Possibly infected from my desktop in network

beachinmoney · 05-12-2009, 07:33 AM

Ried was helping me on my desktop issue and I am posting for my laptop to make sure that it didn't get the virus as well. I was not able to do the DDS test because this is a Vista 64 bit so I am pasting the RSIT instead, that is what bleepingcomputer..... said to do.... here it is:

Logfile of random's system information tool 1.06 (written by random/random)
Run by lkm's hdx at 2009-05-12 05:02:54
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 195 GB (67%) free of 293 GB
Total RAM: 4092 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:03:56 AM, on 5/12/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Desktop Icon Toy\DesktopIconToy.exe
C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Users\lkm's hdx\Documents\RSIT.exe
C:\Program Files (x86)\trend micro\lkm's hdx.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myyahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DesktopIconToy] C:\Program Files (x86)\Desktop Icon Toy\DesktopIconToy.exe
O4 - HKCU\..\Run: [AccelerometerSysTrayApplet] "C:\Windows\system32\AccelerometerSt.Exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {2F6CF361-71DB-4C0A-85DC-E4F891DD2360} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll (file missing)
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_86727c20\AESTSr64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
O23 - Service: Movielink Core Service - Blockbuster - C:\Program Files (x86)\Blockbuster\BLOCKBUSTERMovielink\MovielinkCore.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files (x86)\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files (x86)\SMINST\BLService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_86727c20\STacSV64.exe (file missing)
O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-20001 (WMSvc) - Unknown owner - C:\Windows\system32\inetsrv\wmsvc.exe (file missing)

--
End of file - 13649 bytes

======Scheduled tasks folder======

C:\Windows\tasks\HPCeeScheduleForlkm's hdx.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files (x86)\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL [2009-02-27 107896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll [2009-04-22 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-22 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-22 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Microsoft Live Search Toolbar Helper - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll [2008-08-28 86032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-04-25 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - Microsoft Live Search Toolbar - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll [2008-08-28 86032]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll [2009-04-22 259696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TVAgent"=C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe [2008-09-24 206120]
"UCam_Menu"=C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [2008-06-13 210216]
"UpdateLBPShortCut"=C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [2008-06-13 210216]
"UpdatePSTShortCut"=C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [2008-10-06 210216]
"DpAgent"=C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe [2008-07-14 814144]
"QlbCtrl.exe"=C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2008-08-01 202032]
"UpdateP2GoShortCut"=C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2008-06-13 210216]
"UpdatePDIRShortCut"=C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [2008-06-13 210216]
"SunJavaUpdateSched"=C:\Program Files (x86)\Java\jre6\bin\jusched.exe [2009-04-25 148888]
"HP Health Check Scheduler"=c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09 75008]
"hpWirelessAssistant"=C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2008-04-15 488752]
"HP Software Update"=C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"Google Quick Search Box"=C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe [2009-04-22 68592]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisor"=C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2008-09-17 972080]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 138240]
"DesktopIconToy"=C:\Program Files (x86)\Desktop Icon Toy\DesktopIconToy.exe [2009-04-06 450560]
"AccelerometerSysTrayApplet"=C:\Windows\system32\AccelerometerSt.Exe []
"PC Suite Tray"=C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-03-20 1312256]
"SUPERAntiSpyware"=C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-04-28 1830128]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"ForceActiveDesktopOn"=
"NoActiveDesktopChanges"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\BitTorrent\bittorrent.exe"="C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ed9eb9b-fd34-11dd-8b5a-00247e1be3de}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9368fc3f-3bc0-11de-8790-00247e1be3de}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com f:
shell\Open\command - resycled\boot.com f:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b88eccfd-0a02-11de-a83b-00247e1be3de}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\RECYCLER\S-4-3-63-100003974-100010432-100005228-9603.com k:\
shell\Open\command - F:\RECYCLER\S-4-3-63-100003974-100010432-100005228-9603.com k:\

======List of files/folders created in the last 1 months======

2009-05-12 05:02:55 ----D---- C:\Program Files (x86)\trend micro
2009-05-12 05:02:54 ----D---- C:\rsit
2009-05-09 00:36:59 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2009-05-08 22:58:54 ----D---- C:\Program Files (x86)\SUPERAntiSpyware
2009-05-08 22:58:53 ----D---- C:\Users\lkm's hdx\AppData\Roaming\SUPERAntiSpyware.com
2009-05-08 22:57:53 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2009-05-08 09:11:41 ----D---- C:\Program Files (x86)\Citrix
2009-05-08 04:31:05 ----D---- C:\Program Files (x86)\VS Revo Group
2009-05-06 11:30:57 ----D---- C:\Program Files (x86)\MultiStage Recovery
2009-05-04 01:58:44 ----D---- C:\Windows\pss
2009-04-30 04:52:58 ----D---- C:\Program Files (x86)\PDFCreator
2009-04-30 04:52:58 ----A---- C:\Windows\system32\MSMPIDE.DLL
2009-04-30 04:04:01 ----D---- C:\Program Files (x86)\Common Files\PCSuite
2009-04-30 04:03:58 ----D---- C:\Program Files (x86)\Common Files\Nokia
2009-04-30 04:01:45 ----D---- C:\Program Files (x86)\PC Connectivity Solution
2009-04-26 14:34:35 ----D---- C:\Users\lkm's hdx\AppData\Roaming\Broadlook Technologies
2009-04-26 14:34:03 ----A---- C:\Windows\system32\ODA323x.dll
2009-04-26 14:33:59 ----A---- C:\Windows\system32\axcws32.dll
2009-04-26 14:33:59 ----A---- C:\Windows\system32\adsloc32.dll
2009-04-26 14:33:59 ----A---- C:\Windows\system32\ace32.dll
2009-04-26 14:33:56 ----D---- C:\Program Files (x86)\Common Files\Broadlook Technologies
2009-04-26 14:33:56 ----D---- C:\Program Files (x86)\Broadlook Technologies
2009-04-25 17:30:02 ----A---- C:\Windows\system32\javaws.exe
2009-04-25 17:30:02 ----A---- C:\Windows\system32\deploytk.dll
2009-04-25 17:30:01 ----A---- C:\Windows\system32\javaw.exe
2009-04-25 17:30:01 ----A---- C:\Windows\system32\java.exe
2009-04-25 05

37 ----D---- C:\Users\lkm's hdx\AppData\Roaming\Malwarebytes
2009-04-25 05

30 ----D---- C:\ProgramData\Malwarebytes
2009-04-25 05

30 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2009-04-22 18:04:43 ----D---- C:\inetpub
2009-04-22 08:50:22 ----D---- C:\Users\lkm's hdx\AppData\Roaming\Google
2009-04-22 08:49:17 ----D---- C:\Program Files (x86)\Google
2009-04-19 05:00:45 ----D---- C:\Program Files (x86)\Zards software
2009-04-19 03:53:04 ----D---- C:\ProgramData\AVS4YOU
2009-04-19 03:53:03 ----D---- C:\Users\lkm's hdx\AppData\Roaming\AVS4YOU
2009-04-19 03:52:35 ----D---- C:\Program Files (x86)\Common Files\AVSMedia
2009-04-19 03:52:34 ----D---- C:\Program Files (x86)\AVS4YOU
2009-04-17 05:58:19 ----D---- C:\Program Files (x86)\Wondershare
2009-04-15 01:43:29 ----D---- C:\Users\lkm's hdx\AppData\Roaming\Download Manager
2009-04-14 15:20:15 ----A---- C:\Windows\system32\mshtml.dll
2009-04-14 15:20:13 ----A---- C:\Windows\system32\ieframe.dll
2009-04-14 15:20:12 ----A---- C:\Windows\system32\wininet.dll
2009-04-14 15:20:12 ----A---- C:\Windows\system32\urlmon.dll
2009-04-14 15:20:12 ----A---- C:\Windows\system32\msfeeds.dll
2009-04-14 15:20:12 ----A---- C:\Windows\system32\iertutil.dll
2009-04-14 15:20:12 ----A---- C:\Windows\system32\iedkcs32.dll
2009-04-14 15:20:11 ----A---- C:\Windows\system32\occache.dll
2009-04-14 15:20:11 ----A---- C:\Windows\system32\mstime.dll
2009-04-14 15:20:11 ----A---- C:\Windows\system32\jsproxy.dll
2009-04-14 15:20:11 ----A---- C:\Windows\system32\ieUnatt.exe
2009-04-14 15:20:11 ----A---- C:\Windows\system32\ieencode.dll
2009-04-14 15:20:11 ----A---- C:\Windows\system32\ieaksie.dll
2009-04-14 15:17:49 ----A---- C:\Windows\system32\winhttp.dll
2009-04-14 15:17:38 ----A---- C:\Windows\system32\secur32.dll
2009-04-14 15:17:38 ----A---- C:\Windows\system32\kernel32.dll
2009-04-14 15:17:37 ----A---- C:\Windows\system32\apilogen.dll
2009-04-14 15:17:37 ----A---- C:\Windows\system32\amxread.dll
2009-04-14 15:03:19 ----A---- C:\Windows\system32\sdohlp.dll
2009-04-14 15:03:19 ----A---- C:\Windows\system32\iasrecst.dll
2009-04-14 15:03:19 ----A---- C:\Windows\system32\iashost.exe
2009-04-14 15:03:19 ----A---- C:\Windows\system32\iasdatastore.dll
2009-04-14 15:03:19 ----A---- C:\Windows\system32\iasads.dll
2009-04-14 14:57:34 ----A---- C:\Windows\system32\xolehlp.dll
2009-04-14 14:57:34 ----A---- C:\Windows\system32\msdtcprx.dll
2009-04-13 16:24:42 ----D---- C:\Program Files (x86)\Foxit Software
2009-04-13 16:10:02 ----D---- C:\Program Files (x86)\BitTorrent
2009-04-13 16:08:38 ----D---- C:\Program Files (x86)\DNA

======List of files/folders modified in the last 1 months======

2009-05-12 05:02:55 ----RD---- C:\Program Files (x86)
2009-05-12 05:00:43 ----D---- C:\Windows\Temp
2009-05-12 04

13 ----D---- C:\Program Files (x86)\LogMeIn
2009-05-10 14:03:39 ----D---- C:\Windows\System32
2009-05-10 14:03:39 ----D---- C:\Windows\inf
2009-05-10 10:26:21 ----D---- C:\Windows\Prefetch
2009-05-09 22:34:17 ----D---- C:\Users\lkm's hdx\AppData\Roaming\Printer Info Cache
2009-05-09 22:34:17 ----D---- C:\Users\lkm's hdx\AppData\Roaming\Image Zone Express
2009-05-09 17:39:44 ----D---- C:\Program Files (x86)\Mozilla Firefox
2009-05-09 15:54:17 ----SHD---- C:\System Volume Information
2009-05-09 00:36:59 ----AHD---- C:\ProgramData
2009-05-08 22:59:06 ----SHD---- C:\Windows\Installer
2009-05-08 22:59:06 ----HD---- C:\Config.Msi
2009-05-08 22:57:53 ----D---- C:\Program Files (x86)\Common Files
2009-05-08 19:44:13 ----D---- C:\Windows\Tasks
2009-05-08 19:39:25 ----D---- C:\ProgramData\Adobe
2009-05-04 02:29:05 ----A---- C:\Windows\win.ini
2009-05-04 01:58:44 ----D---- C:\Windows
2009-04-30 04:53:00 ----D---- C:\Windows\SysWOW64
2009-04-30 04:21:25 ----SD---- C:\Users\lkm's hdx\AppData\Roaming\Microsoft
2009-04-30 04:21:25 ----D---- C:\Windows\ModemLogs
2009-04-30 03:57:41 ----D---- C:\Program Files (x86)\Nokia
2009-04-30 03:56:51 ----D---- C:\ProgramData\Installations
2009-04-30 03:01:48 ----D---- C:\ProgramData\Microsoft Help
2009-04-25 17:28:55 ----D---- C:\Program Files (x86)\Java
2009-04-25 05

34 ----D---- C:\Windows\system32\drivers
2009-04-25 03:03:27 ----D---- C:\Users\lkm's hdx\AppData\Roaming\Hewlett-Packard
2009-04-25 02:50:23 ----D---- C:\ProgramData\CyberLink
2009-04-25 02:48:19 ----D---- C:\Program Files (x86)\Hewlett-Packard
2009-04-24 21:18:03 ----D---- C:\SWSetup
2009-04-24 04:50:41 ----A---- C:\Users\lkm's hdx\AppData\Roaming\ispro4_0.tmp
2009-04-22 18:24:21 ----D---- C:\Windows\rescache
2009-04-22 18:14:53 ----RSD---- C:\Windows\assembly
2009-04-22 18:14:53 ----D---- C:\Windows\Microsoft.NET
2009-04-22 18:07:50 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-04-22 18:04:45 ----D---- C:\Windows\system32\migration
2009-04-22 18:04:45 ----D---- C:\Windows\system32\inetsrv
2009-04-22 18:04:45 ----D---- C:\Windows\system32\en-US
2009-04-22 18:04:04 ----D---- C:\Program Files (x86)\WinRAR
2009-04-22 15:07:25 ----RD---- C:\Users
2009-04-22 08:50:13 ----D---- C:\Windows\winsxs
2009-04-22 08:49:17 ----D---- C:\ProgramData\Google
2009-04-20 17:03:14 ----D---- C:\Users\lkm's hdx\AppData\Roaming\CyberLink
2009-04-20 16:42:33 ----SD---- C:\Windows\Downloaded Program Files
2009-04-20 16:42:28 ----D---- C:\Windows\Downloaded Installations
2009-04-20 04:16:09 ----D---- C:\ProgramData\NVIDIA
2009-04-20 03:35:45 ----D---- C:\Program Files (x86)\AVerMedia
2009-04-19 20:46:04 ----SD---- C:\ProgramData\Microsoft
2009-04-16 23:23:24 ----D---- C:\Users\lkm's hdx\AppData\Roaming\Adobe
2009-04-15 03:14:57 ----D---- C:\Windows\system32\manifeststore
2009-04-15 03:14:57 ----D---- C:\Windows\AppPatch
2009-04-15 03:14:57 ----D---- C:\Program Files (x86)\Internet Explorer
2009-04-15 03:14:56 ----D---- C:\Windows\system32\wbem
2009-04-15 03:14:56 ----D---- C:\Program Files (x86)\Windows Mail

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 BHDrvx64;Symantec Heuristics Driver; \??\C:\Windows\system32\drivers\NAVx64\1005000.086\BHDrvx64.sys []
R1 ccHP;Symantec Hash Provider; C:\Windows\System32\Drivers\NAVx64\1005000.086\ccHPx64.sys []
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2009-03-06 475696]
R1 IDSVia64;IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090508.002\IDSvia64.sys [2009-01-29 396848]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; \??\C:\Windows\system32\drivers\NAVx64\1005000.086\SRTSPX64.SYS []
R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys []
R1 SYMTDI;Symantec Network Dispatch Driver; C:\Windows\System32\Drivers\NAVx64\1005000.086\SYMTDI.SYS []
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/04/20 17:26:19]; \??\C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-10-21 146928]
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [2008-07-24 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\Windows\system32\drivers\LMIRfsDriver.sys []
R3 Accelerometer;HP Accelerometer; C:\Windows\system32\DRIVERS\Accelerometer.sys []
R3 AVerBDA6x_x64;AVerMedia SAA716x BDA Service; C:\Windows\system32\DRIVERS\AVerBDA716x_x64.sys []
R3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys []
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys []
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys []
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys []
R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys []
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys []
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys []
R3 enecir;ENE CIR Receiver; C:\Windows\system32\DRIVERS\enecir.sys []
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-03-06 131632]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys []
R3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 lmimirr;lmimirr; C:\Windows\system32\DRIVERS\lmimirr.sys []
R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090511.049\ENG64.SYS [2009-03-06 136752]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090511.049\EX64.SYS [2009-03-06 1461808]
R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\NETw5v64.sys []
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys []
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys []
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys []
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys []
R3 SRTSP;Symantec Real Time Storage Protection x64; C:\Windows\System32\Drivers\NAVx64\1005000.086\SRTSP64.SYS []
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt64.sys []
R3 StillCam;Still Serial Digital Camera Driver; C:\Windows\system32\DRIVERS\serscan.sys []
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS []
R3 SYMFW;Symantec Network Filter Driver; C:\Windows\System32\Drivers\NAVx64\1005000.086\SYMFW.SYS []
R3 SYMNDISV;Symantec Network Filter Driver; C:\Windows\System32\Drivers\NAVx64\1005000.086\SYMNDISV.SYS []
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys []
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys []
R3 vfs101a;vfs101a; C:\Windows\system32\drivers\vfs101a.sys []
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys []
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S1 SASDIFSV;SASDIFSV; \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [2009-04-28 9968]
S1 SASKUTIL;SASKUTIL; \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys [2009-04-28 72944]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys []
S3 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys []
S3 NETw3v64;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\NETw3v64.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2009-04-28 7408]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys []
S3 SYMDNS;SYMDNS; \??\C:\Windows\system32\drivers\NAVx64\1002000.007\SYMDNS.SYS []
S3 SYMREDRV;SYMREDRV; \??\C:\Windows\system32\drivers\NAVx64\1002000.007\SYMREDRV.SYS []
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys []
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x64.sys []
S4 LMIRfsClientNP;LMIRfsClientNP; C:\Windows\system32\drivers\LMIRfsClientNP.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6; C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_86727c20\AESTSr64.exe []
R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 DpHost;@C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe,-128; C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe [2008-07-14 322624]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-10-09 94208]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe []
R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [2008-10-16 120128]
R2 LogMeIn;LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [2008-07-24 57920]
R2 Movielink Core Service;Movielink Core Service; C:\Program Files (x86)\Blockbuster\BLOCKBUSTERMovielink\MovielinkCore.exe [2008-12-09 1867208]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R2 Norton AntiVirus;Norton AntiVirus; C:\Program Files (x86)\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe [2009-02-27 115560]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R2 Recovery Service for Windows;Recovery Service for Windows; C:\Program Files (x86)\SMINST\BLService.exe [2008-10-06 365952]
R2 simptcp;@%SystemRoot%\system32\simptcp.dll,-200; C:\Windows\System32\tcpsvcs.exe [2006-11-02 9728]
R2 SQLBrowser;SQL Server Browser; c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-25 153952]
R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_86727c20\STacSV64.exe []
R2 TVCapSvc;TV Background Capture Service (TVBCS); C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2008-09-24 296320]
R2 TVSched;TV Task Scheduler (TVTS); C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-09-24 116096]
R2 vfsFPService;Validity Fingerprint Service; C:\Windows\system32\vfsFPService.exe [2008-09-16 599344]
R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R3 hpqwmiex;hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2008-05-01 165192]
R3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2009-03-04 621056]
R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2008-01-20 21504]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-07-27 93184]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-02-18 654848]
S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe [2008-05-05 165416]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-22 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-20 19968]
S3 WMSvc;@%windir%\system32\inetsrv\iisres.dll,-20001; C:\Windows\system32\inetsrv\wmsvc.exe []
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]

-----------------EOF-----------------

Okay, I think I did that right, I got a little confused by the difference in names by the time I went to compress and attach, that is DDA and RSI... ????

Ried · 05-12-2009, 10:03 PM

Hi beachinmoney,

64 bit systems are much more difficult to infect. Everything looks good except those same mountpoints keys the other had. Understand that this is not an active infection.

Open notepad and copy/paste the entire text in the quote box below: (don't forget to copy and paste REGEDIT4)

Quote:

REGEDIT4

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9368fc3f-3bc0-11de-8790-00247e1be3de}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b88eccfd-0a02-11de-a83b-00247e1be3de}]

Save the file as "delete.reg". Make sure to save it with the quotes. Choose to "Save type as - All Files"
It should look like this:

Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.

That's it.

beachinmoney · 05-12-2009, 10:08 PM

Yeah, I'll do that first thing tomorrow. Thanks again! I'm gonna check out the other thread and then get on out of here

Ried · 05-12-2009, 10:18 PM

I haven't gotten to your other one yet. LOL

05-12-2009, 10:08 PM	#3 (permalink)
beachinmoney Registered User Join Date: May 2009 Posts: 109 OS: Vista Home Premium	Re: Possibly infected from my desktop in network Yeah, I'll do that first thing tomorrow. Thanks again! I'm gonna check out the other thread and then get on out of here

05-12-2009, 10:18 PM	#4 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 27,035 OS: WinXP and Vista	Re: Possibly infected from my desktop in network I haven't gotten to your other one yet. LOL __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."