Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help
Wondering Wondering
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

HijackThis Log Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help.

Reply
 
Thread Tools
Old 03-17-2008, 09:31 AM   #1 (permalink)
Registered User
 
Join Date: Mar 2008
Posts: 4
OS: Vista SP1 Beta


Wondering
I notice that since ive had vista and to this day which would have been around 4months with my laptop. that there is tons keyword TONS of processes in the task manager than when i first got it its kinda ridiculious.

So im just wondering if you guys notice too many things open or some things that shouldent be there.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:20:16 PM, on 17/03/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\WindowsMobile\wmdSync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Launchy\Launchy.exe
C:\WINDOWS\System32\rundll32.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Brandon Newman\Documents\My Completed Downloads\zasuiteSetup_en.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: e404 helper - {ACD587E9-0E47-4CBE-ABCD-7DD20B86F310} - C:\Program Files\s300\s300_1203829546.dll (file missing)
O2 - BHO: WebManager Class - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - C:\Program Files\BitRoll\TorrentManager.dll
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [tempreg] regsvr32 /s "C:\Program Files\s300\s300_1203829546.dll"
O4 - HKLM\..\Run: [iolo Startup] "C:\Program Files\iolo\Common\Lib\ioloLManager.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [DDKL] C:\Program Files\KeyLog\msdtsf.exe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [Mpeg tool] "C:\ProgramData\vga comp comp.fjb8ed"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: qommjkl - qommjkl.dll (file missing)
O23 - Service: a-squared Command Line Scanner Service (a2Cmd) - Unknown owner - C:\Users\Brandon Newman\Desktop\SDFix\a2service.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: dlbt_device - - C:\Windows\system32\dlbtcoms.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NMSAccessU - Unknown owner - C:\Users\Brandon Newman\AppData\Local\Temp\{A4BFAD6D-3881-4A93-9912-FEDC3A8990FA}\NMSAccessU.exe (file missing)
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\Windows\system32\perfs.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\Windows\system32\routing.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 11921 bytes
Last edited by Ried : 03-17-2008 at 09:43 AM. Reason: removed code tags for easier review
Brandontn is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 03-17-2008, 09:48 AM   #2 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 18,676
OS: WinXP and Win98se


Re: Wondering
Hello Brandontn,

I do see a remnant of an infection--did you disable your UAC? If so, please re-enable it.

We prefer a more comprehensive set of logs to assist in detecting any malware that may be present. As noted in the final step (Step 5) of our sticky topic IMPORTANT - Read This Before Posting A Log, download Deckard's System Scanner (DSS) to your Desktop.

What DSS will do:
  • create a new System Restore point in Windows XP and Vista.
  • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
  • check some important areas of your system and produce a report for your analyst to review.
  • DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your next reply.
  5. Please attach extra.txt to your post.
To attach a file to a new post, simply
  1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
  2. copy and paste the following into the "Upload File from your Computer" box:
    C:\Deckard\System Scanner\extra.txt
  3. Click Upload.

Please include the following in your next reply:

main.txt
an attached extra.txt

**Please note this section of the forum is very busy, so please familiarize yourself with the Bumping Rules also found in Step 5 of our sticky topic mentioned above. One of our Analysts will review your log as soon as possible.
__________________

Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Keep this site free for all. Please consider, donating

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 03-17-2008, 02:08 PM   #3 (permalink)
Registered User
 
Join Date: Mar 2008
Posts: 4
OS: Vista SP1 Beta


Re: Wondering
lol i knew i should have read to step five not to 4. I was wondering why the hijack file dident look all the other ones i seen.

EDIT: Forgot to post in the main lol
Deckard's System Scanner v20071014.68
Run by Brandon Newman on 2008-03-17 15:15:33
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
10: 2008-03-17 17:23:13 UTC - RP303 - Windows Update
9: 2008-03-17 16:54:30 UTC - RP302 - Removed QuickTime
8: 2008-03-17 16:36:50 UTC - RP301 - Removed BitDefender Antivirus 2008
7: 2008-03-17 16:31:44 UTC - RP300 - Removed DESlock+ Gadget
6: 2008-03-17 16:23:29 UTC - RP299 - Removed Dual-Core Optimizer.


-- First Restore Point --
1: 2008-03-17 03:46:56 UTC - RP294 - Windows Vista Service Pack 1


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 76% (more than 75%).
Total Physical Memory: 894 MiB (1024 MiB recommended).


-- HijackThis (run as Brandon Newman.exe) --------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:23:55 PM, on 17/03/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\WindowsMobile\wmdSync.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Launchy\Launchy.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\conime.exe
C:\Program Files\DAP\DAP.EXE
C:\Users\Brandon Newman\Documents\My Completed Downloads\dss.exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Brandon Newman.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: e404 helper - {ACD587E9-0E47-4CBE-ABCD-7DD20B86F310} - C:\Program Files\s300\s300_1203829546.dll (file missing)
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [tempreg] regsvr32 /s "C:\Program Files\s300\s300_1203829546.dll"
O4 - HKLM\..\Run: [iolo Startup] "C:\Program Files\iolo\Common\Lib\ioloLManager.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [DDKL] C:\Program Files\KeyLog\msdtsf.exe
O4 - HKLM\..\Run: [Mpeg tool] "C:\ProgramData\vga comp comp.yh5ndf"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: qommjkl - qommjkl.dll (file missing)
O23 - Service: a-squared Command Line Scanner Service (a2Cmd) - Unknown owner - C:\Users\Brandon Newman\Desktop\SDFix\a2service.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: dlbt_device - - C:\Windows\system32\dlbtcoms.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Users\Brandon Newman\AppData\Local\Temp\{A4BFAD6D-3881-4A93-9912-FEDC3A8990FA}\NMSAccessU.exe (file missing)
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\Windows\system32\perfs.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\Windows\system32\routing.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\System32\ZoneLabs\vsmon.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 11085 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - "regedit.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 ElRawDisk - \??\c:\windows\system32\drivers\elrawdsk.sys
R1 FileDisk - c:\windows\system32\drivers\filedisk.sys <Not Verified; iolo technologies, LLC (based on original work by Bo Brantén); filedisk (based on original work by Bo Brantén)>
R2 io.sys (IO.DLL Driver) - \??\c:\windows\system32\drivers\io.sys
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R3 NVR0Dev - \??\c:\windows\nvoclock.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 CLCapSvc (CyberLink Background Capture Service (CBCS)) - "c:\program files\hp\quickplay\kernel\tv\clcapsvc.exe" <Not Verified; ; CLCapSvc Module>
R2 CLSched (CyberLink Task Scheduler (CTS)) - "c:\program files\hp\quickplay\kernel\tv\clsched.exe" <Not Verified; ; CLSched Module>
R2 HP Health Check Service - "c:\program files\hewlett-packard\hp health check\hphc_service.exe" <Not Verified; Hewlett-Packard; HP Health Check Service>
R2 nTuneService (nTune Service) - c:\program files\nvidia corporation\ntune\ntuneservice.exe /startservice <Not Verified; NVIDIA; NVIDIA nTune>
R2 perfmons (perfmons Service) - c:\windows\system32\perfs.exe
R2 Routing (Routing Service) - c:\windows\system32\routing.exe

S2 a2Cmd (a-squared Command Line Scanner Service) - "c:\users\brandon newman\desktop\sdfix\a2service.exe" (file missing)
S2 NMSAccessU - c:\users\brandon newman\appdata\local\temp\{a4bfad6d-3881-4a93-9912-fedc3a8990fa}\nmsaccessu.exe (file missing)
S3 Com4Qlb - "c:\program files\hewlett-packard\hp quick launch buttons\com4qlb.exe" <Not Verified; Hewlett-Packard Development Company, L.P.; HP Quick Launch Buttons>
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-03-17 01:24:07 436 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{E906DE1B-B6E5-45E1-80E2-733985F28528}.job
2008-02-16 21:26:13 258 --a------ C:\Windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job


-- Files created between 2008-02-17 and 2008-03-17 -----------------------------

2008-03-17 14:35:17 0 d-------- C:\Program Files\LSoft Technologies
2008-03-17 14:19:52 0 d-------- C:\Program Files\Data Doctor Recovery Pen Drive (Demo)
2008-03-17 13:57:11 1849376 --ahs---- C:\Windows\system32\drivers\fidbox.dat
2008-03-17 13:49:50 0 d-------- C:\Users\All Users\BitDefender
2008-03-17 13:24:51 0 d-------- C:\Users\All Users\CheckPoint
2008-03-17 13:21:24 0 d-------- C:\Windows\system32\ZoneLabs
2008-03-17 13:20:33 0 d-------- C:\Windows\Internet Logs
2008-03-17 13:18:34 0 d-------- C:\Program Files\Trend Micro
2008-03-17 13:15:58 0 d-------- C:\Program Files\SpywareBlaster
2008-03-17 13:04:04 211 --a------ C:\Windows\system32\adcklog.dat
2008-03-17 03:36:29 0 d-------- C:\swsetup
2008-03-17 03:28:57 0 d-------- C:\Program Files\SystemRequirementsLab
2008-03-17 03:24:23 0 d-------- C:\NVIDIA
2008-03-17 01:37:09 152576 --a------ C:\Windows\system32\SPWizUI.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-03-17 00:46:36 0 d-------- C:\6f7c5428da5fac97dafb5f2386d1b92b
2008-03-16 17:42:23 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-16 17:40:41 0 d-------- C:\Users\All Users\WLInstaller
2008-03-14 17:15:24 0 d-------- C:\Windows\wt
2008-03-14 12:22:01 120176 --a------ C:\Windows\system32\GDIPFONTCACHEV1.DAT
2008-03-14 02:33:11 0 d-------- C:\Program Files\Playtonium Jigsaw Animals of Africa
2008-03-14 02:30:51 0 d-------- C:\Program Files\Garfield Goes to Pieces
2008-03-14 02:30:04 0 d-------- C:\Program Files\ReflexiveArcade
2008-03-13 23:24:35 0 d-------- C:\Users\All Users\Memo Drive Vc Log
2008-03-13 23:24:09 0 d-------- C:\Program Files\cool tray more
2008-03-13 23:21:23 0 d-------- C:\Users\All Users\cool tray more
2008-03-13 23:20:41 0 d-------- C:\Program Files\BitRoll
2008-03-11 18:57:03 0 d-------- C:\Program Files\BitDefender
2008-03-11 18:46:41 0 d-------- C:\Program Files\Common Files\BitDefender
2008-03-06 14:12:20 12800 --a------ C:\Windows\system32\drivers\elrawdsk.sys <Not Verified; EldoS Corporation; RawDisk>
2008-03-06 14:11:34 12800 --a------ C:\Windows\system32\elrawdsk.sys <Not Verified; EldoS Corporation; RawDisk>
2008-03-06 14:11:29 9341 --a------ C:\Windows\system32\drivers\filedisk.sys <Not Verified; iolo technologies, LLC (based on original work by Bo Brantén); filedisk (based on original work by Bo Brantén)>
2008-03-06 14:11:11 24064 --a------ C:\Windows\system32\smrgdf.exe
2008-03-06 14:11:11 32768 --a------ C:\Windows\system32\iolobtdfg.exe
2008-03-06 14:11:05 0 d-------- C:\Program Files\iolo
2008-03-06 14:08:03 74703 --a------ C:\Windows\system32\mfc45.dll
2008-03-06 1456 32256 --a------ C:\Windows\system32\routing.exe
2008-03-06 1455 40 --a------ C:\Windows\system32\drmgs.sys
2008-03-06 1440 276480 --a------ C:\Windows\system32\andt.sys
2008-03-06 14:04:00 0 d-------- C:\Users\All Users\iolo
2008-03-06 00:02:12 53248 --a------ C:\Windows\system32\ciaXPRegSvr20.dll <Not Verified; CIA, The Company; ciaXPRegSvr20>
2008-03-06 00:02:02 200704 --a------ C:\Windows\system32\ciaSCls20.dll <Not Verified; CIA, The company; CIA Subclassing>
2008-03-06 00:02:01 692224 --a------ C:\Windows\system32\ciaResSvr20.dll <Not Verified; CIA, The Company; ciaResSvr20>
2008-03-06 00:01:56 352256 --a------ C:\Windows\system32\ijl15.dll <Not Verified; Intel Corporation; Intel® JPEG Library>
2008-03-06 00:01:54 278528 --a------ C:\Windows\system32\duzactx.dll <Not Verified; Inner Media, Inc.; DynaZip-32 UnZip ActiveX Control>
2008-03-06 00:01:37 4800512 --a------ C:\Windows\sspro.exe <Not Verified; ; SSPro>
2008-03-06 00:01:36 131072 --a------ C:\Windows\winfsysrn.dll
2008-03-06 00:01:34 434176 --a------ C:\Windows\rundys32.exe <Not Verified; Systems Integration 2; System Utilities>
2008-03-06 00:01:30 753664 --a------ C:\Windows\sprscore.exe <Not Verified; Systems Integration 2; System Utilities>
2008-03-06 00:01:30 0 --a------ C:\Windows\spr32snl.dll
2008-03-06 00:01:30 0 --a------ C:\Windows\iopb32ul.dll
2008-03-06 00:01:30 0 --a------ C:\Windows\iopa32ul.dll
2008-03-06 00:01:30 2559 --a------ C:\Windows\dep32ceg.dll
2008-03-06 00:01:28 0 d-------- C:\Windows\fontvect
2008-03-02 18:59:17 0 d--h----- C:\Windows\system32\winnt
2008-03-01 14:49:34 0 d-------- C:\Program Files\Aurora Digital Imaging
2008-03-01 14:15:56 0 d-------- C:\Program Files\Common Files\Steam
2008-02-28 22:05:59 0 d-------- C:\Program Files\illiminable
2008-02-27 01:05:03 0 d-------- C:\Users\All Users\Zone.com Deluxe Games
2008-02-27 00:58:40 0 d-------- C:\Program Files\Zone.com Deluxe Games
2008-02-25 23:33:20 35 --a------ C:\Windows\popcinfo.dat
2008-02-25 10:31:36 1409 --a------ C:\Windows\mozver.dat
2008-02-24 02:22:04 4096 --a------ C:\Windows\d3dx.dat
2008-02-23 09:37:41 0 d-------- C:\Program Files\Tag Support Plugin for Media Player
2008-02-22 07:24:52 0 d-------- C:\Program Files\iPod
2008-02-22 07:24:05 0 d-------- C:\Program Files\iTunes
2008-02-21 11:39:48 81984 --a------ C:\Windows\system32\bdod.bin
2008-02-20 22:07:51 0 d-------- C:\Users\All Users\FLEXnet
2008-02-20 21:46:38 0 d-------- C:\Program Files\Bonjour
2008-02-20 21:33:23 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-02-20 15:18:55 1671680 --a------ C:\Windows\system32\HSEngine.dll <Not Verified; zwei; eJay_DLL>
2008-02-20 15:18:55 303104 --a------ C:\Windows\system32\FXStudioDLL.dll
2008-02-20 15:18:55 2152448 --a------ C:\Windows\system32\eJ_Autor.dll <Not Verified; eJay Entertainment GmbH; eJ_Autor>
2008-02-20 15:18:54 131072 --a------ C:\Windows\system32\RapBoxDSP.dll
2008-02-20 15:18:54 126976 --a------ C:\Windows\system32\NewWaveAnzeige.dll
2008-02-20 15:18:54 235532 --a------ C:\Windows\system32\loadimage.dll
2008-02-20 15:18:54 45056 --a------ C:\Windows\system32\fader.dll
2008-02-20 15:18:54 81920 --a------ C:\Windows\system32\eJ_Tool.dll
2008-02-20 15:18:53 32768 --a------ C:\Windows\system32\WndRgn.dll
2008-02-20 15:18:53 360448 --a------ C:\Windows\system32\pxd32d5.dll
2008-02-20 15:18:53 307200 --a------ C:\Windows\system32\fxstudio.dll
2008-02-20 15:18:53 75976 --a------ C:\Windows\system32\Bassdec.dll
2008-02-20 14:01:55 0 d-------- C:\Program Files\Microsoft SQL Server
2008-02-20 13:54:11 0 d-------- C:\Program Files\Microsoft Web Designer Tools
2008-02-20 01:52:30 4136 --a------ C:\Windows\system32\tmp.reg
2008-02-19 22:26:31 0 d-------- C:\Users\Brandon Newman\Music


-- Find3M Report ---------------------------------------------------------------

2008-03-17 15:21:47 0 d-------- C:\Users\Brandon Newman\AppData\Roaming\Launchy
2008-03-17 14:00:37 0 d-------- C:\Users\Brandon Newman\AppData\Roaming\BitDefender
2008-03-17 14:00:19 13448 --a------ C:\Users\Brandon Newman\AppData\Roaming\nvModes.001
2008-03-17 13:55:47 12 --a------ C:\Windows\bthservsdp.dat
2008-03-17 13:35:35 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-17 13:34:31 0 d-------- C:\Program Files\UseNeXT
2008-03-17 13:11:53 13448 --a------ C:\Users\Brandon Newman\AppData\Roaming\nvModes.dat
2008-03-17 03:28:58 0 d-------- C:\Users\Brandon Newman\AppData\Roaming\SystemRequirementsLab
2008-03-17 02:33:48 174 --ahs---- C:\Program Files\desktop.ini
2008-03-17 02:23:16 0 d-------- C:\Program Files\Windows Sidebar
2008-03-17 02:23:16 0 d-------- C:\Program Files\Windows Mail
2008-03-17 02:23:16 0 d-------- C:\Program Files\Windows Calendar
2008-03-17 02:23:16 0 d-------- C:\Program Files\Movie Maker
2008-03-17 02:23:15 0 d-------- C:\Program Files\Windows Photo Gallery
2008-03-17 02:23:15 0 d-------- C:\Program Files\Windows Collaboration
2008-03-17 02:23:14 0 d-------- C:\Program Files\Windows Defender
2008-03-16 18:17:55 0 d-------- C:\Users\Brandon Newman\AppData\Roaming\LimeWire
2008-03-16 17:42:23 0 d-------- C:\Program Files\Common Files
2008-03-16 17:41:58 0 d-------- C:\Program Files\Windows Live
2008-03-14 17:16:17 0 d-------- C:\Program Files\WildTangent
2008-03-11 20:43:00 0 d-------- C:\Program Files\Microsoft DirectX SDK (August 2007)
2008-03-09 22:43:52 0 d-------- C:\Program Files\BitComet
2008-03-06 15:54:32 0 d-------- C:\Users\Brandon Newman\AppData\Roaming\PE Explorer
2008-03-06 15:43:02 0 d-------- C:\Users\Brandon Newman\AppData\Roaming\iolo
2008-03-03 23:12:18 0 d-------- C:\Users\Brandon Newman\AppData\Roaming\UseNeXT
2008-03-02 19:54:57 0 d-------- C:\Users\Brandon Newman\AppData\Roaming\GrabIt
2008-02-29 00:28:15 0 d-------- C:\Program Files\Image-Line
2008-02-27 1341 0 d-------- C:\Program Files\Hewlett-Packard
2008-02-27 13:02:17 0 d-------- C:\Users\Brandon Newman\AppData\Roaming\Hewlett-Packard
2008-02-27 01:05:03 0 d-------- C:\Users\Brandon Newman\AppData\Roaming\Zone.com Deluxe Games
2008-02-24 02:01:51 0 d-------- C:\Users\Brandon Newman\AppData\Roaming\Adobe
2008-02-22 12:34:20 0 d-------- C:\Program Files\LimeWire
2008-02-22 07:20:55 0 d-------- C:\Program Files\QuickTime
2008-02-21 11:12:08 0 d-------- C:\Program Files\Java
2008-02-20 21:46:32 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-20 14:42:22 0 d-------- C:\Program Files\MediaMonkey
2008-02-20 13:58:05 0 d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-02-20 02:48:03 0 d-------- C:\Program Files\Yahoo!
2008-02-20 02:42:49 0 d-------- C:\Program Files\Microsoft Games
2008-02-16 14:13:11 0 d-------- C:\Program Files\Dot1XCfg
2008-02-14 21:37:35 0 d-------- C:\Users\Brandon Newman\AppData\Roaming\EasyJob Resume Builder
2008-02-14 21:37:30 0 d-------- C:\Program Files\Xvid
2008-02-14 21:37:29 0 d-------- C:\Program Files\EasyJob Resume Builder
2008-02-14 21:37:28 0 d-------- C:\Program Files\ACSPMonitor
2008-02-10 22:52:32 0 d-------- C:\Program Files\PopCap Games
2008-02-10 18:52:02 0 d-------- C:\Program Files\Stardock
2008-02-06 14:02:37 152 -r-hs---- C:\Windows\system32\C1BC780447.dll
2008-02-03 19:26:23 0 d-------- C:\Program Files\OppenGL
2008-01-31 16:42:33 0 d-------- C:\Program Files\The Game Creators
2008-01-31 16:42:29 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-30 15:35:31 0 d-------- C:\Users\Brandon Newman\AppData\Roaming\App Launcher Gadget
2008-01-30 04:52:41 0 d-------- C:\Program Files\GameTutorials, LLC
2008-01-30 03:23:43 0 d-------- C:\Program Files\Common Files\Merge Modules
2008-01-30 03:18:35 0 d-------- C:\Program Files\Microsoft SDKs
2008-01-30 02:13:24 0 d-------- C:\Program Files\BitLord2
2008-01-30 02:12:23 0 d-------- C:\Users\Brandon Newman\AppData\Roaming\NewsBin
2008-01-30 02:11:31 0 d-------- C:\Users\Brandon Newman\AppData\Roaming\Dev-Cpp
2008-01-28 14:38:11 0 d-------- C:\Program Files\Microsoft Works
2008-01-28 14:37:41 0 d-------- C:\Program Files\MSBuild
2008-01-28 14:34:57 0 d-------- C:\Program Files\Microsoft.NET
2008-01-28 14:31:11 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-01-24 23:08:26 0 d-------- C:\Program Files\Shareaza Applications
2008-01-23 23:37:31 0 d-------- C:\Program Files\RegCure
2008-01-23 21:53:46 0 d-------- C:\Program Files\Common Files\muvee Technologies
2008-01-23 19:29:17 0 d-------- C:\Program Files\NVIDIA Corporation
2008-01-23 19:27:34 0 d-------- C:\Program Files\NVIDIA nTune Performance Application
2008-01-01 23:24:51 37888 --a------ C:\Windows\system32\ZLIB.DLL <Not Verified; ; ZLib.DLL>
2008-01-01 23:24:51 46592 --a------ C:\Windows\system32\io.dll
2007-12-19 14:15:48 43520 --a------ C:\Windows\system32\CmdLineExt03.dll
2007-12-19 1437 21840 --a-----t C:\Windows\system32\SIntfNT.dll
2007-12-19 1437 17212 --a-----t C:\Windows\system32\SIntf32.dll
2007-12-19 1436 12067 --a-----t C:\Windows\system32\SIntf16.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ACD587E9-0E47-4CBE-ABCD-7DD20B86F310}]
C:\Program Files\s300\s300_1203829546.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" []
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [10/01/2007 08:12 PM]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [28/03/2007 09:45 PM]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [13/02/2007 03:38 PM]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [01/03/2007 05:18 PM]
"HP Health Check Scheduler"="[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" []
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [15/09/2007 03:29 AM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [24/08/2007 08:00 AM]
"tempreg"="regsvr32 /s C:\Program Files\s300\s300_1203829546.dll" []
"iolo Startup"="C:\Program Files\iolo\Common\Lib\ioloLManager.exe" [04/03/2008 03:17 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [18/01/2008 11:38 PM]
"DDKL"="C:\Program Files\KeyLog\msdtsf.exe" []
"Mpeg tool"="C:\ProgramData\vga comp comp.182gxpj" [17/03/2008 03:28 PM]
"Windows Mobile-based device management"="%windir%\WindowsMobile\wmdSync.exe" []
"NvSvc"="C:\Windows\system32\nvsvc.dll" [28/02/2007 03:26 PM]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [28/02/2007 03:26 PM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [28/02/2007 03:26 PM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [09/01/2008 03:31 AM]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [16/02/2008 05:45 PM]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [09/10/2007 03:46 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [18/01/2008 11:33 PM]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [04/09/2007 08:25 PM]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [18/01/2008 11:33 PM]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [01/03/2007 12:06 AM]
"Speech Recognition"="C:\Windows\Speech\Common\sapisvr.exe" [18/01/2008 11:33 PM]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 11:34 AM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [18/01/2008 11:33 PM]

C:\Users\Brandon Newman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Launchy.lnk - C:\Program Files\Launchy\Launchy.exe [10/22/2007 10:31:55 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableUIADesktopToggle"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qommjkl]
qommjkl.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\08704888]
rundll32.exe "C:\Users\BRANDO~1\AppData\Local\Temp\tikjynmr.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt]
C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmds]
rundll32.exe C:\Users\BRANDO~1\AppData\Local\Temp\fccbx.dll,c

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLBTCATS]
rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MS Juan]
rundll32 "C:\Users\BRANDO~1\AppData\Local\Temp\ckvotjcv.dll",run

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]
rundll32.exe C:\Users\BRANDO~1\AppData\Local\Temp\qomli.dll,#1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
WindowsMobile wcescomm rapimgr
LocalServiceRestricted WcesComm RapiMgr
bthsvcs BthServ
bdx scan


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1bb944a2-db3d-11dc-b65e-001b247f3d72}]
AutoRun\command- G:\LaunchU3.exe -a

*Newly Created Service* - KLIF

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8BE50E34-6513-6818-29FD-9A979288F760}]
C:\Windows\system32\winnt\csrss.exe s



-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.181.365soft.info
127.0.0.1 181.365soft.info
127.0.0.1 www.24.365soft.info
127.0.0.1 24.365soft.info
127.0.0.1 www.24-7pharmacy.info
127.0.0.1 24-7pharmacy.info
127.0.0.1 365soft.info
127.0.0.1 www.3bay.it
127.0.0.1 3bay.it
127.0.0.1 www.5iscali.it

1 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-03-17 15:33:20 ------------


Anyways here it is.
Attached Files
File Type: txt main.txt (34.6 KB, 1 views)
File Type: txt extra.txt (25.4 KB, 2 views)
Last edited by Ried : 03-17-2008 at 02:59 PM. Reason: removed code--too difficult to review like that
Brandontn is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 03-17-2008, 06:00 PM   #4 (permalink)
Registered User
 
Join Date: Mar 2008
Posts: 4
OS: Vista SP1 Beta


Re: Wondering
.......................bump.......................
Brandontn is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 03-17-2008, 08:13 PM   #5 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 18,676
OS: WinXP and Win98se


Re: Wondering
Quote:
Originally Posted by Ried
**Please note this section of the forum is very busy, so please familiarize yourself with the Bumping Rules also found in Step 5 of our sticky topic mentioned above. One of our Analysts will review your log as soon as possible.
__________________

Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Keep this site free for all. Please consider, donating

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 03-27-2008, 12:47 PM   #6 (permalink)
Registered User
 
Join Date: Mar 2008
Posts: 4
OS: Vista SP1 Beta


Re: Wondering
Its been a week. since the last time i posted and my computer has slowed quite a bit. and was wdonering if you guys noticed anything or could help me out. i did all the scans in the "guide before posting" post and it has detected a couple things but nothin serious and there all cleaned out now.

Just wondering if you guys could take a look again I believe one guy said I had Traces of viruses.

Also I have this problem iexplorer.exe is open in the task manager and when i close it another process open called CLOSET~1.exe and i believe that opens it up again this is a resource hog. I searched google for solutions but cannot find any.

Thanks
Brandontn is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 03-27-2008, 06:32 PM   #7 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 18,676
OS: WinXP and Win98se


Re: Wondering
Hello Brandontn.

My apologies for the delay. Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/comb...o-use-combofix

Link 1
Link 2
Link 3


**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Click the round Windows Logo button in the lower left corner-> Control Panel-> Programs-> Uninstall a program

Uninstall the following:

CiD Help <---This program is responsible for one of the infections I see on this system, Lop.

**Ignore any prompts to reboot.

--------------------------------------------------------------------

Right-click HijackThis.exe and select Run as Administrator.

Click on 'Do a System Scan Only'. 'Check' the following entries:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: e404 helper - {ACD587E9-0E47-4CBE-ABCD-7DD20B86F310} - C:\Program Files\s300\s300_1203829546.dll (file missing)
O4 - HKLM\..\Run: [tempreg] regsvr32 /s "C:\Program Files\s300\s300_1203829546.dll"
O4 - HKLM\..\Run: [DDKL] C:\Program Files\KeyLog\msdtsf.exe
O20 - Winlogon Notify: qommjkl - qommjkl.dll (file missing)


Click 'Fix Checked' and close HijackThis.

--------------------------------------------------------------------

Right-click on combofix.exe>Run as Administrator & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log for further review as there will be more to do.
__________________

Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Keep this site free for all. Please consider, donating

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 02:54 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2008, Tech Support Forum

Search Engine Friendly URLs by vBSEO

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80