Thanks, I'll probably remove Frostwire as I haven't been using it frequently enough to warrant keeping it.
Here's my new logs:
ComboFixComboFix 08-03-21.1 - Beth 2008-03-21 17:25:05.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.368 [GMT -6:00]
Running from: C:\Users\Beth\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\BM174c89bc.xml
C:\Windows\pskt.ini
C:\Windows\system32\AutoRun.inf
C:\Windows\system32\fkkcisxy.dll
C:\Windows\System32\gqnehmxm.ini
C:\Windows\system32\jhwtoxlr.dll
C:\Windows\system32\jkvctdxq.dll
C:\Windows\system32\kdrhrjov.dll
C:\Windows\system32\kejcmelh.dll
C:\Windows\system32\kuokjlkw.dll
C:\Windows\System32\lyeydgon.ini
C:\Windows\system32\mcrh.tmp
C:\Windows\system32\mxmhenqg.dll
C:\Windows\system32\ocneejsw.dll
C:\Windows\system32\opupsqmr.dll
C:\Windows\System32\oruvw.ini
C:\Windows\System32\oruvw.ini2
C:\Windows\System32\pfbonvta.ini
C:\Windows\system32\qburonie.dll
C:\Windows\System32\qqstv.ini
C:\Windows\System32\qqstv.ini2
C:\Windows\system32\rxvdsipv.dll
C:\Windows\system32\ssyuijmx.dll
C:\Windows\system32\ujpkjlpx.dll
C:\Windows\system32\urhxwjrk.dll
C:\Windows\System32\vojrhrdk.ini
C:\Windows\system32\vtsqq.dll
C:\Windows\System32\vvuglwwd.ini
C:\Windows\System32\wgosfbbn.ini
C:\Windows\system32\wvuro.dll
C:\Windows\System32\xmivxaqi.ini
C:\Windows\system32\ygrjhnrt.dll
.
((((((((((((((((((((((((( Files Created from 2008-02-21 to 2008-03-21 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-21 23:19 27,240 ----a-w C:\Users\Beth\AppData\Roaming\nvModes.dat
2008-03-21 23:12 --------- d-----w C:\Program Files\DOSBox-0.72
2008-03-20 23:14 --------- d-----w C:\Program Files\Stone Prophet
2008-03-20 21:40 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-03-20 21:36 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-03-20 21:29 --------- d-----w C:\Users\Beth\AppData\Roaming\DAEMON Tools
2008-03-20 19:23 --------- d-----w C:\Users\Beth\AppData\Roaming\FrostWire
2008-03-19 21:33 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-18 21:55 --------- d-----w C:\Program Files\PhotoScape
2008-03-18 19:55 --------- d-----w C:\Users\Beth\AppData\Roaming\HP
2008-03-18 19:50 --------- d-----w C:\ProgramData\WEBREG
2008-03-18 19:49 --------- d-----w C:\ProgramData\HP
2008-03-18 19:28 --------- d-----w C:\Users\Beth\AppData\Roaming\HPAppData
2008-03-18 19:28 --------- d-----w C:\ProgramData\HPSSUPPLY
2008-03-18 19:28 --------- d-----w C:\Program Files\HP
2008-03-18 19:24 --------- d-----w C:\ProgramData\HP Product Assistant
2008-03-18 19:23 --------- d-----w C:\Program Files\Common Files\HP
2008-03-18 19:21 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2008-03-18 19:19 --------- d-----w C:\ProgramData\Hewlett-Packard
2008-03-17 22:54 --------- d-----w C:\Program Files\Trend Micro
2008-03-14 09:18 --------- d-----w C:\Program Files\Windows Mail
2008-03-14 09:11 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-02 19:14 --------- d-----w C:\Users\Beth\AppData\Roaming\.ABC
2008-02-28 19:29 --------- d-----w C:\Users\Beth\AppData\Roaming\Download Manager
2008-02-25 22:13 --------- d-----w C:\Program Files\Ubi Soft
2008-02-22 19:38 --------- d-----w C:\Program Files\Jollygood Games
2008-02-20 23:18 --------- d-----w C:\Program Files\QuickTime
2008-02-20 23:14 --------- d-----w C:\ProgramData\Apple Computer
2008-02-20 23:11 --------- d-----w C:\ProgramData\Apple
2008-02-20 23:11 --------- d-----w C:\Program Files\Apple Software Update
2008-02-20 17:55 --------- d-----w C:\Users\Beth\AppData\Roaming\InstallShield
2008-02-18 00:17 --------- d-----w C:\Users\Beth\AppData\Roaming\Grisoft
2008-02-18 00:17 --------- d-----w C:\ProgramData\Grisoft
2008-02-17 21:39 --------- d-----w C:\Program Files\Webroot
2008-02-17 21:35 --------- d-----w C:\ProgramData\Webroot
2008-02-17 21:19 --------- d-----w C:\Program Files\Windows Collaboration
2008-02-17 21:18 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-17 21:18 --------- d-----w C:\Program Files\Hewlett-Packard
2008-02-17 21:18 --------- d-----w C:\Program Files\earthlink totalaccess
2008-02-17 20:01 --------- d-----w C:\Program Files\Enigma Software Group
2008-02-17 06:09 --------- d-----w C:\ProgramData\SUPERAntiSpyware.com
2008-02-17 06:09 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-02-17 06:08 --------- d-----w C:\Users\Beth\AppData\Roaming\SUPERAntiSpyware.com
2008-02-17 05:25 --------- d-----w C:\Program Files\Microsoft Windows OneCare Live
2008-02-15 19:51 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-02-15 18:44 --------- d-----w C:\ProgramData\Trend Micro
2008-02-15 02:32 --------- d-----w C:\Users\Beth\AppData\Roaming\Webroot
2008-02-14 23:43 --------- d-----w C:\ProgramData\Symantec
2008-02-14 23:43 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-14 23:39 --------- d-----w C:\Program Files\Symantec
2008-02-14 23:04 84,992 ----a-w C:\Windows\system32\drivers\FWPKCLNT.SYS
2008-02-14 20:48 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-14 20:46 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-02-14 20:46 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-02-14 20:46 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-02-14 20:46 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-02-14 20:46 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-02-14 20:46 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-02-14 20:46 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys
2008-02-14 20:43 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-14 20:43 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-02-14 20:43 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-14 20:43 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-14 20:43 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-02-14 20:43 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-14 20:42 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-14 20:42 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 20:42 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 20:42 217,144 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-14 20:42 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 20:42 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 20:39 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-14 20:10 --------- d-----w C:\ProgramData\LightScribe
2008-02-14 03:22 --------- d-----w C:\Program Files\FrostWire
2008-02-13 18:17 --------- d-----w C:\ProgramData\WildTangent
2008-02-13 10:28 174 --sha-w C:\Program Files\desktop.ini
2008-02-13 10:24 --------- d-----w C:\Program Files\Windows Sidebar
2008-02-13 10:24 --------- d-----w C:\Program Files\Windows Calendar
2008-02-13 10:15 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2008-02-13 10:15 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2008-02-13 10:15 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2008-02-13 10:15 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2008-02-13 10:15 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2008-02-13 10:13 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2008-02-13 10:13 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-02-13 10:13 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2008-02-13 10:13 2,923,520 ----a-w C:\Windows\explorer.exe
2008-02-13 10:13 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
2008-02-13 10:13 11,264 ----a-w C:\Windows\system32\drivers\wmiacpi.sys
2008-02-13 10:10 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2008-02-13 10:10 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2008-02-13 10:10 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2008-02-13 10:10 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-13 10:09 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys
2008-02-13 10:09 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
2008-02-13 10:09 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
2008-02-13 10:09 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
2008-02-13 10:09 193,536 ----a-w C:\Windows\system32\drivers\usbhub.sys
2008-02-13 10:09 19,456 ----a-w C:\Windows\system32\drivers\usbohci.sys
2008-02-13 10:08 82,432 ----a-w C:\Windows\system32\drivers\sdbus.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1AE26144-E2D5-4389-B327-4CE306BC77D2}]
C:\Windows\system32\vtsts.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 06:35 125440]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 06:36 201728]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-03-14 05:55 486856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-04 03:57 1006264]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 21:36 827392]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 12:38 159744]
"NvSvc"="RUNDLL32.exe" [2006-11-02 03:45 44544 C:\Windows\System32\rundll32.exe]
"NvCplDaemon"="RUNDLL32.exe" [2006-11-02 03:45 44544 C:\Windows\System32\rundll32.exe]
"NvMediaCenter"="RUNDLL32.exe" [2006-11-02 03:45 44544 C:\Windows\System32\rundll32.exe]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [ ]
"MSServer"="rundll32.exe" [2006-11-02 03:45 44544 C:\Windows\System32\rundll32.exe]
"Webroot Desktop Firewall"="C:\Program Files\Webroot\Desktop Firewall\WDF.exe" [2007-10-08 18:50 1713496]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 03:25 6731312]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"147fba20"="rundll32.exe" [2006-11-02 03:45 44544 C:\Windows\System32\rundll32.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\kyrdlvxl]
kyrdlvxl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\njjazjot]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-08-04 05:36 77824 C:\Program Files\Java\jre1.6.0\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6B76B961-7BC3-47C4-B12A-42CF381A1E0A}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{05F6F3EF-B25C-4001-8372-FE26E6D1B328}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{097692B9-4521-4D1A-9F3E-8E0F924DCDB0}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{F238082B-3978-480D-B122-CF2A1C1231A2}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{EC4CB1F7-839A-47B1-92C2-AA35BE42FAAD}"= Profile=Private|C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F2F7D238-DF77-4079-A556-C08F0586E30B}"= UDP:C:\Program Files\FrostWire\FrostWire.exe:LimeWire
"{37300804-B9B4-439A-A0CA-9CDEB22AF0BD}"= TCP:C:\Program Files\FrostWire\FrostWire.exe:LimeWire
"TCP Query User{16879A00-B9BE-4D90-8E49-91C647E6163F}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{307C3FEB-055E-4CFA-BBF4-D27993D9FB0D}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{B2747020-934E-4E22-BAA9-6C96C2CFB1C5}C:\\program files\\abc\\abc.exe"= UDP:C:\program files\abc\abc.exe:abc
"UDP Query User{67863545-1291-4954-9EC1-8EBC1C32CB5F}C:\\program files\\abc\\abc.exe"= TCP:C:\program files\abc\abc.exe:abc
"{CEA658B9-93F3-47D0-ABD3-A6A3128555FE}"= UDP:C:\Program Files\FrostWire\FrostWire.exe:LimeWire
"{1E73EE83-BC2C-4575-8BD6-AD2F20BCF657}"= TCP:C:\Program Files\FrostWire\FrostWire.exe:LimeWire
"{DDB79537-BE1B-49D8-9E35-865252F6818E}"= Disabled:UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{62DAD364-9054-4450-8B64-1E97F59A49D1}"= Disabled:TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C45F953C-C973-4D47-9B6F-8E3786D5C7A2}"= Disabled:UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{87A0D74F-F719-4D0B-9A9D-EDC91DA7E7E8}"= Disabled:TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{F661976B-6885-4C05-A300-E341FFF1CD27}"= Disabled:C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
R1 pwipf6;Privacyware Filter Driver;C:\Windows\system32\DRIVERS\pwipf6.sys [2007-10-08 18:51]
R2 WDFNet;Webroot Desktop Firewall network service;C:\Program Files\Webroot\Desktop Firewall\wdfsvc.exe [2007-10-08 18:50]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-28 10:44]
R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-16 17:50]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-01-03 09:43]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5fc493e8-d990-11dc-8567-806e6f6e6963}]
\shell\AutoRun\command - E:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dfb0175d-d91a-11dc-a103-001a73998301}]
\shell\AutoRun\command - G:\LaunchU3.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-03-20 22:43:50 C:\Windows\Tasks\wrSpySweeperTrialSweep.job"
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe&/ScheduleSweep=wrSpySweeperTrialSweep
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.ex
- C:\
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-03-21 17:34:50
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\wbem\WmiApSrv.exe
.
**************************************************************************
.
Completion time: 2008-03-21 17:38:39 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-21 23:38:30
.
2008-03-21 05:22:34 --- E O F ---
HijackThisLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:41:04 PM, on 21/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Webroot\Desktop Firewall\WDF.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.ca/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptopR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1AE26144-E2D5-4389-B327-4CE306BC77D2} - C:\Windows\system32\vtsts.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [QlbCtrl] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MSServer] "rundll32.exe" C:\Windows\system32\efcca.dll,#1
O4 - HKLM\..\Run: [Webroot Desktop Firewall] "C:\Program Files\Webroot\Desktop Firewall\WDF.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [147fba20] "rundll32.exe" "C:\Windows\system32\dwyicktb.dll",b
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) -
http://www.trendsecure.com/easy_install ... stallX.CABO20 - Winlogon Notify: kyrdlvxl - kyrdlvxl.dll (file missing)
O20 - Winlogon Notify: njjazjot - C:\Windows\
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
O23 - Service: Webroot Desktop Firewall network service (WDFNet) - Webroot Software, Inc. - C:\Program Files\Webroot\Desktop Firewall\wdfsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 7391 bytes