ok....here you go
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:50:55 AM, on 5/13/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://centurytel.myway.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptopR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLive.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLive.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O3 - Toolbar: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLive.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.1\THGuard.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Vongo Tray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) -
http://cdn.scan.onecare.live.com/resour ... cctrl2.cabO16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) -
http://lads.myspace.com/upload/MySpaceUploader1006.cabO16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) -
http://www.nanoscan.com/cabs/nanoinst.cabO18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 9704 bytes
ComboFix 09-05-12.04 - home 05/12/2009 20:13.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2046.1237 [GMT -5:00]
Running from: c:\users\home\Desktop\ComboFix.exe
Command switches used :: c:\users\home\Desktop\CFScript.lnk
.
((((((((((((((((((((((((( Files Created from 2009-04-13 to 2009-05-13 )))))))))))))))))))))))))))))))
.
2009-05-12 04:18 . 2009-05-12 04:16 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-05-11 03:00 . 2009-05-11 03:01 2560 ----a-w c:\windows\_MSRSTRT.EXE
2009-05-09 21:03 . 2009-05-09 21:03 -------- d-----w c:\users\home\AppData\Roaming\TrojanHunter
2009-05-08 00:26 . 2009-05-11 23:07 -------- d-----w c:\program files\TrojanHunter 5.1
2009-05-07 01:11 . 2009-05-07 01:11 -------- d-----w c:\program files\Trend Micro
2009-05-06 00:53 . 2009-05-06 00:52 25136 ----a-r c:\windows\system32\drivers\SymIMV.sys
2009-05-06 00:53 . 2009-05-06 00:53 124464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-05-06 00:53 . 2009-05-06 00:53 -------- d-----w c:\program files\Symantec
2009-05-06 00:52 . 2009-05-06 00:52 -------- d-----w c:\windows\system32\drivers\NAV
2009-05-06 00:52 . 2009-05-06 00:52 -------- d-----w c:\program files\Norton AntiVirus
2009-05-06 00:52 . 2009-05-06 00:52 -------- d-----w c:\programdata\Norton
2009-05-06 00:52 . 2009-05-06 00:52 -------- d-----w c:\users\All Users\Norton
2009-05-06 00:51 . 2009-05-06 00:51 -------- d-----w c:\programdata\NortonInstaller
2009-05-06 00:51 . 2009-05-06 00:51 -------- d-----w c:\users\All Users\NortonInstaller
2009-05-06 00:51 . 2009-05-06 00:51 -------- d-----w c:\program files\NortonInstaller
2009-05-04 11:10 . 2009-01-18 21:35 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-05-04 04:05 . 2009-05-04 04:05 -------- dc-h--w c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-05-04 04:05 . 2009-05-04 04:05 -------- dc-h--w c:\users\All Users\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-05-04 04:05 . 2009-05-04 04:05 -------- d-----w c:\program files\Lavasoft
2009-05-04 04:05 . 2009-05-04 04:05 -------- d-----w c:\programdata\Lavasoft
2009-05-04 04:05 . 2009-05-04 04:05 -------- d-----w c:\users\All Users\Lavasoft
2009-05-02 21:36 . 2009-05-02 21:40 -------- d-----w c:\users\home\AppData\Roaming\vlc
2009-05-02 21:35 . 2009-05-02 21:35 -------- d-----w c:\program files\VideoLAN
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-13 00:55 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-05-11 03:11 . 2008-10-08 14:47 680 ----a-w c:\users\home\AppData\Local\d3d9caps.dat
2009-05-10 15:42 . 2008-02-26 01:53 27240 ----a-w c:\users\home\AppData\Roaming\nvModes.dat
2009-05-06 00:58 . 2007-12-06 03:11 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-06 00:53 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-05-06 00:53 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-05-06 00:53 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
2009-05-06 00:53 . 2009-05-06 00:53 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-05-06 00:53 . 2009-05-06 00:53 7386 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-05-04 00:50 . 2007-12-06 05:18 -------- d-----w c:\program files\Java
2009-05-02 01:21 . 2008-03-06 21:57 178 ----a-w c:\users\home\AppData\Roaming\wklnhst.dat
2009-04-10 23:25 . 2009-01-16 22:15 -------- d-----w c:\program files\Curse
2009-03-17 03:38 . 2009-04-15 05:27 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 05:27 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-09 10:19 . 2008-12-11 03:23 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-03 04:46 . 2009-04-15 05:27 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-15 05:27 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-15 05:27 827392 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:39 . 2009-04-15 05:27 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-15 05:27 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-15 05:27 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-15 05:27 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 04:37 . 2009-04-15 05:27 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-15 05:27 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-15 05:27 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-15 05:27 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-15 05:27 17408 ----a-w c:\windows\system32\iashost.exe
2009-03-03 02:28 . 2009-04-15 05:27 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-02-13 08:49 . 2009-04-15 05:27 72704 ----a-w c:\windows\system32\secur32.dll
2009-02-13 08:49 . 2009-04-15 05:27 1255936 ----a-w c:\windows\system32\lsasrv.dll
2008-09-27 01:55 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
.
((((((((((((((((((((((((((((( SnapShot@2009-05-11_23.18.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-06 03:04 . 2009-05-13 01:03 45208 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-05-13 01:03 70608 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-05-12 04:18 . 2009-05-12 04:16 64160 c:\windows\System32\DRVSTORE\lbd_4C6E0193F967021F4DECA024CA3950BECD8BF864\Lbd.sys
+ 2007-12-12 11:05 . 2009-05-12 16:33 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-12-12 11:05 . 2009-05-11 04:05 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-12-12 11:05 . 2009-05-11 04:05 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-12 11:05 . 2009-05-12 16:33 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-12 11:05 . 2009-05-12 16:33 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-12-12 11:05 . 2009-05-11 04:05 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-12-13 14:48 . 2008-12-13 14:48 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
+ 2009-05-13 00:58 . 2009-05-13 00:58 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
+ 2007-12-06 04:48 . 2009-05-13 00:58 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2007-12-06 04:48 . 2009-05-02 19:39 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2007-12-06 04:48 . 2009-05-02 19:39 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2007-12-06 04:48 . 2009-05-13 00:58 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2007-12-06 04:48 . 2009-05-13 00:58 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
- 2007-12-06 04:48 . 2009-05-02 19:39 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-04-15 11:12 . 2009-04-15 11:12 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2009-05-13 00:58 . 2009-05-13 00:58 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2006-10-27 05:07 . 2006-10-27 05:07 17680 c:\windows\Installer\$PatchCache$\Managed\
00002109020090400000000000F01FEC\12.0.4518\PXBPROXY.DLL
+ 2008-02-25 00:50 . 2009-05-13 01:03 9394 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3449371330-1948473508-1645693071-1000_UserData.bin
- 2009-05-11 03:11 . 2009-05-11 03:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-05-13 01:01 . 2009-05-13 01:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-05-11 03:11 . 2009-05-11 03:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-05-13 01:01 . 2009-05-13 01:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2006-11-02 10:33 . 2009-05-11 03:16 595684 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-05-13 01:07 595684 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-05-11 03:16 101350 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-05-13 01:07 101350 c:\windows\System32\perfc009.dat
+ 2007-12-06 04:48 . 2009-05-13 00:58 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
- 2007-12-06 04:48 . 2009-05-02 19:39 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2007-12-06 04:48 . 2009-05-13 00:58 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2007-12-06 04:48 . 2009-05-02 19:39 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2007-12-06 04:48 . 2009-05-02 19:39 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2007-12-06 04:48 . 2009-05-13 00:58 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2007-12-06 04:48 . 2009-05-02 19:39 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2007-12-06 04:48 . 2009-05-13 00:58 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-05-13 00:58 . 2009-05-13 00:58 350064 c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2009-05-12 20:30 . 2009-04-14 07:03 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22409_none_f31abf3b848fce75\OESpamFilter.dat
+ 2009-05-12 20:30 . 2009-04-14 07:04 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18239_none_f270b0c66b8a8557\OESpamFilter.dat
+ 2009-05-12 20:30 . 2009-04-14 07:18 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.21038_none_f112e6c38782ae1b\OESpamFilter.dat
+ 2009-05-12 20:30 . 2009-04-14 07:06 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16843_none_f079a0786e71784d\OESpamFilter.dat
+ 2006-11-02 10:22 . 2009-05-13 01:15 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2006-11-02 10:22 . 2009-05-04 04:06 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2007-12-06 04:48 . 2009-05-13 00:58 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
- 2007-12-06 04:48 . 2009-05-02 19:39 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2006-11-02 10:24 . 2009-05-07 07:16 24699336 c:\windows\System32\mrt.exe
+ 2008-03-22 08:01 . 2009-05-12 20:28 205207355 c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-25 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-01 181544]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-26 282624]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-19 1033512]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-12 516440]
"THGuard"="c:\program files\TrojanHunter 5.1\THGuard.exe" [2009-05-02 1061536]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\windows\Installer\{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe [2007-12-6 53248]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy]
"<NO NAME>"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"<NO NAME>"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications]
"<NO NAME>"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"<NO NAME>"=
"c:\\Program Files\\Vongo\\VongoService.exe"= c:\program files\Vongo\VongoService.exe:*:enabled:VongoService
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{9B22924B-C76E-4D1F-9509-C7228B4666A1}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{D9778C69-A22E-4913-88F7-3CEFDAECC583}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{3EFB2612-BEB1-4647-9DC3-9ED1B6D0D9BB}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6FB32505-7F0B-44E7-8703-EB9A59BB25A3}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{15F9A471-8027-46D7-B87D-3B00E00613F1}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{5F1BB71C-2B26-404D-8B05-C6D02D21555E}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{C485A96F-A8B8-4909-8ACD-72674FB3B5AF}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{72D3C1A4-1A95-40AB-A238-7DD093A1AD12}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{B53655B4-6403-4A16-BB77-041FD462C49C}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{46058D6B-2121-4AE6-8BD5-E6A6A9BB8A92}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{A2B81A71-49EC-4C2C-B930-11C31640ACEC}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{59350288-2ACA-487C-A749-BDAD6DF396A1}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{A4479016-ED48-410A-B832-E716F2D323FF}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{B866E830-51E5-45C8-B224-A6B58D821F77}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{3AD5C01F-CAF7-4C0F-8E73-6ADBCF22D172}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"TCP Query User{19BA29E2-0952-4649-B561-52F84BA79D76}c:\\program files\\dna\\btdna.exe"= UDP:c:\program files\dna\btdna.exe:DNA
"UDP Query User{2093597A-D866-4F98-9FBD-241808AD8CC5}c:\\program files\\dna\\btdna.exe"= TCP:c:\program files\dna\btdna.exe:DNA
"TCP Query User{2B33FC86-EFBE-48C3-8E2A-314D6CEB45D8}c:\\users\\home\\program files\\dna\\btdna.exe"= UDP:c:\users\home\program files\dna\btdna.exe:btdna.exe
"UDP Query User{578D456F-9B74-4BCD-97BA-246B2CE7EE04}c:\\users\\home\\program files\\dna\\btdna.exe"= TCP:c:\users\home\program files\dna\btdna.exe:btdna.exe
"TCP Query User{39809467-B4C2-4B85-98EB-BA8B2EAE4D29}c:\\users\\home\\program files\\dna\\btdna.exe"= UDP:c:\users\home\program files\dna\btdna.exe:btdna.exe
"UDP Query User{218662E9-D0D3-4B47-9C1E-528A52AC624B}c:\\users\\home\\program files\\dna\\btdna.exe"= TCP:c:\users\home\program files\dna\btdna.exe:btdna.exe
"TCP Query User{0E990337-0771-4BFF-902B-909F0130F334}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:µTorrent
"UDP Query User{BE050CCA-EA9E-45AE-8381-F49A937505CE}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:µTorrent
"{DC4AEFC8-818B-4DC8-ABF1-637FCBAD3FD0}"= UDP:53400:LocalSubnet:LocalSubnet:utorrent.com
"TCP Query User{71F0569E-6BC5-41C0-9128-6D80148EC6AE}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:µTorrent
"UDP Query User{523BB9C0-4F99-4B59-BFE2-ACD3861004BC}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:µTorrent
"{3076DE63-F974-4571-B060-29FB52C50C5F}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{FB62DE6B-F63E-4E58-8084-699868167205}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"TCP Query User{2A439E57-87F0-42C3-BE94-54DE07844BD7}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{E2D9B145-A234-4AB0-85AA-1840AD784BF0}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{C1490798-312A-49DF-8993-4641BF22ECD4}"= UDP:53400:BitTorrent
"TCP Query User{8BD10B88-28DA-4CFC-ABEF-5D45EF51117D}c:\\users\\public\\games\\world of warcraft trial\\backgrounddownloader.exe"= UDP:c:\users\public\games\world of warcraft trial\backgrounddownloader.exe:Blizzard Downloader
"UDP Query User{982257BE-7A36-4F1E-A2FC-691B2C766334}c:\\users\\public\\games\\world of warcraft trial\\backgrounddownloader.exe"= TCP:c:\users\public\games\world of warcraft trial\backgrounddownloader.exe:Blizzard Downloader
"{8D9729D6-AE56-4B37-A3C5-1BF6C02FFCBF}"= UDP:c:\program files\Curse\CurseClient.exe:Curse Client
"{205CEB6B-F60F-42C8-90AC-ABEE2317C9FF}"= TCP:c:\program files\Curse\CurseClient.exe:Curse Client
"TCP Query User{25B10064-9286-4CAE-9E8F-AA7D3216170F}c:\\users\\home\\appdata\\local\\temp\\blizzard launcher temporary - bbcc2978\\launcher.exe"= UDP:c:\users\home\appdata\local\temp\blizzard launcher temporary - bbcc2978\launcher.exe:launcher.exe
"UDP Query User{10A750EC-D44E-4E72-9223-0DA7BB2DB019}c:\\users\\home\\appdata\\local\\temp\\blizzard launcher temporary - bbcc2978\\launcher.exe"= TCP:c:\users\home\appdata\local\temp\blizzard launcher temporary - bbcc2978\launcher.exe:launcher.exe
"{15EECF5F-3BED-4ED3-A80D-AF6EABA644D9}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.8.9506-to-3.0.9.9551-enUS-downloader.exe:Blizzard Downloader
"{6596C5A0-20A4-4793-BD09-4186B740AC93}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.8.9506-to-3.0.9.9551-enUS-downloader.exe:Blizzard Downloader
"{C9CFD0B7-E115-4E90-8809-BF41C3285493}"= UDP:3724:Blizzard Downloader: 3724
"TCP Query User{035422A6-2703-4E41-90BC-7400466A88EA}c:\\users\\home\\appdata\\local\\temp\\blizzard launcher temporary - 6b706800\\launcher.exe"= UDP:c:\users\home\appdata\local\temp\blizzard launcher temporary - 6b706800\launcher.exe:launcher.exe
"UDP Query User{05799C2C-B6A3-48C7-B60C-093402E84991}c:\\users\\home\\appdata\\local\\temp\\blizzard launcher temporary - 6b706800\\launcher.exe"= TCP:c:\users\home\appdata\local\temp\blizzard launcher temporary - 6b706800\launcher.exe:launcher.exe
"TCP Query User{F9C59AD8-5E6F-460D-89AB-EEDD160709A7}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= UDP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher
"UDP Query User{31D5D805-AAA2-4F2E-B9C3-726FFA45B74A}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= TCP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher
"{6DD10536-2A0B-4321-919D-D09E274F15FB}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe:Blizzard Downloader
"{7C2A030F-B712-44F3-8125-7E20680AB986}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe:Blizzard Downloader
"TCP Query User{DA3C1A02-95BD-4913-B44D-938B6ACB107A}c:\\users\\public\\documents\\blizzard entertainment\\world of warcraft\\wow-3.0.2.9056-to-3.0.3.9183-enus-downloader.exe"= UDP:c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.2.9056-to-3.0.3.9183-enus-downloader.exe:Blizzard Downloader
"UDP Query User{3E098E1F-1CA1-4F7F-BD19-7F55875DADF2}c:\\users\\public\\documents\\blizzard entertainment\\world of warcraft\\wow-3.0.2.9056-to-3.0.3.9183-enus-downloader.exe"= TCP:c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.2.9056-to-3.0.3.9183-enus-downloader.exe:Blizzard Downloader
"{AC4A00AC-ED9E-4EB2-BAC3-46115233D133}"= UDP:3724:blizzard downloader
"{0CD57E76-A357-4879-A985-FC38E174B929}"= UDP:6112:blizzard downloader
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [5/11/2009 11:18 PM 64160]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NAV\1005000.086\SymEFA.sys [5/5/2009 7:52 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NAV\1005000.086\BHDrvx86.sys [5/5/2009 7:52 PM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NAV\1005000.086\cchpx86.sys [5/5/2009 7:52 PM 482352]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090508.002\IDSvix86.sys [5/8/2009 3:41 PM 292912]
R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};c:\program files\HP\QuickPlay\
000.fcl [12/12/2007 6:16 AM 39408]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 4:34 PM 953168]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe [5/5/2009 7:52 PM 115560]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [3/26/2008 6:33 PM 810320]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/6/2009 2:27 AM 101936]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\NAV\1005000.086\symndisv.sys [5/5/2009 7:52 PM 39984]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{741d28d7-eb64-11dd-b855-001b24e77c4d}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\SanDiskPhoto.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{921e3e03-f234-11dc-8b4d-001b24e77c4d}]
\shell\AutoRun\command - F:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder
2009-05-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 04:15]
2009-05-12 c:\windows\Tasks\User_Feed_Synchronization-{D59C4E96-9234-4B1E-BED6-B9452DB3AD66}.job
- c:\windows\system32\msfeedssync.exe [2008-09-15 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://centurytel.myway.com/mStart Page =
hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptopIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-05-12 20:19
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.5.0.134\diMaster.dll\" /prefetch:1"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{22D78859-9CE9-4B77-BF18-AC83E81A9263}]
"ImagePath"="\??\c:\program files\HP\QuickPlay\
000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\
0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(3584)
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
.
Completion time: 2009-05-13 20:21
ComboFix-quarantined-files.txt 2009-05-13 01:21
ComboFix2.txt 2009-05-11 23:19
Pre-Run: 137,806,970,880 bytes free
Post-Run: 137,789,624,320 bytes free
287 --- E O F --- 2009-05-13 00:58
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Wednesday, May 13, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Wednesday, May 13, 2009 03:38:48
Records in database: 2170490
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
Scan statistics:
Files scanned: 183660
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 02:38:43
No malware has been detected. The scan area is clean.
The selected area was scanned.
thank you