1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved DDS logs need analyzed

Discussion in 'Malware and Virus Removal Archive' started by hllstrHUNTER, 2009/08/14.

  1. 2009/08/14
    hllstrHUNTER

    hllstrHUNTER Inactive Thread Starter

    Joined:
    2005/12/17
    Messages:
    107
    Likes Received:
    0
    [Resolved] DDS logs need analyzed

    Posted thread here: http://www.windowsbbs.com/general-security/86308-norton-intrusion-detection-question.html

    After Arie's reply decided to go ahead and post my logs up here for review. I have scanned with Norton Anti-virus, and Superantispyware, both of which came back clean. I also use Spybot Search and Destroy and Adaware SE Personal (I know, both are considered Obsolete) and Spywareblaster. Have not tried an online scan, it takes a really long time at my conection speed, but if necessary I will.


    Below are the results of DDS scan:



    DDS (Ver_09-07-30.01) - NTFSx86
    Run by Jon at 21:40:47.32 on Fri 08/14/2009
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.215 [GMT -4:00]

    AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
    C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HPQ\shared\hpqwmi.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Jon\Desktop\DDS.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://start.localnet.com/
    uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
    uInternet Connection Wizard,ShellNext = iexplore
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
    BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
    TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
    TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
    uRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" boot
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Google Update] "c:\documents and settings\jon\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [Aim6]
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
    mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe "
    mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
    mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0\bin\jusched.exe
    mRun: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe "
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [Home Theater SchSvr] "c:\program files\common files\intervideo\schsvr\SchSvr.exe "
    mRun: [WINREMOTE] "c:\program files\intervideo\common\bin\WinRemote.exe "
    mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
    mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
    mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
    mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
    mRun: [Symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe /Consumer
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
    IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
    IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
    IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
    IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
    IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0\bin\npjpi150.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
    Notify: igfxcui - igfxsrvc.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

    ============= SERVICES / DRIVERS ===============

    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944]
    R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-7-7 611664]
    R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2004-8-28 197992]
    R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\CCPROXY.EXE [2004-8-28 235168]
    R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2004-8-28 181608]
    R2 SAVRTPEL;SAVRTPEL;c:\program files\norton internet security\norton antivirus\SAVRTPEL.SYS [2004-7-24 50312]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-8-1 24652]
    R3 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton internet security\norton antivirus\NAVAPSVC.EXE [2004-10-29 177264]
    R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090805.016\NAVENG.Sys [2009-8-11 87888]
    R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090805.016\NavEx15.Sys [2009-8-11 875728]
    R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]
    R3 SAVRT;SAVRT;c:\program files\norton internet security\norton antivirus\SAVRT.SYS [2004-7-24 338056]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-7-16 133104]
    S2 SBService;ScriptBlocking Service;c:\progra~1\common~1\symant~1\script~1\SBServ.exe [2004-10-28 67184]
    S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2004-8-28 79208]
    S3 SAVScan;SAVScan;c:\program files\norton internet security\norton antivirus\SAVSCAN.EXE [2004-7-24 198368]

    =============== Created Last 30 ================

    2009-08-12 19:31 1,315,328 -c------ c:\windows\system32\dllcache\msoe.dll
    2009-08-12 18:36 128,512 -c------ c:\windows\system32\dllcache\dhtmled.ocx
    2009-08-05 19:34 <DIR> --d----- c:\docume~1\jon\applic~1\MSNInstaller
    2009-08-05 05:01 204,800 -c------ c:\windows\system32\dllcache\mswebdvd.dll
    2009-08-02 22:08 <DIR> --d----- C:\ipodlibrary
    2009-08-01 03:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Viewpoint
    2009-08-01 03:27 <DIR> --d----- c:\program files\Viewpoint
    2009-08-01 03:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\acccore
    2009-08-01 03:23 <DIR> --d----- c:\program files\common files\AOL
    2009-08-01 03:21 <DIR> --d----- c:\program files\AIM6
    2009-08-01 03:21 363 a---h--- C:\IPH.PH
    2009-07-29 12:08 594,432 -c------ c:\windows\system32\dllcache\msfeeds.dll
    2009-07-29 12:08 55,296 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
    2009-07-25 15:49 <DIR> --d----- c:\docume~1\jon\applic~1\ieSpell
    2009-07-25 15:45 <DIR> --d----- c:\program files\ieSpell
    2009-07-25 01:01 <DIR> --d----- c:\program files\Traces Viewer
    2009-07-25 00:50 <DIR> --d----- c:\program files\CCleaner
    2009-07-24 16:33 <DIR> --d----- c:\program files\DivX
    2009-07-24 16:32 <DIR> --d----- c:\program files\common files\DivX Shared
    2009-07-23 22:55 51,200 ac------ c:\windows\system32\dllcache\msdv.sys
    2009-07-23 22:55 51,200 a------- c:\windows\system32\drivers\msdv.sys
    2009-07-23 22:55 38,912 ac------ c:\windows\system32\dllcache\avc.sys
    2009-07-23 22:55 38,912 a------- c:\windows\system32\drivers\avc.sys
    2009-07-23 22:55 48,128 ac------ c:\windows\system32\dllcache\61883.sys
    2009-07-23 22:55 48,128 a------- c:\windows\system32\drivers\61883.sys
    2009-07-23 20:54 <DIR> --d----- c:\program files\SIW
    2009-07-22 20:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
    2009-07-22 20:32 <DIR> --d----- c:\program files\SUPERAntiSpyware
    2009-07-22 20:32 <DIR> --d----- c:\docume~1\jon\applic~1\SUPERAntiSpyware.com
    2009-07-21 21:43 <DIR> --d----- c:\program files\SymNetDrv
    2009-07-18 21:28 <DIR> --d-h--- c:\windows\PIF
    2009-07-17 15:01 58,880 -c------ c:\windows\system32\dllcache\atl.dll
    2009-07-17 01:23 <DIR> --d----- c:\docume~1\jon\applic~1\Windows Search
    2009-07-17 00:53 0 a------- c:\docume~1\jon\applic~1\wklnhst.dat
    2009-07-16 17:20 <DIR> --d----- c:\program files\iPod
    2009-07-16 17:20 <DIR> --d----- c:\program files\iTunes
    2009-07-16 17:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    2009-07-16 17:18 <DIR> --d----- c:\program files\Bonjour
    2009-07-16 17:04 <DIR> --d----- c:\program files\Lavasoft
    2009-07-16 17:04 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
    2009-07-16 16:32 <DIR> --d----- c:\program files\Spybot - Search & Destroy
    2009-07-16 16:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
    2009-07-16 16:24 118,784 a------- c:\windows\system32\MSSTDFMT.DLL
    2009-07-16 16:24 <DIR> --d----- c:\program files\SpywareBlaster
    2009-07-16 15:00 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
    2009-07-16 14:32 <DIR> --d----- c:\windows\system32\XPSViewer
    2009-07-16 14:29 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2009-07-16 14:29 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2009-07-16 14:29 117,760 -------- c:\windows\system32\prntvpt.dll
    2009-07-16 14:29 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
    2009-07-16 14:29 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
    2009-07-16 14:29 <DIR> --d----- C:\9a8803751932adad7acf77
    2009-07-16 14:29 1,676,288 -------- c:\windows\system32\xpssvcs.dll
    2009-07-16 14:29 575,488 -------- c:\windows\system32\xpsshhdr.dll
    2009-07-16 14:18 873,374 a------- c:\windows\system32\oem38.inf
    2009-07-16 14:18 <DIR> --d----- c:\windows\system32\GroupPolicy
    2009-07-16 14:18 <DIR> --d----- c:\program files\Windows Desktop Search
    2009-07-16 14:17 192,000 -c------ c:\windows\system32\dllcache\offfilt.dll
    2009-07-16 14:17 98,304 -c------ c:\windows\system32\dllcache\nlhtml.dll
    2009-07-16 14:17 29,696 -c------ c:\windows\system32\dllcache\mimefilt.dll
    2009-07-16 14:16 <DIR> --d----- c:\program files\Windows Media Connect 2
    2009-07-16 14:14 <DIR> --d----- c:\windows\system32\LogFiles
    2009-07-16 13:59 <DIR> --dsh--- c:\documents and settings\jon\IECompatCache
    2009-07-16 13:57 <DIR> --dsh--- c:\documents and settings\jon\PrivacIE
    2009-07-16 13:45 <DIR> --dsh--- c:\documents and settings\jon\IETldCache
    2009-07-16 13:33 101,376 -c------ c:\windows\system32\dllcache\iecompat.dll
    2009-07-16 13:33 <DIR> --d----- c:\windows\ie8updates
    2009-07-16 13:32 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
    2009-07-16 13:32 11,067,392 -c------ c:\windows\system32\dllcache\ieframe.dll
    2009-07-16 13:32 1,985,536 -c------ c:\windows\system32\dllcache\iertutil.dll
    2009-07-16 13:32 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
    2009-07-16 13:31 <DIR> -cd-h--- c:\windows\ie8
    2009-07-16 13:28 <DIR> --d----- c:\program files\MSXML 4.0
    2009-07-16 13:06 <DIR> --d----- c:\windows\system32\scripting
    2009-07-16 13:06 <DIR> --d----- c:\windows\system32\en
    2009-07-16 13:06 <DIR> --d----- c:\windows\l2schemas
    2009-07-16 13:05 <DIR> --d----- c:\windows\system32\bits
    2009-07-16 13:03 <DIR> --d----- c:\windows\ServicePackFiles
    2009-07-16 13:00 <DIR> --d----- c:\windows\network diagnostic
    2009-07-16 12:55 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
    2009-07-16 12:55 <DIR> --d----- c:\windows\EHome
    2009-07-16 12:52 331,776 -c------ c:\windows\system32\dllcache\msadce.dll
    2009-07-16 12:46 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
    2009-07-16 12:46 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
    2009-07-16 12:46 333,952 -c------ c:\windows\system32\dllcache\srv.sys
    2009-07-16 12:46 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
    2009-07-16 12:39 129,045 -------- c:\windows\system32\drivers\cxthsfs2.cty
    2009-07-16 12:18 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
    2009-07-16 12:18 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
    2009-07-16 12:17 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
    2009-07-16 12:17 2,560 -------- c:\windows\system32\xpsp4res.dll
    2009-07-16 12:17 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
    2009-07-16 12:13 26,144 a------- c:\windows\system32\spupdsvc.exe
    2009-07-16 12:13 <DIR> --d----- c:\windows\system32\PreInstall
    2009-07-16 12:11 <DIR> --dsh--- c:\documents and settings\jon\UserData
    2009-07-16 12:04 <DIR> --d----- c:\windows\system32\SoftwareDistribution
    2009-07-16 02:09 7,136 a----r-- c:\windows\system32\drivers\lv302af.sys
    2009-07-16 02:09 372,736 a----r-- c:\windows\system32\LVUI2RC.dll
    2009-07-16 02:09 204,800 a----r-- c:\windows\system32\LVUI2.dll
    2009-07-16 02:09 204,800 a----r-- c:\windows\system32\lvcodec2.dll
    2009-07-16 02:09 106,496 a----r-- c:\windows\system32\lvcoinst.dll
    2009-07-16 02:09 22,016 a----r-- c:\windows\system32\drivers\LVUSBSta.sys
    2009-07-16 02:09 9,255 a----r-- c:\windows\system32\lvcoinst.ini
    2009-07-16 02:09 2,180,096 a----r-- c:\windows\system32\drivers\LVSVF2.sys
    2009-07-16 02:09 913,280 a----r-- c:\windows\system32\drivers\LV302AV.SYS
    2009-07-16 02:05 53,248 a----r-- c:\windows\system32\InstMed.exe
    2009-07-15 23:57 10,880 a------- c:\windows\system32\drivers\ndisip.sys
    2009-07-15 23:57 16,384 a------- c:\windows\system32\ipsink.ax
    2009-07-15 23:57 15,232 a------- c:\windows\system32\drivers\streamip.sys
    2009-07-15 23:57 11,136 a------- c:\windows\system32\drivers\slip.sys
    2009-07-15 23:57 5,504 a------- c:\windows\system32\drivers\mstee.sys
    2009-07-15 23:57 19,200 a------- c:\windows\system32\drivers\wstcodec.sys
    2009-07-15 23:57 85,248 a------- c:\windows\system32\drivers\nabtsfec.sys
    2009-07-15 23:57 17,024 a------- c:\windows\system32\drivers\ccdecode.sys
    2009-07-15 23:48 28,672 a------- c:\windows\system32\vidcap.ax
    2009-07-15 23:48 91,136 a------- c:\windows\system32\kswdmcap.ax
    2009-07-15 23:48 61,952 a------- c:\windows\system32\kstvtune.ax
    2009-07-15 23:48 53,760 a------- c:\windows\system32\vfwwdm32.dll
    2009-07-15 23:48 43,008 a------- c:\windows\system32\ksxbar.ax
    2009-07-15 23:43 348,160 a------- c:\windows\system\msvcr71.dll
    2009-07-15 23:43 <DIR> --d----- c:\program files\common files\Logitech
    2009-07-15 23:43 60,032 a------- c:\windows\system32\drivers\usbaudio.sys
    2009-07-15 23:42 32,128 a------- c:\windows\system32\drivers\usbccgp.sys
    2009-07-15 23:42 306,688 a------- c:\windows\IsUninst.exe
    2009-07-15 23:42 756 a------- c:\windows\_delis32.ini

    ==================== Find3M ====================

    2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
    2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
    2009-07-16 13:08 83,187 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
    2009-07-15 20:51 50,522 a------- c:\windows\hpdins05.dat
    2009-07-15 20:04 1,679 a--shr-- c:\windows\system32\drivers\103C_HP_NTBK_HP Pavilion dv1000 (EP343UA#ABA)

    _YN_0Pavi_QCNF6020QX4_EU_46_I308F_SQuanta_V46.11_BF.12_T050912_WXH2_L409_M503_J80_7Intel_8Celeron M_91.6_#090715_N10EC8139_(EP343UA#ABA)

    _XMOBILE_CN10_Z8086266D_2Rev 1.MRK
    2009-07-15 19:26 21,640 a------- c:\windows\system32\emptyregdb.dat
    2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
    2009-07-13 20:15 90,112 a------- c:\windows\system32\dpl100.dll
    2009-07-13 20:15 823,296 a------- c:\windows\system32\divx_xx0c.dll
    2009-07-13 20:15 823,296 a------- c:\windows\system32\divx_xx07.dll
    2009-07-13 20:15 815,104 a------- c:\windows\system32\divx_xx0a.dll
    2009-07-13 20:15 811,008 a------- c:\windows\system32\divx_xx16.dll
    2009-07-13 20:15 802,816 a------- c:\windows\system32\divx_xx11.dll
    2009-07-13 20:15 685,056 a------- c:\windows\system32\DivX.dll
    2009-07-03 13:09 915,456 a------- c:\windows\system32\wininet.dll
    2009-06-25 04:25 730,112 a------- c:\windows\system32\lsasrv.dll
    2009-06-25 04:25 301,568 a------- c:\windows\system32\kerberos.dll
    2009-06-25 04:25 147,456 a------- c:\windows\system32\schannel.dll
    2009-06-25 04:25 136,192 a------- c:\windows\system32\msv1_0.dll
    2009-06-25 04:25 56,832 a------- c:\windows\system32\secur32.dll
    2009-06-25 04:25 54,272 a------- c:\windows\system32\wdigest.dll
    2009-06-24 07:18 92,928 a------- c:\windows\system32\drivers\ksecdd.sys
    2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
    2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
    2009-06-12 08:31 76,288 a------- c:\windows\system32\telnet.exe
    2009-06-10 10:13 84,992 a------- c:\windows\system32\avifil32.dll
    2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll
    2009-06-10 02:14 132,096 a------- c:\windows\system32\wkssvc.dll
    2009-06-03 15:09 1,291,264 a------- c:\windows\system32\quartz.dll

    ============= FINISH: 21:41:17.96 ===============
     
    hllstrHUNTER,
    #1
  2. 2009/08/14
    hllstrHUNTER

    hllstrHUNTER Inactive Thread Starter

    Joined:
    2005/12/17
    Messages:
    107
    Likes Received:
    0
    Log Post # 2:




    DDS (Ver_09-07-30.01) - NTFSx86
    Run by Jon at 21:40:47.32 on Fri 08/14/2009
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.215 [GMT -4:00]

    AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
    C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HPQ\shared\hpqwmi.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Jon\Desktop\DDS.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://start.localnet.com/
    uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
    uInternet Connection Wizard,ShellNext = iexplore
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
    BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
    TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
    TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
    uRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" boot
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Google Update] "c:\documents and settings\jon\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [Aim6]
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
    mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe "
    mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
    mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0\bin\jusched.exe
    mRun: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe "
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [Home Theater SchSvr] "c:\program files\common files\intervideo\schsvr\SchSvr.exe "
    mRun: [WINREMOTE] "c:\program files\intervideo\common\bin\WinRemote.exe "
    mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
    mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
    mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
    mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
    mRun: [Symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe /Consumer
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
    IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
    IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
    IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
    IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
    IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0\bin\npjpi150.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
    Notify: igfxcui - igfxsrvc.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

    ============= SERVICES / DRIVERS ===============

    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944]
    R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-7-7 611664]
    R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2004-8-28 197992]
    R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\CCPROXY.EXE [2004-8-28 235168]
    R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2004-8-28 181608]
    R2 SAVRTPEL;SAVRTPEL;c:\program files\norton internet security\norton antivirus\SAVRTPEL.SYS [2004-7-24 50312]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-8-1 24652]
    R3 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton internet security\norton antivirus\NAVAPSVC.EXE [2004-10-29 177264]
    R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090805.016\NAVENG.Sys [2009-8-11 87888]
    R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090805.016\NavEx15.Sys [2009-8-11 875728]
    R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]
    R3 SAVRT;SAVRT;c:\program files\norton internet security\norton antivirus\SAVRT.SYS [2004-7-24 338056]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-7-16 133104]
    S2 SBService;ScriptBlocking Service;c:\progra~1\common~1\symant~1\script~1\SBServ.exe [2004-10-28 67184]
    S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2004-8-28 79208]
    S3 SAVScan;SAVScan;c:\program files\norton internet security\norton antivirus\SAVSCAN.EXE [2004-7-24 198368]

    =============== Created Last 30 ================

    2009-08-12 19:31 1,315,328 -c------ c:\windows\system32\dllcache\msoe.dll
    2009-08-12 18:36 128,512 -c------ c:\windows\system32\dllcache\dhtmled.ocx
    2009-08-05 19:34 <DIR> --d----- c:\docume~1\jon\applic~1\MSNInstaller
    2009-08-05 05:01 204,800 -c------ c:\windows\system32\dllcache\mswebdvd.dll
    2009-08-02 22:08 <DIR> --d----- C:\ipodlibrary
    2009-08-01 03:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Viewpoint
    2009-08-01 03:27 <DIR> --d----- c:\program files\Viewpoint
    2009-08-01 03:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\acccore
    2009-08-01 03:23 <DIR> --d----- c:\program files\common files\AOL
    2009-08-01 03:21 <DIR> --d----- c:\program files\AIM6
    2009-08-01 03:21 363 a---h--- C:\IPH.PH
    2009-07-29 12:08 594,432 -c------ c:\windows\system32\dllcache\msfeeds.dll
    2009-07-29 12:08 55,296 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
    2009-07-25 15:49 <DIR> --d----- c:\docume~1\jon\applic~1\ieSpell
    2009-07-25 15:45 <DIR> --d----- c:\program files\ieSpell
    2009-07-25 01:01 <DIR> --d----- c:\program files\Traces Viewer
    2009-07-25 00:50 <DIR> --d----- c:\program files\CCleaner
    2009-07-24 16:33 <DIR> --d----- c:\program files\DivX
    2009-07-24 16:32 <DIR> --d----- c:\program files\common files\DivX Shared
    2009-07-23 22:55 51,200 ac------ c:\windows\system32\dllcache\msdv.sys
    2009-07-23 22:55 51,200 a------- c:\windows\system32\drivers\msdv.sys
    2009-07-23 22:55 38,912 ac------ c:\windows\system32\dllcache\avc.sys
    2009-07-23 22:55 38,912 a------- c:\windows\system32\drivers\avc.sys
    2009-07-23 22:55 48,128 ac------ c:\windows\system32\dllcache\61883.sys
    2009-07-23 22:55 48,128 a------- c:\windows\system32\drivers\61883.sys
    2009-07-23 20:54 <DIR> --d----- c:\program files\SIW
    2009-07-22 20:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
    2009-07-22 20:32 <DIR> --d----- c:\program files\SUPERAntiSpyware
    2009-07-22 20:32 <DIR> --d----- c:\docume~1\jon\applic~1\SUPERAntiSpyware.com
    2009-07-21 21:43 <DIR> --d----- c:\program files\SymNetDrv
    2009-07-18 21:28 <DIR> --d-h--- c:\windows\PIF
    2009-07-17 15:01 58,880 -c------ c:\windows\system32\dllcache\atl.dll
    2009-07-17 01:23 <DIR> --d----- c:\docume~1\jon\applic~1\Windows Search
    2009-07-17 00:53 0 a------- c:\docume~1\jon\applic~1\wklnhst.dat
    2009-07-16 17:20 <DIR> --d----- c:\program files\iPod
    2009-07-16 17:20 <DIR> --d----- c:\program files\iTunes
    2009-07-16 17:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    2009-07-16 17:18 <DIR> --d----- c:\program files\Bonjour
    2009-07-16 17:04 <DIR> --d----- c:\program files\Lavasoft
    2009-07-16 17:04 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
    2009-07-16 16:32 <DIR> --d----- c:\program files\Spybot - Search & Destroy
    2009-07-16 16:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
    2009-07-16 16:24 118,784 a------- c:\windows\system32\MSSTDFMT.DLL
    2009-07-16 16:24 <DIR> --d----- c:\program files\SpywareBlaster
    2009-07-16 15:00 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
    2009-07-16 14:32 <DIR> --d----- c:\windows\system32\XPSViewer
    2009-07-16 14:29 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2009-07-16 14:29 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2009-07-16 14:29 117,760 -------- c:\windows\system32\prntvpt.dll
    2009-07-16 14:29 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
    2009-07-16 14:29 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
    2009-07-16 14:29 <DIR> --d----- C:\9a8803751932adad7acf77
    2009-07-16 14:29 1,676,288 -------- c:\windows\system32\xpssvcs.dll
    2009-07-16 14:29 575,488 -------- c:\windows\system32\xpsshhdr.dll
    2009-07-16 14:18 873,374 a------- c:\windows\system32\oem38.inf
    2009-07-16 14:18 <DIR> --d----- c:\windows\system32\GroupPolicy
    2009-07-16 14:18 <DIR> --d----- c:\program files\Windows Desktop Search
    2009-07-16 14:17 192,000 -c------ c:\windows\system32\dllcache\offfilt.dll
    2009-07-16 14:17 98,304 -c------ c:\windows\system32\dllcache\nlhtml.dll
    2009-07-16 14:17 29,696 -c------ c:\windows\system32\dllcache\mimefilt.dll
    2009-07-16 14:16 <DIR> --d----- c:\program files\Windows Media Connect 2
    2009-07-16 14:14 <DIR> --d----- c:\windows\system32\LogFiles
    2009-07-16 13:59 <DIR> --dsh--- c:\documents and settings\jon\IECompatCache
    2009-07-16 13:57 <DIR> --dsh--- c:\documents and settings\jon\PrivacIE
    2009-07-16 13:45 <DIR> --dsh--- c:\documents and settings\jon\IETldCache
    2009-07-16 13:33 101,376 -c------ c:\windows\system32\dllcache\iecompat.dll
    2009-07-16 13:33 <DIR> --d----- c:\windows\ie8updates
    2009-07-16 13:32 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
    2009-07-16 13:32 11,067,392 -c------ c:\windows\system32\dllcache\ieframe.dll
    2009-07-16 13:32 1,985,536 -c------ c:\windows\system32\dllcache\iertutil.dll
    2009-07-16 13:32 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
    2009-07-16 13:31 <DIR> -cd-h--- c:\windows\ie8
    2009-07-16 13:28 <DIR> --d----- c:\program files\MSXML 4.0
    2009-07-16 13:06 <DIR> --d----- c:\windows\system32\scripting
    2009-07-16 13:06 <DIR> --d----- c:\windows\system32\en
    2009-07-16 13:06 <DIR> --d----- c:\windows\l2schemas
    2009-07-16 13:05 <DIR> --d----- c:\windows\system32\bits
    2009-07-16 13:03 <DIR> --d----- c:\windows\ServicePackFiles
    2009-07-16 13:00 <DIR> --d----- c:\windows\network diagnostic
    2009-07-16 12:55 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
    2009-07-16 12:55 <DIR> --d----- c:\windows\EHome
    2009-07-16 12:52 331,776 -c------ c:\windows\system32\dllcache\msadce.dll
    2009-07-16 12:46 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
    2009-07-16 12:46 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
    2009-07-16 12:46 333,952 -c------ c:\windows\system32\dllcache\srv.sys
    2009-07-16 12:46 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
    2009-07-16 12:39 129,045 -------- c:\windows\system32\drivers\cxthsfs2.cty
    2009-07-16 12:18 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
    2009-07-16 12:18 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
    2009-07-16 12:17 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
    2009-07-16 12:17 2,560 -------- c:\windows\system32\xpsp4res.dll
    2009-07-16 12:17 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
    2009-07-16 12:13 26,144 a------- c:\windows\system32\spupdsvc.exe
    2009-07-16 12:13 <DIR> --d----- c:\windows\system32\PreInstall
    2009-07-16 12:11 <DIR> --dsh--- c:\documents and settings\jon\UserData
    2009-07-16 12:04 <DIR> --d----- c:\windows\system32\SoftwareDistribution
    2009-07-16 02:09 7,136 a----r-- c:\windows\system32\drivers\lv302af.sys
    2009-07-16 02:09 372,736 a----r-- c:\windows\system32\LVUI2RC.dll
    2009-07-16 02:09 204,800 a----r-- c:\windows\system32\LVUI2.dll
    2009-07-16 02:09 204,800 a----r-- c:\windows\system32\lvcodec2.dll
    2009-07-16 02:09 106,496 a----r-- c:\windows\system32\lvcoinst.dll
    2009-07-16 02:09 22,016 a----r-- c:\windows\system32\drivers\LVUSBSta.sys
    2009-07-16 02:09 9,255 a----r-- c:\windows\system32\lvcoinst.ini
    2009-07-16 02:09 2,180,096 a----r-- c:\windows\system32\drivers\LVSVF2.sys
    2009-07-16 02:09 913,280 a----r-- c:\windows\system32\drivers\LV302AV.SYS
    2009-07-16 02:05 53,248 a----r-- c:\windows\system32\InstMed.exe
    2009-07-15 23:57 10,880 a------- c:\windows\system32\drivers\ndisip.sys
    2009-07-15 23:57 16,384 a------- c:\windows\system32\ipsink.ax
    2009-07-15 23:57 15,232 a------- c:\windows\system32\drivers\streamip.sys
    2009-07-15 23:57 11,136 a------- c:\windows\system32\drivers\slip.sys
    2009-07-15 23:57 5,504 a------- c:\windows\system32\drivers\mstee.sys
    2009-07-15 23:57 19,200 a------- c:\windows\system32\drivers\wstcodec.sys
    2009-07-15 23:57 85,248 a------- c:\windows\system32\drivers\nabtsfec.sys
    2009-07-15 23:57 17,024 a------- c:\windows\system32\drivers\ccdecode.sys
    2009-07-15 23:48 28,672 a------- c:\windows\system32\vidcap.ax
    2009-07-15 23:48 91,136 a------- c:\windows\system32\kswdmcap.ax
    2009-07-15 23:48 61,952 a------- c:\windows\system32\kstvtune.ax
    2009-07-15 23:48 53,760 a------- c:\windows\system32\vfwwdm32.dll
    2009-07-15 23:48 43,008 a------- c:\windows\system32\ksxbar.ax
    2009-07-15 23:43 348,160 a------- c:\windows\system\msvcr71.dll
    2009-07-15 23:43 <DIR> --d----- c:\program files\common files\Logitech
    2009-07-15 23:43 60,032 a------- c:\windows\system32\drivers\usbaudio.sys
    2009-07-15 23:42 32,128 a------- c:\windows\system32\drivers\usbccgp.sys
    2009-07-15 23:42 306,688 a------- c:\windows\IsUninst.exe
    2009-07-15 23:42 756 a------- c:\windows\_delis32.ini

    ==================== Find3M ====================

    2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
    2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
    2009-07-16 13:08 83,187 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
    2009-07-15 20:51 50,522 a------- c:\windows\hpdins05.dat
    2009-07-15 20:04 1,679 a--shr-- c:\windows\system32\drivers\103C_HP_NTBK_HP Pavilion dv1000 (EP343UA#ABA)

    _YN_0Pavi_QCNF6020QX4_EU_46_I308F_SQuanta_V46.11_BF.12_T050912_WXH2_L409_M503_J80_7Intel_8Celeron M_91.6_#090715_N10EC8139_(EP343UA#ABA)

    _XMOBILE_CN10_Z8086266D_2Rev 1.MRK
    2009-07-15 19:26 21,640 a------- c:\windows\system32\emptyregdb.dat
    2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
    2009-07-13 20:15 90,112 a------- c:\windows\system32\dpl100.dll
    2009-07-13 20:15 823,296 a------- c:\windows\system32\divx_xx0c.dll
    2009-07-13 20:15 823,296 a------- c:\windows\system32\divx_xx07.dll
    2009-07-13 20:15 815,104 a------- c:\windows\system32\divx_xx0a.dll
    2009-07-13 20:15 811,008 a------- c:\windows\system32\divx_xx16.dll
    2009-07-13 20:15 802,816 a------- c:\windows\system32\divx_xx11.dll
    2009-07-13 20:15 685,056 a------- c:\windows\system32\DivX.dll
    2009-07-03 13:09 915,456 a------- c:\windows\system32\wininet.dll
    2009-06-25 04:25 730,112 a------- c:\windows\system32\lsasrv.dll
    2009-06-25 04:25 301,568 a------- c:\windows\system32\kerberos.dll
    2009-06-25 04:25 147,456 a------- c:\windows\system32\schannel.dll
    2009-06-25 04:25 136,192 a------- c:\windows\system32\msv1_0.dll
    2009-06-25 04:25 56,832 a------- c:\windows\system32\secur32.dll
    2009-06-25 04:25 54,272 a------- c:\windows\system32\wdigest.dll
    2009-06-24 07:18 92,928 a------- c:\windows\system32\drivers\ksecdd.sys
    2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
    2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
    2009-06-12 08:31 76,288 a------- c:\windows\system32\telnet.exe
    2009-06-10 10:13 84,992 a------- c:\windows\system32\avifil32.dll
    2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll
    2009-06-10 02:14 132,096 a------- c:\windows\system32\wkssvc.dll
    2009-06-03 15:09 1,291,264 a------- c:\windows\system32\quartz.dll

    ============= FINISH: 21:41:17.96 ===============

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-07-30.01)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 7/15/2009 7:31:54 PM
    System Uptime: 8/14/2009 8:44:28 AM (13 hours ago)

    Motherboard: Quanta | | 308F
    Processor: Intel(R) Celeron(R) M processor 1.60GHz | U1 | 1596/400mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 74 GiB total, 54.118 GiB free.
    D: is CDROM (UDF)

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP1: 7/15/2009 7:35:07 PM - System Checkpoint
    RP2: 7/15/2009 7:40:48 PM - Installed TIxx21
    RP3: 7/15/2009 7:41:17 PM - Installed REALTEK Gigabit and Fast Ethernet NIC Driver
    RP4: 7/15/2009 7:53:17 PM - Installed HP Help and Support
    RP5: 7/15/2009 7:57:38 PM - Installed iTunes
    RP6: 7/15/2009 7:58:35 PM - Installed HP User Guides 0001
    RP7: 7/15/2009 8:02:01 PM - Installed muvee autoProducer 4.0 - SE
    RP8: 7/15/2009 8:02:07 PM - Installed Windows Media Format 9 Series Runtime Setup
    RP9: 7/15/2009 8:04:00 PM - Installed Windows XP KB884575.
    RP10: 7/15/2009 8:04:15 PM - Installed Windows XP KB885855.
    RP11: 7/15/2009 8:04:23 PM - Installed Windows XP KB888239.
    RP12: 7/15/2009 8:04:32 PM - Installed Windows XP KB885464.
    RP13: 7/15/2009 8:05:16 PM - Installed Windows XP KB873333.
    RP14: 7/15/2009 8:05:28 PM - Installed Windows XP KB873339.
    RP15: 7/15/2009 8:05:37 PM - Installed Windows XP KB885250.
    RP16: 7/15/2009 8:05:48 PM - Installed Windows XP KB885835.
    RP17: 7/15/2009 8:05:58 PM - Installed Windows XP KB885836.
    RP18: 7/15/2009 8:06:08 PM - Installed Windows XP KB885884.
    RP19: 7/15/2009 8:06:16 PM - Installed Windows XP KB886185.
    RP20: 7/15/2009 8:06:26 PM - Installed Windows XP KB887472.
    RP21: 7/15/2009 8:06:35 PM - Installed Windows XP KB888113.
    RP22: 7/15/2009 8:06:44 PM - Installed Windows XP KB888302.
    RP23: 7/15/2009 8:06:59 PM - Installed Windows XP KB890047.
    RP24: 7/15/2009 8:07:13 PM - Installed Windows XP KB890175.
    RP25: 7/15/2009 8:07:24 PM - Installed Windows XP KB891781.
    RP26: 7/15/2009 8:10:38 PM - Installed Windows Media Format 9 Series Runtime Setup
    RP27: 7/15/2009 8:12:27 PM - Installed HP Wireless Assistant
    RP28: 7/15/2009 8:12:48 PM - Installed Windows Media Player 10
    RP29: 7/15/2009 8:14:45 PM - Installed HP Software Update
    RP30: 7/15/2009 8:40:57 PM - Removed Zone Deluxe Games
    RP31: 7/15/2009 9:00:42 PM - Installed UpdateAgent
    RP32: 7/15/2009 9:15:17 PM - Installed Bluesoleil2.6.0.1 Release 070402
    RP33: 7/15/2009 9:20:04 PM - Installed Microsoft Works
    RP34: 7/16/2009 12:08:51 AM - Installed Logitech Desktop Messenger
    RP35: 7/16/2009 12:25:50 AM - Configured Logitech Desktop Messenger
    RP36: 7/16/2009 12:27:04 AM - Configured Logitech Desktop Messenger
    RP37: 7/16/2009 12:27:23 AM - Installed Logitech QuickCam
    RP38: 7/16/2009 1:56:16 AM - Removed Logitech Desktop Messenger
    RP39: 7/16/2009 1:56:53 AM - Configured Logitech QuickCam
    RP40: 7/16/2009 1:57:24 AM - Removed Logitech QuickCam
    RP41: 7/16/2009 2:04:00 AM - Installed Logitech Desktop Messenger
    RP42: 7/16/2009 2:04:25 AM - Installed Logitech QuickCam
    RP43: 7/16/2009 12:12:40 PM - Software Distribution Service 3.0
    RP44: 7/16/2009 12:45:57 PM - Software Distribution Service 3.0
    RP45: 7/16/2009 1:21:52 PM - Software Distribution Service 3.0
    RP46: 7/16/2009 2:12:48 PM - Software Distribution Service 3.0
    RP47: 7/16/2009 2:54:35 PM - Printer Driver Microsoft XPS Document Writer Installed
    RP48: 7/16/2009 3:01:13 PM - Software Distribution Service 3.0
    RP49: 7/16/2009 4:55:53 PM - Installed Ad-Aware 2007
    RP50: 7/16/2009 5:02:19 PM - Removed Ad-Aware 2007
    RP51: 7/16/2009 5:04:50 PM - Installed Ad-Aware
    RP52: 7/16/2009 5:19:57 PM - Installed iTunes
    RP53: 7/18/2009 9:18:12 PM - System Checkpoint
    RP54: 7/21/2009 12:12:42 AM - System Checkpoint
    RP55: 7/22/2009 2:08:52 AM - Removed Logitech Desktop Messenger
    RP56: 7/22/2009 8:32:37 PM - Installed SUPERAntiSpyware Free Edition
    RP57: 7/23/2009 10:42:28 PM - Software Distribution Service 3.0
    RP58: 7/26/2009 4:02:30 AM - System Checkpoint
    RP59: 7/27/2009 4:07:22 AM - System Checkpoint
    RP60: 7/28/2009 4:53:25 AM - System Checkpoint
    RP61: 7/29/2009 5:09:24 AM - System Checkpoint
    RP62: 7/29/2009 3:49:23 PM - Software Distribution Service 3.0
    RP63: 7/30/2009 4:28:39 PM - System Checkpoint
    RP64: 7/31/2009 5:03:44 PM - System Checkpoint
    RP65: 8/2/2009 7:57:23 AM - System Checkpoint
    RP66: 8/3/2009 4:11:10 PM - System Checkpoint
    RP67: 8/4/2009 6:55:35 PM - System Checkpoint
    RP68: 8/5/2009 9:28:24 PM - System Checkpoint
    RP69: 8/6/2009 11:56:21 PM - System Checkpoint
    RP70: 8/8/2009 5:03:17 AM - System Checkpoint
    RP71: 8/9/2009 5:51:07 AM - System Checkpoint
    RP72: 8/10/2009 2:49:15 PM - System Checkpoint
    RP73: 8/11/2009 3:15:18 PM - System Checkpoint
    RP74: 8/12/2009 11:46:57 PM - System Checkpoint
    RP75: 8/13/2009 3:01:15 AM - Software Distribution Service 3.0
    RP76: 8/13/2009 11:53:00 AM - Software Distribution Service 3.0

    ==== Installed Programs ======================

    Ad-Aware
    Adobe Reader 6.0.1
    AIM 6
    Apple Mobile Device Support
    Apple Software Update
    Bluesoleil2.6.0.1 Release 070402
    Bonjour
    Broadcom 802.11 Wireless LAN Adapter
    CC_ccProxyExt
    ccCommon
    CCleaner (remove only)
    ccPxyCore
    Conexant AC-Link Audio
    CP_AtenaShokunin1Config
    cp_dwSharkTaleAlbums1
    cp_dwSharkTaleCards1
    cp_dwShrek2Albums1
    cp_dwShrek2Cards1
    CP_PLSBusinessFlyers
    CreativeProjects
    CreativeProjectsTemplates
    Critical Update for Windows Media Player 11 (KB959772)
    CueTour
    Destinations
    Director
    DivX Codec
    DivX Version Checker
    Google Chrome
    Google Earth
    Google Update Helper
    HijackThis 1.99.1
    Home Theater
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    HP Help and Support
    HP Image Zone 4.8.5
    HP Image Zone Plus 4.8.5
    HP Software Update
    HP User Guides 0001
    HP Wireless Assistant
    HPIZplus450
    ieSpell
    InstantShare
    Intel(R) Graphics Media Accelerator Driver for Mobile
    InterVideo Home Theater
    InterVideo WinDVD
    iTunes
    J2SE Runtime Environment 5.0
    LiveReg (Symantec Corporation)
    LiveUpdate 3.0 (Symantec Corporation)
    Logitech QuickCam Software
    Logitech® Camera Driver
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Money 2005
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft VC9 runtime libraries
    Microsoft Works
    MSN
    MSRedist
    MSXML 4.0 SP2 (KB954430)
    muvee autoProducer 4.0 - SE
    Norton AntiSpam
    Norton AntiVirus 2005
    Norton Internet Security
    Norton Internet Security 2005 (Symantec Corporation)
    Norton Security Center
    Norton WMI Update
    PanoStandAlone
    PhotoGallery
    QFolder
    Quick Launch Buttons 5.10 B2
    QuickTime
    REALTEK Gigabit and Fast Ethernet NIC Driver
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969897)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    SIW version 2009-05-12
    SkinsHP1
    Soft Data Fax Modem with SmartCP
    Sonic Audio Module
    Sonic Copy Module
    Sonic Data Module
    Sonic Express Labeler
    Sonic MyDVD Plus
    Sonic Update Manager
    SPBBC
    Spybot - Search & Destroy
    SpywareBlaster 4.2
    SUPERAntiSpyware Free Edition
    Symantec Network Drivers Update
    Symantec Script Blocking Installer
    SymNet
    Synaptics Pointing Device Driver
    Texas Instruments PCIxx21/x515 drivers.
    TIxx21
    Traces Viewer
    TrayApp
    Unload
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB971930)
    Update for Windows Internet Explorer 8 (KB972636)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB973815)
    Viewpoint Media Player
    WebFldrs XP
    WebReg
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3

    ==== Event Viewer Messages From Past Week ========

    8/9/2009 4:18:46 PM, error: Cdrom [11] - The driver detected a controller error on \Device\CdRom0.
    8/9/2009 11:45:48 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout

    period.
    8/8/2009 4:47:34 AM, error: PSched [14103] - QoS [Adapter {B4D9F050-1B4A-4C09-A04B-484080628D6F}]: The netcard

    driver failed the query for OID_GEN_LINK_SPEED.
    8/7/2009 11:41:05 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a

    transaction response from the Dnscache service.
    8/11/2009 12:26:52 AM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_

    {6BF5EFD4-0283-407C-AD98-D95DF6E2D9ED} because another computer on the network has the same name. The server could

    not start.
    8/11/2009 12:26:36 AM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an

    operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an

    internal error. The data is the error code.
    8/11/2009 12:24:41 AM, error: ipnathlp [30005] - The DHCP allocator has detected a DHCP server with IP address

    192.168.1.1 on the same network as the interface with IP address 192.168.0.1. The allocator has disabled itself on

    the interface in order to avoid confusing DHCP clients.
    8/11/2009 12:24:18 AM, error: ipnathlp [30002] - The DHCP allocator was unable to bind to the IP address

    192.168.0.1. This error may indicate a problem with TCP/IP networking. The data is the error code.

    ==== End Of File ===========================
     
    hllstrHUNTER,
    #2


  3. to hide this advert.

  4. 2009/08/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I don't see any threats in your log, but we'll make sure in a moment.

    "A recent attempt to attck your computer was blocked" message simply tells you, your security program is working well.
    You really don't need to see those messages. It must be some setting in the program, which will disable them.

    Download Dr.Web CureIt to the desktop:
    ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
    • Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in pop-up window to allow scan.
    • This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
    • Once the short scan has finished, select Complete scan.
    • Click the green arrow [​IMG] at the right, and the scan will start.
    • Click Yes to all if it asks if you want to cure/move the file.
    • When the scan has finished, in the menu, click File and choose Save report list
    • Save the report to your desktop. The report will be called DrWeb.csv
    • Close Dr.Web Cureit.
    • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
    • Copy and paste that log in the next reply. You can use Notepad to open the DrWeb.cvs report.

    NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.


    Download HijackThis:
    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
    by clicking on Download HijackThis Installer
    Install, and run it.
    Post HijackTHis log.
    Do NOT attempt to fix anything!

    NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator
     
    broni,
    #3
  5. 2009/08/16
    hllstrHUNTER

    hllstrHUNTER Inactive Thread Starter

    Joined:
    2005/12/17
    Messages:
    107
    Likes Received:
    0
    Hi, Broni. Thank you for taking the time to look at my logs :) For some reason I could not download the Dr. Web CureIT file. It would open a tab but never got past that(not even a "download file" security warning). I already had Hijackthis and here is the log below...The first three 04 entries I cannot account for, any clue as to what program they might belong to? Not sure about the single 017 either, might have something to do with my new ISP but I dont know.


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:07:54 AM, on 8/16/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
    C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HPQ\shared\hpqwmi.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.localnet.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe "
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe "
    O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe "
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
    O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
    O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
    O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{ED6CFF61-4986-48A7-B764-232A8AA057A0}: NameServer = 64.136.173.5 64.136.164.77
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 10416 bytes
     
    hllstrHUNTER,
    #4
  6. 2009/08/16
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Those first 3 O4 entries are part of MS Office, responsible for Asian characters input.

    O17 entry belongs to Ad-base Systems, Inc.. Familiar?

    ====================================================================

    Please download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Open JavaRa.exe again and select Search For Updates.
    • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    ==================================================================

    Unless you installed Viewpoint Manager knowledgeably...
    Go Start>Control Panel>Add\Remove (Programs and Features in Vista), and...
    Uninstall any of the following programs associated with Viewpoint:
    * Viewpoint Manager
    * Viewpoint Media Player
    * Viewpoint Toolbar
    This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware ( "drive-by-install ") as it is installed without your consent through programs like AOl, AIM, Compuserve, etc.

    ===============================================================

    HJT log looks clean.
    You may want to disable some unnecessary startups by checkmarking them in HJT, and clicking "Fix checked" button. Those are:

    - O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    - O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    - O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    - O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    - O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    - O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    - O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    - O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    - O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
    - O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe

    Finally...

    Download Temp File Cleaner (TFC)
    Double click on TFC.exe to run the program.
    Click on Start button to begin cleaning process.
    TFC will close all running programs, and it may ask you to restart computer.


    This should do for malware section.
     
    broni,
    #5
  7. 2009/08/16
    hllstrHUNTER

    hllstrHUNTER Inactive Thread Starter

    Joined:
    2005/12/17
    Messages:
    107
    Likes Received:
    0
    Funny, I don't even have Microsoft Office on this computer at all. Not even the free trial version that came bundled with Windows, deleted it soon after reinstall. Must be left over entries. :)


    :confused: Not at all familiar with that. Will do some more research on the company though. If I can't find a good reason for it to be there I'll make backups and delete the entry and see what happens.


    Got Java updated. Thanks for pointing that out to me. As for Viewpoint manager I must have gotten that with Aim IM. Got rid of it. As for Temp File Cleaner, would you recommend it over ATF cleaner or CCleaner? Again Thank you Broni for taking the time to look over my logs and for all your great suggestions.
     
    hllstrHUNTER,
    #6
  8. 2009/08/16
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You're very welcome :)
    All three cleaners are very good. I find TFC as the deepest cleaner.

    Since we don't have any issues here, I'll mark this thread as resolved.
     
    broni,
    #7

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...