Log for analysis, please

Status
Not open for further replies.
H

hovdebo

Beta member
Messages
1
ComboFix 12-05-14.03 - Greg Hovdebo 14/05/2012 17:24:43.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.1270 [GMT -6:00]
Running from: c:\documents and settings\Greg Hovdebo\My Documents\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Greg Hovdebo\Application Data\inst.exe
c:\documents and settings\Greg Hovdebo\Application Data\PriceGong
c:\documents and settings\Greg Hovdebo\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Greg Hovdebo\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Greg Hovdebo\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Greg Hovdebo\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Greg Hovdebo\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Greg Hovdebo\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Greg Hovdebo\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Greg Hovdebo\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Greg Hovdebo\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Greg Hovdebo\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Greg Hovdebo\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Greg Hovdebo\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Greg Hovdebo\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Greg Hovdebo\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Greg Hovdebo\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Greg Hovdebo\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Greg Hovdebo\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Greg Hovdebo\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Greg Hovdebo\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Greg Hovdebo\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Greg Hovdebo\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Greg Hovdebo\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Greg Hovdebo\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Greg Hovdebo\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Greg Hovdebo\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Greg Hovdebo\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Greg Hovdebo\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Greg Hovdebo\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Greg Hovdebo\Application Data\vso_ts_preview.xml
c:\documents and settings\Greg Hovdebo\WINDOWS
C:\Install.exe
C:\Temp.tmp
c:\windows\EventSystem.log
c:\windows\iun6002.exe
c:\windows\system32\SET100.tmp
c:\windows\system32\SET102.tmp
c:\windows\system32\SET110.tmp
c:\windows\system32\SET5F.tmp
c:\windows\system32\SET61.tmp
c:\windows\system32\SET70.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-04-14 to 2012-05-14 )))))))))))))))))))))))))))))))
.
.
2012-05-14 23:16 . 2012-05-14 23:16 56200 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{14531164-94CF-4B0F-91BF-00939DEAA4CC}\offreg.dll
2012-05-14 23:14 . 2012-04-13 07:36 6734704 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{14531164-94CF-4B0F-91BF-00939DEAA4CC}\mpengine.dll
2012-05-14 02:01 . 2012-05-14 02:01 -------- d-----w- c:\program files\Research In Motion Limited
2012-05-13 07:38 . 2012-04-13 07:36 6734704 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-30 22:15 . 2012-04-30 22:15 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-30 22:15 . 2012-04-30 22:15 97208 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-04-30 22:15 . 2012-04-30 22:15 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2012-04-30 22:15 . 2012-04-30 22:15 19384 ----a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 09:01 . 2012-04-01 18:24 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 09:01 . 2011-05-14 17:31 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:14 . 2004-08-04 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2004-08-04 12:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2004-08-03 22:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-21 02:44 . 2012-03-21 02:44 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-01 11:01 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:08 . 2004-08-04 12:00 178176 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:08 . 2004-08-04 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec
2012-02-19 02:53 . 2007-05-03 15:25 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-19 02:53 . 2010-05-19 01:20 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-15 18:01 . 2009-09-19 18:44 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 18:01 . 2009-09-19 18:44 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-04-30 22:15 . 2012-04-30 22:15 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTo2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-05-09 09:49 176936 ----a-w- c:\program files\uTorrentBar\prxtbuTo2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTo2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\prxtbuTo2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"nwiz"="nwiz.exe" [2008-09-17 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-16 16384512]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-02-25 196709]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"D-Link D-Link Xtreme N Dual Band DWA-160"="c:\program files\D-Link\DWA-160 revA\AirNCFG.exe" [2009-02-13 1687552]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-11-04 273528]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-10-19 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-19 805392]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 08:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CiSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"PnkBstrA"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Bethesda Softworks\\Fallout 3\\Fallout3.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\fallout new vegas\\FalloutNVLauncher.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\skyrim\\SkyrimLauncher.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15/06/2006 11:56 AM 715248]
R1 MpKslc77c04bc;MpKslc77c04bc;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{14531164-94CF-4B0F-91BF-00939DEAA4CC}\MpKslc77c04bc.sys [14/05/2012 5:17 PM 29904]
R2 ANIWConnService;ANIWConn Service;c:\windows\system32\ANIWConnService.exe [23/10/2010 9:16 PM 147456]
R3 arusb(Atheros);D-Link Wireless Network Adapter Service;c:\windows\system32\drivers\dwarusb.sys [23/10/2010 9:14 PM 457728]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [09/12/2007 2:04 AM 47360]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [01/04/2012 12:24 PM 257696]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [30/04/2012 4:15 PM 129976]
S3 STUSB2Ir;SigmaTel USB 2.0 IrDA Bridge;c:\windows\system32\drivers\stusb2ir.sys [15/01/2008 1:52 AM 40056]
S3 vaxscsi;vaxscsi;c:\windows\system32\Drivers\vaxscsi.sys --> c:\windows\system32\Drivers\vaxscsi.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLC77C04BC
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 09:01]
.
2012-05-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57]
.
2012-05-14 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 23:03]
.
2012-05-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1736714172-3498117738-1891538883-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 19:40]
.
2012-05-10 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1736714172-3498117738-1891538883-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 19:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://cbc.ca/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxps://notes1cluster.mtroyal.ca/dwa85W.cab
FF - ProfilePath - c:\documents and settings\Greg Hovdebo\Application Data\Mozilla\Firefox\Profiles\ibw9rey3.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.bbc.co.uk/2/hi/default.stm
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Polar Sync - (no file)
HKLM-Run-EPSON Stylus Photo R200 Series - c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
AddRemove-uTorrent - c:\documents and settings\Greg Hovdebo\Desktop\uTorrent.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-05-14 17:29
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Polar Sync = ?:\program files\polar\polar sync\?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1736714172-3498117738-1891538883-1005\q
￾Ji*c*e*:*s*w*:*{*0*8*3*8*6*3*F*1*-*7*0*D*E*-*1*1*D*0*-*B*D*4*0*-*0*0*A*0*C*9*1*1*C*E*8*6*}*\{4009F700-AEBA-11D1-8344-00C04FB92EB7}]
"Running"=dword:00000001
DUMPHIVE0.003 (REGF)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(744)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Completion time: 2012-05-14 17:31:48
ComboFix-quarantined-files.txt 2012-05-14 23:31
.
Pre-Run: 46,123,986,944 bytes free
Post-Run: 46,365,417,472 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - F9D1056C086A35818A331C9916362F86



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:42:35 PM, on 14/05/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ANIWConnService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\DWA-160 revA\AirNCFG.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Greg Hovdebo\My Documents\Downloads\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\uTorrentBar\uTorrentBarToolbarHelper1.exe
C:\Program Files\uTorrentBar\uTorrentBarToolbarHelper1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = CBC.ca - Canadian News Sports Entertainment Kids Docs Radio TV
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo2.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: uTorrentBar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo2.dll
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link Xtreme N Dual Band DWA-160] C:\Program Files\D-Link\DWA-160 revA\AirNCFG.exe
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} (IBM Lotus iNotes 8.5 Control) - https://notes1cluster.mtroyal.ca/dwa85W.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124739491921
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124739514875
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ANIWConn Service (ANIWConnService) - Unknown owner - C:\WINDOWS\system32\ANIWConnService.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Diskeeper - Diskeeper® Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 11086 bytes
 
Well the first thing I would suggest, remove any and all toolbars. They are a breeding ground for infections. Those are the only real problems I see.
 
Status
Not open for further replies.

Similar threads

XWrench3
hijack this scan
Replies
6
Views
2K
XWrench3
XWrench3
G
Computer slow and work in background
Replies
0
Views
2K
grecycle99
G
N
Laptop slowing down in function (internet and general apps)
Replies
1
Views
3K
Trotter
Trotter
M
computer suddenly slowed down.
Replies
0
Views
3K
mike3dp
M
R
Please Help
Replies
3
Views
3K
carnageX
carnageX
Back
Top Bottom