00C9-4498-B821-B5C9578F433E}
HP Quick Launch Buttons 6.40 H2-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0009 uninst
HP Total Care Advisor-->MsiExec.exe /X{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}
HP Total Care Setup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{38058455-8C21-4C2F-B2F6-14ED166039CB}\setup.exe" -l0x9 -removeonly
HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
HP User Guides 0118-->MsiExec.exe /X{665CBCA4-5AB0-414B-A288-3F8F99FEFC45}
HP Wireless Assistant-->MsiExec.exe /I{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}
HPAsset component for HP Active Support Library-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HPNetworkAssistant-->MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4}
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
iPhone Configuration Utility-->MsiExec.exe /I{FA54AFB1-5745-4389-B8C1-9F7509672ED1}
iTunes-->MsiExec.exe /I{EC2A8F27-4FBF-4E41-B27B-FE822511B761}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Juno Preloader-->MsiExec.exe /X{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}
LabelPrint-->"C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstall
LabelPrint-->"C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstall
LightScribe System Software 1.14.17.1-->MsiExec.exe /X{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Live Search Toolbar-->MsiExec.exe /X{6A370610-3778-44AF-9AAC-69B2FD1A3356}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft VC9 runtime libraries-->MsiExec.exe /I{C4124E95-5061-4776-8D5D-E3D931C778E1}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
Mozilla Firefox (3.5.9)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
muvee Reveal-->MsiExec.exe /X{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}
My HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
NetZero Preloader-->MsiExec.exe /X{352310C3-E46B-42D3-8F32-54721FDD72D9}
Norton Internet Security-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\16.8.0.41\InstStub.exe /X
Norton Internet Security-->MsiExec.exe /I{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}
Power2Go-->"C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall
Power2Go-->"C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall
PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe" /z-uninstall
PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe" /z-uninstall
Professional Metronome 1.9 Trial-->"C:\Program Files\Storm Software\Professional Metronome\unins000.exe"
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Realtek 8169 8168 8101E 8102E Ethernet Driver-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek USB 2.0 Card Reader-->C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\setup.exe -runfromtemp -l0x0009 -removeonly
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB978380)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {667A88D1-0369-4070-A62A-70672D68A9BF}
Security Update for Microsoft Office Excel 2007 (KB978382)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6DE3DABF-0203-426B-B330-7287D1003E86}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
SoulSeek 157 NS 13e-->"C:\Program Files\SoulseekNS\uninstall.exe"
SPORE Creature Creator Trial Edition-->"C:\Program Files\HP Games\SPORE Creature Creator Trial Edition\Uninstall.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB977724)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CC0E469C-5006-48B9-BBDC-D11B562499B4}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}

=====HijackThis Backups=====

O4 - HKCU\..\Run: [Your Protection] "C:\Users\Andy\AppData\Roaming\Your Protection\urpprot.exe" -noscan [2010-04-01]

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: Andy-PC
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 00265E12B822. The following error occurred:
The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Record Number: 37995
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20091219211425.000000-000
Event Type: Warning
User:

Computer Name: Andy-PC
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 00265E12B822. The following error occurred:
The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Record Number: 37996
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20091219211425.000000-000
Event Type: Warning
User:

Computer Name: Andy-PC
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 00265E12B822. The following error occurred:
The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Record Number: 38010
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20091219235222.000000-000
Event Type: Warning
User:

Computer Name: Andy-PC
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 00265E12B822. The following error occurred:
The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Record Number: 38013
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20091219235227.000000-000
Event Type: Warning
User:

Computer Name: Andy-PC
Event Code: 6008
Message: The previous system shutdown at 2:50:12 AM on 12/20/2009 was unexpected.
Record Number: 38024
Source Name: EventLog
Time Written: 20091220193347.000000-000
Event Type: Error
User:

=====Application event log=====

Computer Name: Andy-PC
Event Code: 508
Message: Windows (1344) Windows: A request to write to the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log" at offset 51200 (0x000000000000c800) for 9728 (0x00002600) bytes succeeded, but took an abnormally long time (18256 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Record Number: 6727
Source Name: ESENT
Time Written: 20100404234530.000000-000
Event Type: Warning
User:

Computer Name: Andy-PC
Event Code: 1000
Message: Faulting application firefox.exe, version 1.9.1.3685, time stamp 0x4b68deea, faulting module SHELL32.dll, version 6.0.6001.18167, time stamp 0x4912ecfb, exception code 0xc0000005, fault offset 0x006e3634, process id 0x1210, application start time 0x01cad451061a3220.
Record Number: 6729
Source Name: Application Error
Time Written: 20100404235309.000000-000
Event Type: Error
User:

Computer Name: Andy-PC
Event Code: 1002
Message: The program iexplore.exe version 7.0.6001.18444 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 10e8 Start Time: 01cad4528b80c7c0 Termination Time: 27
Record Number: 6731
Source Name: Application Hang
Time Written: 20100404235758.000000-000
Event Type: Error
User:

Computer Name: Andy-PC
Event Code: 1000
Message: Faulting application firefox.exe, version 1.9.1.3685, time stamp 0x4b68deea, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x656c676f, process id 0x1e2c, application start time 0x01cad4548ac79f00.
Record Number: 6732
Source Name: Application Error
Time Written: 20100405002738.000000-000
Event Type: Error
User:

Computer Name: Andy-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 6760
Source Name: Microsoft-Windows-WMI
Time Written: 20100405220620.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: Andy-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 10121
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100405221452.511366-000
Event Type: Audit Failure
User:

Computer Name: Andy-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 10122
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100405221452.568366-000
Event Type: Audit Failure
User:

Computer Name: Andy-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 10123
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100405221452.626366-000
Event Type: Audit Failure
User:

Computer Name: Andy-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 10124
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100405221452.682366-000
Event Type: Audit Failure
User:

Computer Name: Andy-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 10125
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100405221452.768366-000
Event Type: Audit Failure
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\CyberLink\Power2Go;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"OnlineServices"=Online Services
"Platform"=MCD
"PCBRAND"=Pavilion
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

Logfile of random's system information tool 1.06 (written by random/random)
Run by Andy at 2010-04-05 15:14:37
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 200 GB (68%) free of 294 GB
Total RAM: 3002 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:14:53 PM, on 4/5/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18444)
Boot mode: Normal

Running processes:
C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\5-button wireless optical notebook mouse\StartAutorun.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\5-button wireless optical notebook mouse\KMConfig.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\5-button wireless optical notebook mouse\KMProcess.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\explorer.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Andy\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Andy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [KMConfig] "C:\Program Files\5-button wireless optical notebook mouse\StartAutorun.exe" KMConfig.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [userinit] C:\Users\Andy\AppData\Roaming\sdra64.exe
O4 - HKCU\..\Run: [rohopiniwo] Rundll32.exe "C:\ProgramData\tiworita\tiworita.dll",s
O4 - HKCU\..\Run: [mplay32xe.exe] C:\Users\Andy\AppData\Local\Temp\mplay32xe.exe
O4 - HKCU\..\Run: [COM+ Manager] "C:\Users\Andy\.COMMgr\complmgr.exe"
O4 - HKCU\..\Run: [hf8wefhuaihf8ewfydiujhfdsfdf] C:\Users\Andy\AppData\Local\Temp\df3ekpz80n.exe
O4 - HKCU\..\Run: [hsf87efjhdsf87f3jfsdi7fhsujfd] C:\Users\Andy\AppData\Local\Temp\winlogon.exe
O4 - HKCU\..\Run: [hikedoris] Rundll32.exe "c:\progra~2\bekeribo\bekeribo.dll",a
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10418 bytes

======Scheduled tasks folder======

C:\Windows\tasks\gkmfxlwa.job
C:\Windows\tasks\hojtmttq.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll [2009-08-25 378736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL [2009-08-25 107896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Microsoft Live Search Toolbar Helper - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll [2008-08-28 86032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll [2009-08-25 378736]
{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - Microsoft Live Search Toolbar - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll [2008-08-28 86032]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-04-17 1049896]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-07-10 150040]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-07-10 170520]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-07-10 145944]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2008-09-23 468264]
"UpdateLBPShortCut"=C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [2008-06-13 210216]
"UpdatePSTShortCut"=C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [2008-10-06 210216]
"UCam_Menu"=C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2008-11-14 218408]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2008-08-01 202032]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"UpdateP2GoShortCut"=C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2008-06-13 210216]
"UpdatePDIRShortCut"=C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [2008-06-13 210216]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09 75008]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2008-04-15 488752]
"KMConfig"=C:\Program Files\5-button wireless optical notebook mouse\StartAutorun.exe [2007-03-06 212992]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-08 305440]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-06-09 2363392]
"HPAdvisor"=C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2008-09-30 972080]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2009-07-09 49968]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]
"userinit"=C:\Users\Andy\AppData\Roaming\sdra64.exe [2008-01-20 115712]
"rohopiniwo"=C:\ProgramData\tiworita\tiworita.dll [2010-01-01 65536]
"mplay32xe.exe"=C:\Users\Andy\AppData\Local\Temp\mplay32xe.exe [2010-04-01 258560]
"COM+ Manager"=C:\Users\Andy\.COMMgr\complmgr.exe [2010-04-01 527360]
"hf8wefhuaihf8ewfydiujhfdsfdf"=C:\Users\Andy\AppData\Local\Temp\df3ekpz80n.exe [2010-04-01 20001]
"hsf87efjhdsf87f3jfsdi7fhsujfd"=C:\Users\Andy\AppData\Local\Temp\winlogon.exe [2010-04-05 30212]
"hikedoris"=c:\progra~2\bekeribo\bekeribo.dll [2010-01-04 95744]

C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-07-06 208896]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d71652a1-aaf4-11de-94f6-001f16db6d36}]
shell\AutoRun\command - G:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2010-04-05 15:14:37 ----D---- C:\rsit
2010-04-05 15:06:20 ----D---- C:\ProgramData\vabuyoyi
2010-04-05 15:06:20 ----D---- C:\ProgramData\howivuti
2010-04-05 15:06:20 ----D---- C:\ProgramData\honahofu
2010-04-04 16:45:45 ----D---- C:\ProgramData\silokefe
2010-04-04 16:45:45 ----D---- C:\ProgramData\faseholu
2010-04-04 16:45:45 ----D---- C:\ProgramData\bekeribo
2010-04-03 17:40:11 ----D---- C:\ProgramData\wugejoni
2010-04-03 17:40:11 ----D---- C:\ProgramData\hudunini
2010-04-03 17:40:11 ----D---- C:\ProgramData\doyanavo
2010-04-03 16:40:02 ----D---- C:\ProgramData\nayulowo
2010-04-03 16:40:02 ----D---- C:\ProgramData\lujahefo
2010-04-03 16:40:02 ----D---- C:\ProgramData\dekijafi
2010-04-03 15:39:55 ----D---- C:\ProgramData\vitasosu
2010-04-03 15:39:55 ----D---- C:\ProgramData\pafakamo
2010-04-03 15:39:55 ----D---- C:\ProgramData\hedizeji
2010-04-03 14:39:41 ----D---- C:\ProgramData\velurike
2010-04-03 14:39:41 ----D---- C:\ProgramData\mugorazi
2010-04-03 14:39:41 ----D---- C:\ProgramData\korenobi
2010-04-03 13:39:12 ----D---- C:\ProgramData\yubiyiza
2010-04-03 13:39:12 ----D---- C:\ProgramData\vidajadu
2010-04-03 13:39:12 ----D---- C:\ProgramData\lehetojo
2010-04-03 12:39:01 ----D---- C:\ProgramData\vavusani
2010-04-03 12:39:01 ----D---- C:\ProgramData\ramidiru
2010-04-03 12:39:01 ----D---- C:\ProgramData\nulahovo
2010-04-02 20:55:22 ----D---- C:\ProgramData\wejuwava
2010-04-02 20:55:22 ----D---- C:\ProgramData\koyagahu
2010-04-02 20:55:22 ----D---- C:\ProgramData\busezidi
2010-04-02 19:55:13 ----D---- C:\ProgramData\yohilite
2010-04-02 19:55:13 ----D---- C:\ProgramData\vojifuje
2010-04-02 19:55:13 ----D---- C:\ProgramData\nugevozi
2010-04-02 19:55:13 ----D---- C:\ProgramData\husenafe
2010-04-02 17:20:39 ----D---- C:\ProgramData\sufetida
2010-04-02 17:20:39 ----D---- C:\ProgramData\ketahope
2010-04-02 17:20:39 ----D---- C:\ProgramData\firugoti
2010-04-02 17:20:39 ----D---- C:\ProgramData\dibiyowa
2010-04-02 17:20:39 ----D---- C:\ProgramData\bozujeyi
2010-04-02 15:52:27 ----D---- C:\ProgramData\woyohipo
2010-04-02 15:52:27 ----D---- C:\ProgramData\vunoyedi
2010-04-02 15:52:27 ----D---- C:\ProgramData\ratijipe
2010-04-02 15:52:27 ----D---- C:\ProgramData\nevibuni
2010-04-02 15:52:27 ----D---- C:\ProgramData\kebupewa
2010-04-01 17:31:45 ----D---- C:\Program Files\Trend Micro
2010-04-01 16:54:00 ----A---- C:\ProgramData\fiosejgfse.dll
2010-04-01 16:52:31 ----D---- C:\Users\Andy\AppData\Roaming\Your Protection
2010-04-01 14:51:57 ----D---- C:\ProgramData\vesujoku
2010-04-01 14:51:56 ----D---- C:\ProgramData\yosijume
2010-04-01 14:51:56 ----D---- C:\ProgramData\wurimiki
2010-04-01 14:51:56 ----D---- C:\ProgramData\rofakuve
2010-04-01 14:51:56 ----D---- C:\ProgramData\karopidu
2010-04-01 14:46:52 ----SHD---- C:\Users\Andy\AppData\Roaming\lowsec
2010-04-01 14:46:52 ----D---- C:\ProgramData\tiworita
2010-04-01 14:46:52 ----D---- C:\ProgramData\kozizezu
2010-04-01 14:46:52 ----D---- C:\ProgramData\jekupeju
2010-03-30 12:44:34 ----A---- C:\Windows\system32\occache.dll
2010-03-30 12:44:34 ----A---- C:\Windows\system32\mshtml.dll
2010-03-30 12:44:33 ----A---- C:\Windows\system32\wininet.dll
2010-03-30 12:44:33 ----A---- C:\Windows\system32\urlmon.dll
2010-03-30 12:44:33 ----A---- C:\Windows\system32\ieframe.dll
2010-03-30 12:44:32 ----A---- C:\Windows\system32\ieapfltr.dll
2010-03-30 12:44:31 ----A---- C:\Windows\system32\mshtmled.dll
2010-03-30 12:44:31 ----A---- C:\Windows\system32\msfeeds.dll
2010-03-30 12:44:31 ----A---- C:\Windows\system32\ieUnatt.exe
2010-03-30 12:44:31 ----A---- C:\Windows\system32\iertutil.dll
2010-03-30 12:44:31 ----A---- C:\Windows\system32\iepeers.dll
2010-03-30 12:44:31 ----A---- C:\Windows\system32\iedkcs32.dll
2010-03-30 12:44:31 ----A---- C:\Windows\system32\ieaksie.dll
2010-03-30 12:44:30 ----A---- C:\Windows\system32\mstime.dll
2010-03-30 12:44:30 ----A---- C:\Windows\system32\jsproxy.dll
2010-03-30 12:44:30 ----A---- C:\Windows\system32\ieencode.dll
2010-03-12 15:59:41 ----A---- C:\Windows\system32\msv1_0.dll
2010-03-12 15:58:29 ----A---- C:\Windows\system32\EncDec.dll
2010-03-12 15:58:27 ----A---- C:\Windows\system32\psisdecd.dll
2010-03-12 15:58:22 ----A---- C:\Windows\system32\msasn1.dll
2010-03-12 15:58:09 ----A---- C:\Windows\system32\WMSPDMOD.DLL
2010-03-11 10:18:09 ----A---- C:\Windows\system32\nshhttp.dll
2010-03-11 10:18:00 ----A---- C:\Windows\system32\httpapi.dll

======List of files/folders modified in the last 1 months======

2010-04-05 15:14:47 ----D---- C:\Windows\Prefetch
2010-04-05 15:14:39 ----D---- C:\Windows\Temp
2010-04-05 15:12:13 ----D---- C:\Windows\System32
2010-04-05 15:12:13 ----D---- C:\Windows\inf
2010-04-05 15:12:13 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-04-05 15:11:01 ----SHD---- C:\System Volume Information
2010-04-05 15:06:20 ----HD---- C:\ProgramData
2010-04-05 15:06:19 ----A---- C:\ProgramData\hpqp.ini
2010-04-04 18:19:52 ----D---- C:\Program Files\Mozilla Firefox
2010-04-02 17:20:40 ----D---- C:\Windows\Tasks
2010-04-01 17:55:27 ----D---- C:\Windows\system32\LogFiles
2010-04-01 17:31:45 ----RD---- C:\Program Files
2010-04-01 17:12:18 ----D---- C:\Windows\system32\WDI
2010-04-01 17:10:03 ----D---- C:\ProgramData\Viewpoint
2010-03-31 03:16:23 ----D---- C:\Program Files\Internet Explorer
2010-03-31 03:01:05 ----D---- C:\Windows\winsxs
2010-03-30 12:43:16 ----D---- C:\Windows\system32\catroot
2010-03-30 12:43:15 ----D---- C:\Windows\system32\catroot2
2010-03-13 12:02:57 ----D---- C:\Windows\Microsoft.NET
2010-03-13 11:50:22 ----D---- C:\Windows\ehome
2010-03-11 11:00:24 ----D---- C:\Windows\system32\drivers
2010-03-11 11:00:24 ----D---- C:\Program Files\Windows Mail
2010-03-11 11:00:24 ----D---- C:\Program Files\Movie Maker
2010-03-11 10:24:54 ----SHD---- C:\Windows\Installer
2010-03-11 10:24:47 ----D---- C:\ProgramData\Microsoft Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 BHDrvx86;Symantec Heuristics Driver; C:\Windows\System32\Drivers\NIS\1008000.029\BHDrvx86.sys [2009-08-25 259632]
R1 ccHP;Symantec Hash Provider; C:\Windows\System32\Drivers\NIS\1008000.029\ccHPx86.sys [2010-02-03 482432]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2009-08-29 371248]
R1 IDSVix86;IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20091021.001\IDSvix86.sys [2009-09-10 342576]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\Windows\system32\drivers\NIS\1008000.029\SRTSPX.SYS [2009-08-25 43696]
R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys [2009-08-25 25648]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\Windows\System32\Drivers\NIS\1008000.029\SYMTDI.SYS [2009-08-25 217136]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-18 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-17 8704]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-12-20 1093120]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-20 14208]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-06-05 222208]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-29 102448]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-10-31 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-10-31 208896]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-07-06 2378752]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI; C:\Windows\system32\drivers\IntcHdmi.sys [2008-06-29 112128]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-06-10 123904]
R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2008-09-19 61952]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2009-09-11 124976]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-04-17 199344]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-20 134016]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-10-31 661504]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-20 11264]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091029.025\NAVENG.SYS [2009-08-29 84912]
S3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091029.025\NAVEX15.SYS [2009-08-29 1323568]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2008-01-20 2225664]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-20 88576]
S3 SRTSP;Symantec Real Time Storage Protection; C:\Windows\System32\Drivers\NIS\1008000.029\SRTSP.SYS [2009-08-25 308272]
S3 SYMDNS;SYMDNS; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SYMDNS.SYS []
S3 SYMFW;Symantec Network Filter Driver; C:\Windows\System32\Drivers\NIS\1007020.00B\SYMFW.SYS []
S3 SYMNDISV;Symantec Network Filter Driver; C:\Windows\System32\Drivers\NIS\1007020.00B\SYMNDISV.SYS []
S3 SYMREDRV;SYMREDRV; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SYMREDRV.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-20 73088]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-10-09 94208]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-06-09 73728]
R2 Norton Internet Security;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [2009-08-25 117640]
R2 Recovery Service for Windows;Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [2008-10-06 365952]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2008-09-15 241734]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-17 386560]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-05-01 165192]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-08 545568]
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2008-05-05 165416]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-05 15:27:56
Windows 6.0.6001 Service Pack 1
Running: tp9stwy6.exe; Driver: C:\Users\Andy\AppData\Local\Temp\kxldrpob.sys


---- System - GMER 1.0.15 ----

SSDT 87488118 ZwAlertResumeThread
SSDT 878DCEB0 ZwAlertThread
SSDT 87F58510 ZwAllocateVirtualMemory
SSDT 872F2F70 ZwAlpcConnectPort
SSDT 874B2240 ZwAssignProcessToJobObject
SSDT 875A2458 ZwCreateMutant
SSDT 875B1260 ZwCreateSymbolicLinkObject
SSDT 87522498 ZwCreateThread
SSDT 875F8CE8 ZwDebugActiveProcess
SSDT 875C5CD8 ZwDuplicateObject
SSDT 874AF128 ZwFreeVirtualMemory
SSDT 874C0118 ZwImpersonateAnonymousToken
SSDT 874B6118 ZwImpersonateThread
SSDT 872EE078 ZwLoadDriver
SSDT 874CF7E0 ZwMapViewOfSection
SSDT 87511110 ZwOpenEvent
SSDT 874F2118 ZwOpenProcess
SSDT 87EF1FD0 ZwOpenProcessToken
SSDT 874FF118 ZwOpenSection
SSDT 875F8318 ZwOpenThread
SSDT 875AAB68 ZwProtectVirtualMemory
SSDT 87522A60 ZwResumeThread
SSDT 8741AD58 ZwSetContextThread
SSDT 874F0CD8 ZwSetInformationProcess
SSDT 875C3068 ZwSetSystemInformation
SSDT 87528068 ZwSuspendProcess
SSDT 874BE120 ZwSuspendThread
SSDT 87756C30 ZwTerminateProcess
SSDT 875F7558 ZwTerminateThread
SSDT 8741DA80 ZwUnmapViewOfSection
SSDT 874B0178 ZwWriteVirtualMemory
SSDT 875A8A68 ZwCreateThreadEx

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----
boardman54212
Active Member
 
Posts: 11
Joined: April 1st, 2010, 8:37 pm

Re: Hijack This log

Unread postby Airscape » April 6th, 2010, 1:08 pm

Remove P2P programs
IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

SoulSeek 157 NS 13e

Please read the Forum Policy on P2P use.
We see no purpose in cleaning your machine if you use P2P programs, as it is pretty much certain that if you continue to use them then you will get infected again.
Additional info - http://www.microsoft.com/protect/data/d ... aring.aspx
Note: If you choose not to remove the P2P programs, please say so in your next post, and this topic will be closed.

Go to Start > Control Panel > Programs and Features or Uninstall a Program > Right-click on the programs above in red and click uninstall.

While there also uninstall the following:
Adobe Reader 9
Java(TM) 6 Update 7

----------------------------

1- Backup the registry
  1. Download ERUNT to your desktop from HERE
  2. Double-click on the file to install the program
  3. Uncheck the NTREGOPT desktop shortcut option
  4. Click No when you get the option to run ERUNT at Windows startup.
  5. During the installation, check Launch ERUNT
  6. Accept the defaults for running a backup
  7. ERUNT will then back up your registry

Note: If it is necessary to restore the registry, open the backup folder and start ERDNT.exe


2- Download/Run ComboFix
Download ComboFix from one of these locations (DO NOT download ComboFix from anywhere else but one of the provided links):
Link 1
Link 2

**IMPORTANT !!! Save ComboFix.exe to your Desktop**

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    A guide to do this can be found here
  • Right-click on ComboFix.exe then choose Run as Administrator & follow the prompts
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper



3- Uninstall list with HijackThis
  • Launch HijackThis (right-click and select "Run as Admin") and click Open the Misc Tools section
  • Under System Tools > Click Open Uninstall Manager
  • Click on the Save list... button. By default it's named uninstall_list.txt
  • Please post this log in your next reply.

----------------------

Please post back with the following:
C:\ComboFix.txt
uninstall_list.txt
How is the pc running now?

Thanks.
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: Hijack This log

Unread postby boardman54212 » April 6th, 2010, 8:40 pm

The pc seems to be running the same as it did before i ran the tests. nothing abnormal besides the virus.

5-button wireless optical notebook mouse
Acrobat.com
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Shockwave Player
AIM 6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
Bonjour
Compatibility Pack for the 2007 Office system
Conexant HD Audio
CyberLink DVD Suite
CyberLink DVD Suite
CyberLink YouCam
CyberLink YouCam
ERUNT 1.1j
ESU for Microsoft Vista
HDAUDIO Soft Data Fax Modem with SmartCP
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP DVD Play 3.7
HP Help and Support
HP Quick Launch Buttons 6.40 H2
HP Total Care Advisor
HP Total Care Setup
HP Update
HP User Guides 0118
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
Intel(R) Graphics Media Accelerator Driver
iPhone Configuration Utility
iTunes
Juno Preloader
LabelPrint
LabelPrint
LightScribe System Software 1.14.17.1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Live Search Toolbar
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.5.9)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
My HP Games
NetWaiting
NetZero Preloader
Norton Internet Security
Norton Internet Security
Power2Go
Power2Go
PowerDirector
PowerDirector
Professional Metronome 1.9 Trial
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek USB 2.0 Card Reader
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
SPORE Creature Creator Trial Edition
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB977724)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)


ComboFix 10-04-05.06 - Andy 04/06/2010 17:14:08.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3002.1702 [GMT -7:00]
Running from: c:\users\Andy\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2920293515-1278877127-2049505081-500
c:\$recycle.bin\S-1-5-21-3944775051-98967433-2725169818-500
c:\progra~2\bekeribo\bekeribo.dll
c:\programdata\fiosejgfse.dll
c:\programdata\tiworita\tiworita.dll
c:\users\Andy\AppData\Local\ave.exe
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\0X8SXu.jpg
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\2pl4t.jpg
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\55686a8O.jpg
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\ad1aH.jpg
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\cCY2114.jpg
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\D0rOh61.jpg
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\d35olq.jpg
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\dPF55iH.jpg
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\ga818hy.jpg
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\mm2y6TW.jpg
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\N51i1Rw.jpg
c:\users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Wr8d3NrLC.jpg
c:\users\Andy\AppData\Local\Windows Server
c:\users\Andy\AppData\Local\Windows Server\uptcdx.dll
c:\users\Andy\AppData\Roaming\Microsoft\Windows\Templates\memory.tmp
c:\users\Andy\AppData\Roaming\sdra64.exe
c:\users\Andy\FAVORI~1\_favdata.dat
c:\users\Andy\Favorites\_favdata.dat
c:\windows\Tasks\gkmfxlwa.job
c:\windows\Tasks\hojtmttq.job

.
((((((((((((((((((((((((( Files Created from 2010-03-07 to 2010-04-07 )))))))))))))))))))))))))))))))
.

2010-04-07 00:19 . 2010-04-07 00:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-07 00:07 . 2010-04-07 00:07 -------- d-----w- c:\program files\ERUNT
2010-04-06 23:57 . 2010-04-06 23:57 -------- d-----w- c:\programdata\pehirema
2010-04-06 23:57 . 2010-04-06 23:57 -------- d-----w- c:\programdata\napuruya
2010-04-06 21:35 . 2010-04-06 21:35 -------- d-----w- c:\programdata\gelapele
2010-04-06 21:35 . 2010-04-06 21:35 -------- d-----w- c:\programdata\bisomasu
2010-04-06 21:35 . 2010-04-06 21:35 -------- d-----w- c:\programdata\bimawoyo
2010-04-05 23:32 . 2010-04-07 00:05 199680 --sha-w- c:\users\Andy\AppData\Local\2269221376.dll
2010-04-05 23:25 . 2010-04-05 23:25 -------- d-----w- c:\programdata\sokofosu
2010-04-05 23:25 . 2010-04-05 23:25 -------- d-----w- c:\programdata\kuwalobe
2010-04-05 23:25 . 2010-04-05 23:25 -------- d-----w- c:\programdata\fipuyuko
2010-04-05 22:14 . 2010-04-05 22:14 -------- d-----w- C:\rsit
2010-04-05 22:06 . 2010-04-05 22:06 -------- d-----w- c:\programdata\vabuyoyi
2010-04-05 22:06 . 2010-04-05 22:06 -------- d-----w- c:\programdata\howivuti
2010-04-05 22:06 . 2010-04-05 22:06 -------- d-----w- c:\programdata\honahofu
2010-04-04 23:45 . 2010-04-07 00:19 -------- d-----w- c:\programdata\bekeribo
2010-04-04 23:45 . 2010-04-04 23:45 -------- d-----w- c:\programdata\faseholu
2010-04-04 23:45 . 2010-04-04 23:45 -------- d-----w- c:\programdata\silokefe
2010-04-04 00:40 . 2010-04-04 00:40 -------- d-----w- c:\programdata\wugejoni
2010-04-04 00:40 . 2010-04-04 00:40 -------- d-----w- c:\programdata\hudunini
2010-04-04 00:40 . 2010-04-04 00:40 -------- d-----w- c:\programdata\doyanavo
2010-04-03 23:40 . 2010-04-03 23:40 -------- d-----w- c:\programdata\nayulowo
2010-04-03 23:40 . 2010-04-03 23:40 -------- d-----w- c:\programdata\lujahefo
2010-04-03 23:40 . 2010-04-03 23:40 -------- d-----w- c:\programdata\dekijafi
2010-04-03 22:39 . 2010-04-03 22:39 -------- d-----w- c:\programdata\vitasosu
2010-04-03 22:39 . 2010-04-03 22:39 -------- d-----w- c:\programdata\pafakamo
2010-04-03 22:39 . 2010-04-03 22:39 -------- d-----w- c:\programdata\hedizeji
2010-04-03 21:39 . 2010-04-03 21:39 -------- d-----w- c:\programdata\velurike
2010-04-03 21:39 . 2010-04-03 21:39 -------- d-----w- c:\programdata\mugorazi
2010-04-03 21:39 . 2010-04-03 21:39 -------- d-----w- c:\programdata\korenobi
2010-04-03 20:39 . 2010-04-03 20:39 -------- d-----w- c:\programdata\yubiyiza
2010-04-03 20:39 . 2010-04-03 20:39 -------- d-----w- c:\programdata\vidajadu
2010-04-03 20:39 . 2010-04-03 20:39 -------- d-----w- c:\programdata\lehetojo
2010-04-03 19:39 . 2010-04-03 19:39 -------- d-----w- c:\programdata\vavusani
2010-04-03 19:39 . 2010-04-03 19:39 -------- d-----w- c:\programdata\ramidiru
2010-04-03 19:39 . 2010-04-03 19:39 -------- d-----w- c:\programdata\nulahovo
2010-04-03 03:55 . 2010-04-03 03:55 -------- d-----w- c:\programdata\wejuwava
2010-04-03 03:55 . 2010-04-03 03:55 -------- d-----w- c:\programdata\koyagahu
2010-04-03 03:55 . 2010-04-03 03:55 -------- d-----w- c:\programdata\busezidi
2010-04-03 02:55 . 2010-04-03 02:55 -------- d-----w- c:\programdata\husenafe
2010-04-03 02:55 . 2010-04-03 02:55 -------- d-----w- c:\programdata\yohilite
2010-04-03 02:55 . 2010-04-03 02:55 -------- d-----w- c:\programdata\vojifuje
2010-04-03 02:55 . 2010-04-03 02:55 -------- d-----w- c:\programdata\nugevozi
2010-04-03 00:20 . 2010-04-03 00:20 -------- d-----w- c:\programdata\sufetida
2010-04-03 00:20 . 2010-04-03 00:20 -------- d-----w- c:\programdata\ketahope
2010-04-03 00:20 . 2010-04-03 00:20 -------- d-----w- c:\programdata\firugoti
2010-04-03 00:20 . 2010-04-03 00:20 -------- d-----w- c:\programdata\dibiyowa
2010-04-03 00:20 . 2010-04-03 00:20 -------- d-----w- c:\programdata\bozujeyi
2010-04-02 22:52 . 2010-04-02 22:52 -------- d-----w- c:\programdata\woyohipo
2010-04-02 22:52 . 2010-04-02 22:52 -------- d-----w- c:\programdata\vunoyedi
2010-04-02 22:52 . 2010-04-02 22:52 -------- d-----w- c:\programdata\ratijipe
2010-04-02 22:52 . 2010-04-02 22:52 -------- d-----w- c:\programdata\nevibuni
2010-04-02 22:52 . 2010-04-02 22:52 -------- d-----w- c:\programdata\kebupewa
2010-04-02 00:31 . 2010-04-02 00:31 -------- d-----w- c:\program files\Trend Micro
2010-04-01 23:52 . 2010-04-01 23:53 -------- d-----w- c:\users\Andy\AppData\Roaming\Your Protection
2010-04-01 21:51 . 2010-04-01 21:51 -------- d-----w- c:\programdata\vesujoku
2010-04-01 21:51 . 2010-04-01 21:51 -------- d-----w- c:\programdata\yosijume
2010-04-01 21:51 . 2010-04-01 21:51 -------- d-----w- c:\programdata\wurimiki
2010-04-01 21:51 . 2010-04-01 21:51 -------- d-----w- c:\programdata\rofakuve
2010-04-01 21:51 . 2010-04-01 21:51 -------- d-----w- c:\programdata\karopidu
2010-04-01 21:49 . 2010-04-03 00:31 182784 --sha-w- c:\users\Andy\AppData\Local\1632078083.dll
2010-04-01 21:46 . 2010-04-01 21:46 -------- d-sh--w- c:\users\Andy\.COMMgr
2010-04-01 21:46 . 2010-04-07 00:19 -------- d-----w- c:\programdata\tiworita
2010-04-01 21:46 . 2010-04-07 00:10 -------- d-sh--w- c:\users\Andy\AppData\Roaming\lowsec
2010-04-01 21:46 . 2010-04-01 21:46 -------- d-----w- c:\programdata\kozizezu
2010-04-01 21:46 . 2010-04-01 21:46 -------- d-----w- c:\programdata\jekupeju
2010-03-12 22:59 . 2009-09-10 17:30 213504 ----a-w- c:\windows\system32\msv1_0.dll
2010-03-12 22:58 . 2009-08-31 13:55 428544 ----a-w- c:\windows\system32\EncDec.dll
2010-03-12 22:58 . 2009-08-31 13:55 293376 ----a-w- c:\windows\system32\psisdecd.dll
2010-03-12 22:58 . 2009-09-04 12:24 61440 ----a-w- c:\windows\system32\msasn1.dll
2010-03-12 22:58 . 2009-09-14 09:44 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-03-12 22:58 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-03-11 17:18 . 2010-02-20 23:39 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-11 17:18 . 2010-02-20 21:18 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-11 17:18 . 2010-02-20 23:37 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-03-11 09:07 . 2010-03-11 09:07 -------- d-----w- c:\users\Andy\AppData\Local\AIM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-07 00:04 . 2009-04-20 12:15 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-02 00:10 . 2009-08-30 00:53 -------- d-----w- c:\programdata\Viewpoint
2010-04-01 23:53 . 2010-04-01 23:53 2359296 ----a-w- c:\users\Andy\AppData\Roaming\Your Protection\urpprot.exe
2010-04-01 23:52 . 2010-04-01 23:52 53248 ----a-w- c:\users\Andy\AppData\Roaming\Your Protection\Uninstall.exe
2010-04-01 23:52 . 2010-04-01 23:52 40960 ----a-w- c:\users\Andy\AppData\Roaming\Your Protection\urpext.dll
2010-04-01 23:52 . 2010-04-01 23:52 22016 ----a-w- c:\users\Andy\AppData\Roaming\Your Protection\urphook.dll
2010-03-12 15:14 . 2009-09-01 23:33 5972 ----a-w- c:\users\Andy\AppData\Local\d3d9caps.dat
2010-03-11 18:00 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-11 17:24 . 2009-04-20 12:10 -------- d-----w- c:\programdata\Microsoft Help
2010-03-09 16:28 . 2010-03-30 19:44 833024 ----a-w- c:\windows\system32\wininet.dll
2010-03-09 16:25 . 2010-03-30 19:44 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-09 14:01 . 2010-03-30 19:44 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2010-03-06 06:36 . 2009-09-14 05:15 178 ----a-w- c:\users\Andy\AppData\Roaming\wklnhst.dat
2010-02-27 01:13 . 2010-04-05 23:31 17160 ----a-w- c:\windows\Help\OEM\scripts\HPHCDisableObject.exe
2010-02-25 01:16 . 2009-08-30 00:31 75832 ----a-w- c:\users\Andy\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 17:16 . 2009-10-30 22:41 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-22 21:28 . 2010-04-05 23:31 1282824 ----a-w- c:\windows\Help\OEM\scripts\SamsungHDDFW1HC.exe
2010-02-13 01:41 . 2010-04-07 00:23 558448 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2010-02-05 00:51 . 2010-04-05 23:31 49152 ----a-w- c:\windows\Help\OEM\scripts\Interop.TaskScheduler.dll
2010-02-02 03:20 . 2010-04-07 00:22 165240 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2010-01-25 12:48 . 2010-02-23 22:06 472576 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:48 . 2010-02-23 22:06 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:48 . 2010-02-23 22:06 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:48 . 2010-02-23 22:06 472064 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 12:45 . 2010-02-23 22:06 329216 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:35 . 2010-02-23 22:06 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:35 . 2010-02-23 22:06 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:34 . 2010-02-23 22:06 511488 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:34 . 2010-02-23 22:06 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:44 . 2010-02-23 22:07 2048 ----a-w- c:\windows\system32\tzres.dll
2009-04-20 11:30 . 2009-04-20 11:21 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-09-30 972080]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-07-09 49968]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"COM+ Manager"="c:\users\Andy\.COMMgr\complmgr.exe" [2010-04-01 527360]
"Your Protection"="c:\users\Andy\AppData\Roaming\Your Protection\urpprot.exe" [2010-04-01 2359296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-10 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-10 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-10 145944]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-11-15 218408]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"KMConfig"="c:\program files\5-button wireless optical notebook mouse\StartAutorun.exe" [2007-03-06 212992]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]

c:\users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NIS\1007020.00B\SYMNDISV.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1008000.029\SYMEFA.SYS [2009-08-26 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\NIS\1008000.029\BHDrvx86.sys [2009-08-26 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NIS\1008000.029\ccHPx86.sys [2010-02-03 482432]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20091021.001\IDSvix86.sys [2009-09-10 342576]
S2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [2009-08-26 117640]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-29 102448]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-29 112128]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\igz2xbhg.default\
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-rohopiniwo - c:\programdata\tiworita\tiworita.dll
HKCU-Run-hikedoris - c:\progra~2\bekeribo\bekeribo.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-06 17:24
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
COM+ Manager = "c:\users\Andy\.COMMgr\complmgr.exe"?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\5-button wireless optical notebook mouse\KMConfig.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-04-06 17:30:55 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-07 00:30

Pre-Run: 211,527,286,784 bytes free
Post-Run: 211,399,139,328 bytes free

- - End Of File - - A1D67128A66B5E8F5708A94B762E2FCA
boardman54212
Active Member
 
Posts: 11
Joined: April 1st, 2010, 8:37 pm

Re: Hijack This log

Unread postby Airscape » April 8th, 2010, 12:53 pm

Hi, sorry for the delay.

Are you aware if Norton Internet Security's subscription is still valid or not?


Backup the registry
Please navigate to Start > All Programs > ERUNT > ERUNT.
Click on OK within the pop-up menu.
In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
System registry
Current user registry
Next click on OK
When the Question pop-up appears click on Yes
After a short duration the Registry backup is complete! popup will appear
Now click on OK. A backup has been created.

Note:To restore the registry, open the backup folder and start ERDNT.exe

-------------------------------------------

Please delete your current copy of ComboFix and download a new version. Make sure it's on the Desktop.

http://www.bleepingcomputer.com/combofi ... e-combofix

Please disable all security programs before running ComboFix as they will likely interfere. Usually via a right-click on the system tray icon.
Disable Windows Defender
Open Windows Defender and click Tools
Click General settings then scroll down to Real time protection options.
Uncheck Turn on real time protection (recommended)
Click save, then close Windows Defender.
Finally restart your system for any changes to take effect.
Once your system is clean please reenable it.



Run CFScript
  • Click > Start > Run > type Notepad > click OK
  • Copy/Paste the following text inside the code box into Notepad:

    Code: Select all
    KillAll::
    
    File::
    c:\users\Andy\AppData\Local\1632078083.dll
    c:\users\Andy\AppData\Local\2269221376.dll
    c:\users\Andy\AppData\Local\d3d9caps.dat
    C:\Users\Andy\AppData\Local\Temp\nvsvc32.exe
    C:\Users\Andy\AppData\Local\Temp\csrss.exe
    C:\Users\Andy\AppData\Local\Temp\mdm.exe
    C:\Users\Andy\AppData\Local\Temp\win.exe
    C:\Users\Andy\AppData\Local\Temp\login.exe
    C:\Users\Andy\AppData\Local\Temp\df3ekpz80n.exe
    
    
    Folder::
    c:\programdata\pehirema
    c:\programdata\napuruya
    c:\programdata\gelapele
    c:\programdata\bisomasu
    c:\programdata\bimawoyo
    c:\programdata\sokofosu
    c:\programdata\kuwalobe
    c:\programdata\fipuyuko
    c:\programdata\vabuyoyi
    c:\programdata\howivuti
    c:\programdata\honahofu
    c:\programdata\bekeribo
    c:\programdata\faseholu
    c:\programdata\silokefe
    c:\programdata\wugejoni
    c:\programdata\hudunini
    c:\programdata\doyanavo
    c:\programdata\nayulowo
    c:\programdata\lujahefo
    c:\programdata\dekijafi
    c:\programdata\vitasosu
    c:\programdata\pafakamo
    c:\programdata\hedizeji
    c:\programdata\velurike
    c:\programdata\mugorazi
    c:\programdata\korenobi
    c:\programdata\yubiyiza
    c:\programdata\vidajadu
    c:\programdata\lehetojo
    c:\programdata\vavusani
    c:\programdata\ramidiru
    c:\programdata\nulahovo
    c:\programdata\wejuwava
    c:\programdata\koyagahu
    c:\programdata\busezidi
    c:\programdata\husenafe
    c:\programdata\yohilite
    c:\programdata\vojifuje
    c:\programdata\nugevozi
    c:\programdata\sufetida
    c:\programdata\ketahope
    c:\programdata\firugoti
    c:\programdata\dibiyowa
    c:\programdata\bozujeyi
    c:\programdata\woyohipo
    c:\programdata\vunoyedi
    c:\programdata\ratijipe
    c:\programdata\nevibuni
    c:\programdata\kebupewa
    c:\users\Andy\AppData\Roaming\Your Protection
    c:\programdata\vesujoku
    c:\programdata\yosijume
    c:\programdata\wurimiki
    c:\programdata\rofakuve
    c:\programdata\karopidu
    c:\users\Andy\.COMMgr
    c:\programdata\tiworita
    c:\users\Andy\AppData\Roaming\lowsec
    c:\programdata\kozizezu
    c:\programdata\jekupeju
    
    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "COM+ Manager"=-
    "Your Protection"=-
    
    RegLock::
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    

  • Goto File > Save as... and save it CFScript.txt
  • Now drag the CFScript.txt file into ComboFix.exe as shown in the animation below... This will start ComboFix again.

    Image
  • The tool may require a reboot - this is normal.
  • When finished, it shall produce a log for you at "C:\ComboFix.txt"
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

-----------------

Download/Run Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware and save it to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware then click finish.
  • If an update is found, it will download and install the latest version. Or click the Update tab in MBAM.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad and you may be prompted to restart to finish cleaning.... see Extra Note below.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process. If asked to restart your computer, please do so immediately.
Failure to reboot will prevent MBAM from removing all the malware.

-------------------

Run RSIT
  • Right-click on RSIT.exe and select Run as Admin to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, one log will open.
  • Please post the contents of log.txt (<<will be maximized)

------------------

Please post back with the following:
C:\ComboFix.txt
MBAM log
C:\rsit\Log.txt
How is the pc running now?

Thanks.
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: Hijack This log

Unread postby boardman54212 » April 10th, 2010, 7:46 pm

Norton is no longer in use. ran out. I haven't noticed any pop ups seems to run fine.






ComboFix 10-04-10.02 - Andy 04/10/2010 16:19:20.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3002.1816 [GMT -7:00]
Running from: c:\users\Andy\Desktop\ComboFix.exe
Command switches used :: c:\users\Andy\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\users\Andy\AppData\Local\1632078083.dll"
"c:\users\Andy\AppData\Local\2269221376.dll"
"c:\users\Andy\AppData\Local\d3d9caps.dat"
"c:\users\Andy\AppData\Local\Temp\csrss.exe"
"c:\users\Andy\AppData\Local\Temp\df3ekpz80n.exe"
"c:\users\Andy\AppData\Local\Temp\login.exe"
"c:\users\Andy\AppData\Local\Temp\mdm.exe"
"c:\users\Andy\AppData\Local\Temp\nvsvc32.exe"
"c:\users\Andy\AppData\Local\Temp\win.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\bekeribo
c:\programdata\bimawoyo
c:\programdata\bimawoyo\bimawoyo.exe
c:\programdata\bisomasu
c:\programdata\bisomasu\bisomasu.dll
c:\programdata\bozujeyi
c:\programdata\bozujeyi\bozujeyi.dll
c:\programdata\busezidi
c:\programdata\busezidi\busezidi.dll
c:\programdata\dekijafi
c:\programdata\dekijafi\dekijafi.dll
c:\programdata\dibiyowa
c:\programdata\dibiyowa\dibiyowa.dll
c:\programdata\doyanavo
c:\programdata\doyanavo\doyanavo.dll
c:\programdata\faseholu
c:\programdata\faseholu\faseholu.exe
c:\programdata\fiosejgfse.dll
c:\programdata\fipuyuko
c:\programdata\fipuyuko\fipuyuko.dll
c:\programdata\firugoti
c:\programdata\firugoti\firugoti.dll
c:\programdata\gelapele
c:\programdata\gelapele\gelapele.dll
c:\programdata\hedizeji
c:\programdata\hedizeji\hedizeji.dll
c:\programdata\honahofu
c:\programdata\honahofu\honahofu.dll
c:\programdata\howivuti
c:\programdata\howivuti\howivuti.exe
c:\programdata\hudunini
c:\programdata\hudunini\hudunini.dll
c:\programdata\husenafe
c:\programdata\husenafe\husenafe.exe
c:\programdata\jekupeju
c:\programdata\jekupeju\jekupeju.dll
c:\programdata\karopidu
c:\programdata\karopidu\karopidu.exe
c:\programdata\kebupewa
c:\programdata\kebupewa\kebupewa.dll
c:\programdata\ketahope
c:\programdata\ketahope\ketahope.dll
c:\programdata\korenobi
c:\programdata\korenobi\korenobi.dll
c:\programdata\koyagahu
c:\programdata\koyagahu\koyagahu.exe
c:\programdata\kozizezu
c:\programdata\kozizezu\kozizezu.dll
c:\programdata\kuwalobe
c:\programdata\kuwalobe\kuwalobe.exe
c:\programdata\lehetojo
c:\programdata\lehetojo\lehetojo.dll
c:\programdata\lujahefo
c:\programdata\lujahefo\lujahefo.dll
c:\programdata\mugorazi
c:\programdata\mugorazi\mugorazi.dll
c:\programdata\napuruya
c:\programdata\napuruya\napuruya.dll
c:\programdata\nayulowo
c:\programdata\nayulowo\nayulowo.exe
c:\programdata\nevibuni
c:\programdata\nevibuni\nevibuni.dll
c:\programdata\nugevozi
c:\programdata\nugevozi\nugevozi.dll
c:\programdata\nulahovo
c:\programdata\nulahovo\nulahovo.dll
c:\programdata\pafakamo
c:\programdata\pafakamo\pafakamo.dll
c:\programdata\pehirema
c:\programdata\pehirema\pehirema.dll
c:\programdata\ramidiru
c:\programdata\ramidiru\ramidiru.dll
c:\programdata\ratijipe
c:\programdata\ratijipe\ratijipe.exe
c:\programdata\rofakuve
c:\programdata\rofakuve\rofakuve.dll
c:\programdata\silokefe
c:\programdata\silokefe\silokefe.dll
c:\programdata\sokofosu
c:\programdata\sokofosu\sokofosu.dll
c:\programdata\sufetida
c:\programdata\sufetida\sufetida.exe
c:\programdata\tiworita
c:\programdata\vabuyoyi
c:\programdata\vabuyoyi\vabuyoyi.dll
c:\programdata\vavusani
c:\programdata\vavusani\vavusani.exe
c:\programdata\velurike
c:\programdata\velurike\velurike.exe
c:\programdata\vesujoku
c:\programdata\vesujoku\vesujoku.dll
c:\programdata\vidajadu
c:\programdata\vidajadu\vidajadu.dll
c:\programdata\vitasosu
c:\programdata\vitasosu\vitasosu.exe
c:\programdata\vojifuje
c:\programdata\vojifuje\vojifuje.dll
c:\programdata\vunoyedi
c:\programdata\vunoyedi\vunoyedi.dll
c:\programdata\wejuwava
c:\programdata\wejuwava\wejuwava.dll
c:\programdata\woyohipo
c:\programdata\woyohipo\woyohipo.dll
c:\programdata\wugejoni
c:\programdata\wugejoni\wugejoni.exe
c:\programdata\wurimiki
c:\programdata\wurimiki\wurimiki.exe
c:\programdata\yohilite
c:\programdata\yohilite\yohilite.dll
c:\programdata\yosijume
c:\programdata\yosijume\yosijume.dll
c:\programdata\yubiyiza
c:\programdata\yubiyiza\yubiyiza.exe
c:\users\Andy\.COMMgr
c:\users\Andy\.COMMgr\complmgr.exe
c:\users\Andy\AppData\Local\1632078083.dll
c:\users\Andy\AppData\Local\2269221376.dll
c:\users\Andy\AppData\Local\d3d9caps.dat
c:\users\Andy\AppData\Roaming\lowsec
c:\users\Andy\AppData\Roaming\lowsec\local.ds
c:\users\Andy\AppData\Roaming\lowsec\user.ds
c:\users\Andy\AppData\Roaming\Your Protection
c:\users\Andy\AppData\Roaming\Your Protection\about.ico
c:\users\Andy\AppData\Roaming\Your Protection\activate.ico
c:\users\Andy\AppData\Roaming\Your Protection\buy.ico
c:\users\Andy\AppData\Roaming\Your Protection\help.ico
c:\users\Andy\AppData\Roaming\Your Protection\scan.ico
c:\users\Andy\AppData\Roaming\Your Protection\settings.ico
c:\users\Andy\AppData\Roaming\Your Protection\splash.mp3
c:\users\Andy\AppData\Roaming\Your Protection\Uninstall.exe
c:\users\Andy\AppData\Roaming\Your Protection\update.ico
c:\users\Andy\AppData\Roaming\Your Protection\urp.db
c:\users\Andy\AppData\Roaming\Your Protection\urpext.dll
c:\users\Andy\AppData\Roaming\Your Protection\urphook.dll
c:\users\Andy\AppData\Roaming\Your Protection\virus.mp3

.
((((((((((((((((((((((((( Files Created from 2010-03-10 to 2010-04-10 )))))))))))))))))))))))))))))))
.

2010-04-10 23:24 . 2010-04-10 23:26 -------- d-----w- c:\users\Andy\AppData\Local\temp
2010-04-10 23:24 . 2010-04-10 23:24 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-04-10 23:24 . 2010-04-10 23:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-07 00:07 . 2010-04-07 00:07 -------- d-----w- c:\program files\ERUNT
2010-04-05 22:14 . 2010-04-05 22:14 -------- d-----w- C:\rsit
2010-04-02 00:31 . 2010-04-02 00:31 -------- d-----w- c:\program files\Trend Micro
2010-03-12 22:59 . 2009-09-10 17:30 213504 ----a-w- c:\windows\system32\msv1_0.dll
2010-03-12 22:58 . 2009-08-31 13:55 428544 ----a-w- c:\windows\system32\EncDec.dll
2010-03-12 22:58 . 2009-08-31 13:55 293376 ----a-w- c:\windows\system32\psisdecd.dll
2010-03-12 22:58 . 2009-09-04 12:24 61440 ----a-w- c:\windows\system32\msasn1.dll
2010-03-12 22:58 . 2009-09-14 09:44 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-03-12 22:58 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-07 00:04 . 2009-04-20 12:15 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-02 00:10 . 2009-08-30 00:53 -------- d-----w- c:\programdata\Viewpoint
2010-03-11 18:00 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-11 17:24 . 2009-04-20 12:10 -------- d-----w- c:\programdata\Microsoft Help
2010-03-09 16:28 . 2010-03-30 19:44 833024 ----a-w- c:\windows\system32\wininet.dll
2010-03-09 16:25 . 2010-03-30 19:44 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-09 14:01 . 2010-03-30 19:44 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2010-03-06 06:36 . 2009-09-14 05:15 178 ----a-w- c:\users\Andy\AppData\Roaming\wklnhst.dat
2010-02-27 01:13 . 2010-04-05 23:31 17160 ----a-w- c:\windows\Help\OEM\scripts\HPHCDisableObject.exe
2010-02-25 01:16 . 2009-08-30 00:31 75832 ----a-w- c:\users\Andy\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 17:16 . 2009-10-30 22:41 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-22 21:28 . 2010-04-05 23:31 1282824 ----a-w- c:\windows\Help\OEM\scripts\SamsungHDDFW1HC.exe
2010-02-20 23:39 . 2010-03-11 17:18 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:37 . 2010-03-11 17:18 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 21:18 . 2010-03-11 17:18 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-13 01:41 . 2010-04-10 23:25 558448 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2010-02-05 00:51 . 2010-04-05 23:31 49152 ----a-w- c:\windows\Help\OEM\scripts\Interop.TaskScheduler.dll
2010-02-02 03:20 . 2010-04-10 23:25 165240 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2010-01-25 12:48 . 2010-02-23 22:06 472576 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:48 . 2010-02-23 22:06 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:48 . 2010-02-23 22:06 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:48 . 2010-02-23 22:06 472064 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 12:45 . 2010-02-23 22:06 329216 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:35 . 2010-02-23 22:06 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:35 . 2010-02-23 22:06 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:34 . 2010-02-23 22:06 511488 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:34 . 2010-02-23 22:06 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:44 . 2010-02-23 22:07 2048 ----a-w- c:\windows\system32\tzres.dll
2009-04-20 11:30 . 2009-04-20 11:21 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-09-30 972080]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-07-09 49968]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-10 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-10 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-10 145944]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-11-15 218408]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"KMConfig"="c:\program files\5-button wireless optical notebook mouse\StartAutorun.exe" [2007-03-06 212992]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]

c:\users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NIS\1007020.00B\SYMNDISV.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1008000.029\SYMEFA.SYS [2009-08-26 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\NIS\1008000.029\BHDrvx86.sys [2009-08-26 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NIS\1008000.029\ccHPx86.sys [2010-02-03 482432]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20091021.001\IDSvix86.sys [2009-09-10 342576]
S2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [2009-08-26 117640]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-29 102448]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-29 112128]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\igz2xbhg.default\
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-10 16:26
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\5-button wireless optical notebook mouse\KMConfig.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\5-button wireless optical notebook mouse\KMProcess.exe
c:\program files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\AIM6\aolsoftware.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-04-10 16:32:14 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-10 23:32
ComboFix2.txt 2010-04-07 00:31

Pre-Run: 210,833,113,088 bytes free
Post-Run: 210,817,908,736 bytes free

- - End Of File - - 0DD74D258C73A2D063D37E3ADF05AB73


Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3976

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

4/10/2010 4:42:10 PM
mbam-log-2010-04-10 (16-42-10).txt

Scan type: Quick scan
Objects scanned: 107585
Time elapsed: 3 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Logfile of random's system information tool 1.06 (written by random/random)
Run by Andy at 2010-04-10 16:43:20
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 201 GB (68%) free of 294 GB
Total RAM: 3002 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:43:22 PM, on 4/10/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18444)
Boot mode: Normal

Running processes:
C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\5-button wireless optical notebook mouse\StartAutorun.exe
C:\Program Files\5-button wireless optical notebook mouse\KMConfig.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\5-button wireless optical notebook mouse\KMProcess.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\explorer.exe
C:\Users\Andy\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Andy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [KMConfig] "C:\Program Files\5-button wireless optical notebook mouse\StartAutorun.exe" KMConfig.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8434 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll [2009-08-25 378736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL [2009-08-25 107896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Microsoft Live Search Toolbar Helper - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll [2008-08-28 86032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll [2009-08-25 378736]
{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - Microsoft Live Search Toolbar - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll [2008-08-28 86032]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-04-17 1049896]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-07-10 150040]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-07-10 170520]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-07-10 145944]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2008-09-23 468264]
"UpdateLBPShortCut"=C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [2008-06-13 210216]
"UpdatePSTShortCut"=C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [2008-10-06 210216]
"UCam_Menu"=C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2008-11-14 218408]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2008-08-01 202032]
"UpdateP2GoShortCut"=C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2008-06-13 210216]
"UpdatePDIRShortCut"=C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [2008-06-13 210216]
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09 75008]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2008-04-15 488752]
"KMConfig"=C:\Program Files\5-button wireless optical notebook mouse\StartAutorun.exe [2007-03-06 212992]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-08 305440]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-03-30 437584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-06-09 2363392]
"HPAdvisor"=C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2008-09-30 972080]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2009-07-09 49968]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]

C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-07-06 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2010-04-10 16:37:26 ----D---- C:\Users\Andy\AppData\Roaming\Malwarebytes
2010-04-10 16:37:15 ----D---- C:\ProgramData\Malwarebytes
2010-04-10 16:37:14 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-04-10 16:32:15 ----A---- C:\ComboFix.txt
2010-04-10 16:25:59 ----D---- C:\$RECYCLE.BIN
2010-04-10 16:16:33 ----A---- C:\Windows\SWXCACLS.exe
2010-04-06 17:10:37 ----A---- C:\Windows\zip.exe
2010-04-06 17:10:37 ----A---- C:\Windows\SWSC.exe
2010-04-06 17:10:37 ----A---- C:\Windows\SWREG.exe
2010-04-06 17:10:37 ----A---- C:\Windows\sed.exe
2010-04-06 17:10:37 ----A---- C:\Windows\PEV.exe
2010-04-06 17:10:37 ----A---- C:\Windows\NIRCMD.exe
2010-04-06 17:10:37 ----A---- C:\Windows\MBR.exe
2010-04-06 17:10:37 ----A---- C:\Windows\grep.exe
2010-04-06 17:10:03 ----D---- C:\Qoobox
2010-04-06 17:08:21 ----D---- C:\Windows\ERDNT
2010-04-06 17:07:18 ----D---- C:\Program Files\ERUNT
2010-04-06 17:04:16 ----D---- C:\Config.Msi
2010-04-05 15:14:37 ----D---- C:\rsit
2010-04-01 17:31:45 ----D---- C:\Program Files\Trend Micro
2010-03-30 12:44:34 ----A---- C:\Windows\system32\occache.dll
2010-03-30 12:44:34 ----A---- C:\Windows\system32\mshtml.dll
2010-03-30 12:44:33 ----A---- C:\Windows\system32\wininet.dll
2010-03-30 12:44:33 ----A---- C:\Windows\system32\urlmon.dll
2010-03-30 12:44:33 ----A---- C:\Windows\system32\ieframe.dll
2010-03-30 12:44:32 ----A---- C:\Windows\system32\ieapfltr.dll
2010-03-30 12:44:31 ----A---- C:\Windows\system32\mshtmled.dll
2010-03-30 12:44:31 ----A---- C:\Windows\system32\msfeeds.dll
2010-03-30 12:44:31 ----A---- C:\Windows\system32\ieUnatt.exe
2010-03-30 12:44:31 ----A---- C:\Windows\system32\iertutil.dll
2010-03-30 12:44:31 ----A---- C:\Windows\system32\iepeers.dll
2010-03-30 12:44:31 ----A---- C:\Windows\system32\iedkcs32.dll
2010-03-30 12:44:31 ----A---- C:\Windows\system32\ieaksie.dll
2010-03-30 12:44:30 ----A---- C:\Windows\system32\mstime.dll
2010-03-30 12:44:30 ----A---- C:\Windows\system32\jsproxy.dll
2010-03-30 12:44:30 ----A---- C:\Windows\system32\ieencode.dll
2010-03-12 15:59:41 ----A---- C:\Windows\system32\msv1_0.dll
2010-03-12 15:58:29 ----A---- C:\Windows\system32\EncDec.dll
2010-03-12 15:58:27 ----A---- C:\Windows\system32\psisdecd.dll
2010-03-12 15:58:22 ----A---- C:\Windows\system32\msasn1.dll
2010-03-12 15:58:09 ----A---- C:\Windows\system32\WMSPDMOD.DLL
2010-03-11 10:18:09 ----A---- C:\Windows\system32\nshhttp.dll
2010-03-11 10:18:00 ----A---- C:\Windows\system32\httpapi.dll

======List of files/folders modified in the last 1 months======

2010-04-10 16:43:15 ----D---- C:\Windows\Temp
2010-04-10 16:40:15 ----D---- C:\Windows\System32
2010-04-10 16:40:15 ----D---- C:\Windows\inf
2010-04-10 16:40:15 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-04-10 16:37:16 ----D---- C:\Windows\system32\drivers
2010-04-10 16:37:15 ----D---- C:\ProgramData
2010-04-10 16:37:14 ----RD---- C:\Program Files
2010-04-10 16:36:13 ----D---- C:\Windows\Prefetch
2010-04-10 16:34:12 ----A---- C:\ProgramData\hpqp.ini
2010-04-10 16:26:06 ----D---- C:\Windows
2010-04-10 16:26:06 ----A---- C:\Windows\system.ini
2010-04-10 16:21:41 ----D---- C:\Windows\AppPatch
2010-04-10 16:21:41 ----D---- C:\Program Files\Common Files
2010-04-10 16:10:51 ----D---- C:\Windows\system32\catroot2
2010-04-10 15:34:56 ----SHD---- C:\System Volume Information
2010-04-06 17:19:24 ----D---- C:\Windows\Tasks
2010-04-06 17:04:50 ----SHD---- C:\Windows\Installer
2010-04-06 17:04:45 ----D---- C:\Program Files\Common Files\Adobe
2010-04-06 17:04:45 ----D---- C:\Program Files\Adobe
2010-04-06 17:04:38 ----D---- C:\ProgramData\Adobe
2010-04-04 18:19:52 ----D---- C:\Program Files\Mozilla Firefox
2010-04-01 17:55:27 ----D---- C:\Windows\system32\LogFiles
2010-04-01 17:12:18 ----D---- C:\Windows\system32\WDI
2010-04-01 17:10:03 ----D---- C:\ProgramData\Viewpoint
2010-03-31 03:16:23 ----D---- C:\Program Files\Internet Explorer
2010-03-31 03:01:05 ----D---- C:\Windows\winsxs
2010-03-30 12:43:16 ----D---- C:\Windows\system32\catroot
2010-03-13 12:02:57 ----D---- C:\Windows\Microsoft.NET
2010-03-13 11:50:22 ----D---- C:\Windows\ehome
2010-03-11 11:00:24 ----D---- C:\Program Files\Windows Mail
2010-03-11 11:00:24 ----D---- C:\Program Files\Movie Maker
2010-03-11 10:24:47 ----D---- C:\ProgramData\Microsoft Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 BHDrvx86;Symantec Heuristics Driver; C:\Windows\System32\Drivers\NIS\1008000.029\BHDrvx86.sys [2009-08-25 259632]
R1 ccHP;Symantec Hash Provider; C:\Windows\System32\Drivers\NIS\1008000.029\ccHPx86.sys [2010-02-03 482432]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2009-08-29 371248]
R1 IDSVix86;IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20091021.001\IDSvix86.sys [2009-09-10 342576]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\Windows\system32\drivers\NIS\1008000.029\SRTSPX.SYS [2009-08-25 43696]
R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys [2009-08-25 25648]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\Windows\System32\Drivers\NIS\1008000.029\SYMTDI.SYS [2009-08-25 217136]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-18 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-17 8704]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-12-20 1093120]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-20 14208]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-06-05 222208]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-29 102448]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-10-31 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-10-31 208896]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-07-06 2378752]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI; C:\Windows\system32\drivers\IntcHdmi.sys [2008-06-29 112128]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2010-03-30 38224]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-06-10 123904]
R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2008-09-19 61952]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2009-09-11 124976]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-04-17 199344]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-20 134016]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-10-31 661504]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-20 11264]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091029.025\NAVENG.SYS [2009-08-29 84912]
S3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091029.025\NAVEX15.SYS [2009-08-29 1323568]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2008-01-20 2225664]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-20 88576]
S3 SRTSP;Symantec Real Time Storage Protection; C:\Windows\System32\Drivers\NIS\1008000.029\SRTSP.SYS [2009-08-25 308272]
S3 SYMDNS;SYMDNS; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SYMDNS.SYS []
S3 SYMFW;Symantec Network Filter Driver; C:\Windows\System32\Drivers\NIS\1007020.00B\SYMFW.SYS []
S3 SYMNDISV;Symantec Network Filter Driver; C:\Windows\System32\Drivers\NIS\1007020.00B\SYMNDISV.SYS []
S3 SYMREDRV;SYMREDRV; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SYMREDRV.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-20 73088]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-10-09 94208]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-06-09 73728]
R2 Norton Internet Security;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [2009-08-25 117640]
R2 Recovery Service for Windows;Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [2008-10-06 365952]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2008-09-15 241734]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-17 386560]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-05-01 165192]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-08 545568]
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2008-05-05 165416]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------
boardman54212
Active Member
 
Posts: 11
Joined: April 1st, 2010, 8:37 pm

Re: Hijack This log

Unread postby Airscape » April 11th, 2010, 7:43 pm

Hi,




Norton Cleanup
  • Click Here to download the Norton Removal Tool and save it to your desktop.
  • Double click on Norton_Removal_Tool.exe to start the tool.
    NOTE: To run the tool in Vista, right-click Norton_Removal_Tool.exe and select Run as Administrator.
  • Follow program prompts, to remove the Norton product.
  • Reboot your computer

--------------------------

Install an Anti-Virus
I recommend you to install one of these antiviruses.
Avast! Home Edition
Avira AntiVir

Once installed, have the antivirus check for updates. Run a complete scan and have it fix anything found.

--------------------------

FixPolicies.exe
Download to your Desktop FixPolicies.exe, a self-extracting ZIP archive from here
  • Right-click FixPolicies.exe and select "Run as Admin"
  • Click the "Install" button on the bottom toolbar of the box that will open.
  • The program will create a new Folder called FixPolicies
  • Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd
  • A black box should briefly appear and then close. This is normal.

--------------------------------

Using Windows Explorer (to get there right-click your Start(Vista Orb) button and go to "Explore"), please delete this folder (if present):

C:\rsit

Then empty the Recycle Bin.

  • Right-click on RSIT.exe and select Run as Admin to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open.
  • Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

-------------------------------

Please post back with the following:
RSIT logs (log.txt and info.txt)
How is the pc running now?

Thanks.
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 28 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware