1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

gampass

Discussion in 'Malware and Virus Removal Archive' started by saians, 2008/07/26.

  1. 2008/07/26
    saians

    saians Inactive Thread Starter

    Joined:
    2008/07/26
    Messages:
    1
    Likes Received:
    0
    Deckard's System Scanner v20071014.68
    Run by SE on 2008-07-27 01:38:04
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    Backed up registry hives.
    Performed disk cleanup.



    -- HijackThis Clone ------------------------------------------------------------


    Emulating logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2008-07-27 01:40:29
    Platform: Windows Vista Service Pack 1 (6.00.6001)
    MSIE: Internet Explorer (7.00.6000.16386)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\taskeng.exe
    C:\Windows\System32\dwm.exe
    C:\Windows\explorer.exe
    C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Hp\QuickPlay\QPService.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\System32\wbem\unsecapp.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\System32\conime.exe
    C:\Users\SE\Desktop\dss.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=es_es&c=81&bd=Pavilion&pf=laptop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=es_es&c=81&bd=Pavilion&pf=laptop
    O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe "
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
    O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0 "
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe "
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
    O4 - Global Startup: Inicio rápido de Adobe Acrobat.lnk = ?
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O8 - Extra context menu item: &AOL Toolbar Buscar - c:\program files\aol\aol toolbar 5.0\resources\es-es\local\search.html
    O8 - Extra context menu item: Anexar a PDF existente - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir a Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir destino de vínculo a PDF existente - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir destino de vínculo en archivo Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir selección a Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir selección a archivo PDF existente - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir vínculos seleccionados a Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convertir vínculos seleccionados a PDF existente - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Enviar imagen al dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Enviar página al dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
    O9 - Extra button: (no name) - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
    O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll
    O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll
    O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Programador de LiveUpdate automático (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\Hp\QuickPlay\Kernel\TV\QPCapSvc.exe
    O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\Hp\QuickPlay\Kernel\TV\QPSched.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


    --
    End of file - 14110 bytes

    -- File Associations -----------------------------------------------------------

    All associations okay.


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    All drivers whitelisted.


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    R2 HP Health Check Service - "c:\program files\hewlett-packard\hp health check\hphc_service.exe" <Not Verified; Hewlett-Packard; HP Health Check Service>
    R3 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" <Not Verified; Nero AG; Nero Home>

    S3 Com4Qlb - "c:\program files\hewlett-packard\hp quick launch buttons\com4qlb.exe" <Not Verified; Hewlett-Packard Development Company, L.P.; HP Quick Launch Buttons>
    S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
    S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
    S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>


    -- Device Manager: Disabled ----------------------------------------------------

    No disabled devices found.


    -- Scheduled Tasks -------------------------------------------------------------

    2008-07-27 01:40:26 416 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{B0330260-0FA3-493E-BDF9-BA24DF8B7D1B}.job
    2008-05-26 20:55:59 560 --a------ C:\Windows\Tasks\Norton Internet Security - Ejecutar un análisis de todo el sistema - SE.job


    -- Files created between 2008-06-27 and 2008-07-27 -----------------------------

    2008-07-24 18:09:41 0 d-------- C:\Users\All Users\Nero
    2008-07-24 18:09:40 0 d-------- C:\Program Files\Nero
    2008-07-24 18:09:40 0 d-------- C:\Program Files\Common Files\Ahead
    2008-07-24 17:07:29 0 d-------- C:\Program Files\Lavasoft
    2008-07-24 17:07:28 0 d-------- C:\Users\All Users\Lavasoft
    2008-07-24 16:59:38 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-07-24 14:07:18 0 d-------- C:\Program Files\Thoosje Vista Tweaker
    2008-07-24 12:52:17 0 d-------- C:\Users\All Users\Symantec Temporary Files


    -- Find3M Report ---------------------------------------------------------------

    2008-07-26 21:45:29 53602 --a------ C:\Users\SE\AppData\Roaming\nvModes.001
    2008-07-26 11:21:04 1772 --a------ C:\Windows\bthservsdp.dat
    2008-07-26 00:39:01 0 d-------- C:\Program Files\Google
    2008-07-26 00:33:34 0 d-------- C:\Program Files\SpywareBlaster
    2008-07-24 20:02:35 0 d-------- C:\Program Files\OpenOffice.org 2.4
    2008-07-24 19:49:58 0 d-------- C:\Program Files\Java
    2008-07-24 19:13:00 0 d-------- C:\Users\SE\AppData\Roaming\OpenOffice.org2
    2008-07-24 18:12:39 0 d-------- C:\Users\SE\AppData\Roaming\Ahead
    2008-07-24 18:09:40 0 d-------- C:\Program Files\Common Files
    2008-07-24 17:58:05 0 d-------- C:\Program Files\Common Files\Symantec Shared
    2008-07-24 17:58:04 0 d-------- C:\Program Files\CCleaner
    2008-07-24 17:57:52 0 d-------- C:\Program Files\PC Connectivity Solution
    2008-07-24 17:57:52 0 d-------- C:\Program Files\Microsoft Works
    2008-07-24 17:15:00 0 d-------- C:\Users\SE\AppData\Roaming\FUJIFILM
    2008-07-24 12:21:58 664368 --a------ C:\Windows\system32\perfh00A.dat
    2008-07-24 12:21:58 128552 --a------ C:\Windows\system32\perfc00A.dat
    2008-07-24 12:18:48 0 d-------- C:\Program Files\Windows Mail
    2008-05-31 10:55:09 0 d-------- C:\Program Files\Symantec
    2008-05-30 00:04:20 0 d-------- C:\Users\SE\AppData\Roaming\CyberLink
    2008-05-18 18:16:15 24206 --a------ C:\Users\SE\AppData\Roaming\UserTile.png
    2008-05-10 15:40:20 53602 --a------ C:\Users\SE\AppData\Roaming\nvModes.dat
    2008-05-01 17:13:47 0 --a------ C:\Users\SE\AppData\Roaming\wklnhst.dat


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
    25/08/2007 04:51 316784 --a------ c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
    22/04/2008 18:11 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} "= c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [25/08/2007 04:51 316784]

    [-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
    [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
    [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPStart "= "C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [15/09/2007 10:29]
    "SMSERIAL "= "C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [17/01/2007 15:34]
    "RtHDVCpl "= "RtHDVCpl.exe" [17/08/2007 15:27 C:\Windows\RtHDVCpl.exe]
    "IAAnotif "= "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [25/07/2007 08:02]
    "QPService "= "C:\Program Files\HP\QuickPlay\QPService.exe" [30/09/2007 20:34]
    "QlbCtrl "= "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [19/09/2007 15:31]
    "OnScreenDisplay "= "C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [04/09/2007 14:54]
    "UCam_Menu "= "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [13/09/2007 16:32]
    "ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [18/02/2008 13:37]
    "HP Health Check Scheduler "= "[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" []
    "hpWirelessAssistant "= "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [13/09/2007 09:47]
    "WAWifiMessage "= "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [08/01/2007 16:53]
    "SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [10/06/2008 04:27]
    "HP Software Update "= "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [08/05/2007 16:24]
    "Kernel and Hardware Abstraction Layer "= "KHALMNPR.EXE" [29/02/2008 03:12 C:\Windows\KHALMNPR.Exe]
    "SynTPEnh "= "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [28/03/2008 02:05]
    "NvSvc "= "C:\Windows\system32\nvsvc.dll" [19/09/2007 22:05]
    "NvCplDaemon "= "C:\Windows\system32\NvCpl.dll" [19/09/2007 22:05]
    "NvMediaCenter "= "C:\Windows\system32\NvMcTray.dll" [19/09/2007 22:05]
    "Windows Defender "= "C:\Program Files\Windows Defender\MSASCui.exe" [19/01/2008 09:38]
    "NeroFilterCheck "= "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [12/01/2006 15:40]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar "= "C:\Program Files\Windows Sidebar\sidebar.exe" [19/01/2008 09:33]
    "ehTray.exe "= "C:\Windows\ehome\ehTray.exe" [19/01/2008 09:33]
    "WMPNSCFG "= "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [19/01/2008 09:33]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "= "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [15/01/2007 16:14]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Inicio r*pido de Adobe Acrobat.lnk - C:\Windows\Installer\{AC76BA86-1040-7D00-7760-000000000003}\_SC_Acrobat.exe [27/04/2008 0:16:40]
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [24/07/2008 19:00:56]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser "=0 (0x0)
    "EnableLUA "=0 (0x0)
    "EnableUIADesktopToggle "=0 (0x0)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages "= msv1_0 relog_ap

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @= "Volume shadow copy "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
    @= "IEEE 1394 Bus host controllers "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
    @= "SBP2 IEEE 1394 Devices "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
    @= "SecurityDevices "

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
    LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
    bthsvcs BthServ

    *Newly Created Service* - COMHOST

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    C:\Windows\system32\unregmp2.exe /ShowWMP

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



    -- End of Deckard's System Scanner: finished at 2008-07-27 01:41:40 ------------
     
    saians,
    #1
  2. 2008/07/28
    Arie

    Arie Administrator Administrator Staff

    Joined:
    2001/12/27
    Messages:
    15,174
    Likes Received:
    412
    You should also tell us why you are posting the log. What behavior are you seeing? What do you suspect happened?
     
    Arie,
    #2


  3. to hide this advert.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...